DoH memory bug.

Jotne · April 28, 2021, 9:33am

I have done som more investigation in the DoH memory leakage on all Router OS.

In previous setup I have replaced the DNS with IP in DNS setup and some comment that the certificate was by name only.
So here are the reult of my test.

Setup 1 [cloudflare]

DoH → > https://cloudflare-dns.com/dns-query
Static DNS entry cloudflare-dns.com->104.16.249.249

Setup 2 [nextdns]

DoH → > https://dns.nextdns.io/dns-query
Static DNS entry dns.nextdns.io ->45.90.28.0

Certificate are installed for both setup.

Test 1
Setup 1 with verify certificate turned off
Memory leakage: No

Test 2
Setup 1 with verify certificate turned on
Memory leakage: Yes

Test 3
Setup 2 with verify certificate turned off
Memory leakage: No

Test 4
Setup 2 with verify certificate turned on
Memory leakage: No

Conclusion.
Memory leakage only using Cloadflare and Verify Certificate on gives memory leakage
nexdns does not give any problem, so I will use that.

Red=Test2
Green= Test 1, 3, 4

eworm · April 28, 2021, 11:30am

Is this possibly related to the certificate type? Chances are that cloudflare uses ECC certificates and others do not. I will check when I am back to a physical keyboard.

rextended · April 28, 2021, 11:40am

Mmm…

ECDSA with SHA-384 - Elliptic Curve P-256 / Parent Elliptic Curve P-384 / ROOT SHA-1 with RSA Encryption 2048
SHA-256 with RSA Encryption / Parent SHA-256 with RSA Encryption / ROOT SHA-256 with RSA Encryption 4096

eworm :))

Try this:

/certificate settings
set crl-download=no crl-store=ram crl-use=no

eworm · April 28, 2021, 12:00pm

Anybody has an open ticket on that topic, no? Jotne is that you? I guess this is information worth adding to the ticket.

Jotne · April 28, 2021, 3:03pm

Support ticket: SUP-47171

Reverted back to https://cloudflare-dns.com/dns-query and will test rextended suggestion.

rextended · April 28, 2021, 3:07pm

Thanks

Jotne · April 28, 2021, 7:10pm

@rextended Did not help, raising again, so going back to https://dns.nextdns.io/dns-query

Please do not quote the whole post directly above you. There is a “Post Reply” button to use below the post.

rextended · April 28, 2021, 7:20pm

I understand this,

but do not blame me…

see this two examples:

Jotne · April 28, 2021, 8:17pm

You are free to do what you do, but I do not like and many other does not like it.

hatred · May 3, 2021, 9:18am

Thanks for the info, successfully switched to the NextDNS.
If someone needs, the script for adding NextDNS can be found here: https://my.nextdns.io/start

hatred · May 15, 2021, 4:03pm

Unfortunately, switching to the NextDNS doesn’t fix the memory leak in my case.
Don’t know what is going wrong.

marathoneer · July 17, 2021, 2:11pm

Hello!

I’d like to confirm that hAP ac^2 6.48.3 (stable) is affected by this issue, the memory leak. Once I disable “Verify DoH Certificate” memory leak stops.

I’m grateful to topic starter, without you it would take me ages to realize what causing it without any profiler available for us.

@mikrotik - guys do you have this bug reported and fix in progress?

Best regards!

mitzone · June 18, 2022, 7:04pm

*Leaving this here for the next internet soul trying to search for a solution.

This bug seems to be fixed in v6.49. Personally, I have a lot of issues with 7.x version, so if you want to run v6, then this is the minimal version to install.
I’m running v6.49.6 for 2 days now and it looks good.

Cheers!

LE: spoke too soon. Using CF servers and Verify cert on a CCR1009 with 6.49.6 still causes memory leaks.

strods · September 21, 2022, 6:02am

We have been trying to reproduce this problem in our lab with the latest RouterOS v7 releases and have not managed to notice such behavior.

If anyone is still experiencing memory leak caused by DoH services with v7.5 or later, then please send a supout file from your device (generated while the problematic configuration is set on the router and leak is already noticeable) to use - https://help.mikrotik.com/servicedesk/servicedesk/customer/portal/1.

Jotne · September 21, 2022, 1:26pm

Did some testing now and do not see the problem any more.
Tested with same configuration (as gave problem on 6.x) on 7.2.5 and 7.5 without seeing the problem. I looks like it was solved in 7.x

mrksnlcln · January 4, 2023, 12:08am

I am using Mikrotik Haplite and I noticed my router keeps on rebooting after I activate the “Use DoH Server”. How can I fix this issue?

Log:
router was rebooted without proper shutdown
kernel failure in previous boot
out of memory condition was detected

DNS Settings:
Max UDP Packet Size: 4096
Query Server Timeout: 2.000
Query Total Timeout: 10.000
Max Concurrent Queries: 100
Max Concurrent TCP Sessions: 20
Cache Size: 8192
Cache Max TTL: 1d 00:00:00

Firmware:
7.6

Model:
RB941-2nD

Anastasia · January 28, 2026, 12:26pm

I have version 6.49.18 and I'm experiencing a memory leak when I enable certificate verification for https://8.8.8.8/dns-query
Will this issue be fixed in version 6?

P.S. The tests were conducted on three different devices, and memory leaks were found on all of them.