DoH: no downstream server available

RouterOS General
1

Hello everyone!

From time to time my MikroTik logs the following message:

dns,warning DoH server response not OK: 502: no downstream server available

I cannot find any info on the topic.

 22:11:00 dns,packet --- got query from 192.168.11.100:17596:
 22:11:00 dns,packet id:609 rd:1 tc:0 aa:0 qr:0 ra:0 QUERY 'no error'
 22:11:00 dns,packet question: tracker.lelux.fi.:A:IN
 22:11:00 dns query from 192.168.11.100: #409897 tracker.lelux.fi. A
 22:11:00 dns,packet --- got query from 192.168.11.100:45539:
 22:11:00 dns,packet id:7e2b rd:1 tc:0 aa:0 qr:0 ra:0 QUERY 'no error'
 22:11:00 dns,packet question: tracker.lelux.fi.:AAAA:IN
 22:11:00 dns query from 192.168.11.100: #409898 tracker.lelux.fi. AAAA
 22:11:00 dns done query: #409897 tracker.lelux.fi. 95.217.161.135
 22:11:00 dns,packet --- sending reply to 192.168.11.100:17596:
 22:11:00 dns,packet id:609 rd:1 tc:0 aa:0 qr:1 ra:1 QUERY 'no error'
 22:11:00 dns,packet question: tracker.lelux.fi.:A:IN
 22:11:00 dns,packet answer:
 22:11:00 dns,packet <tracker.lelux.fi.:A:22179=95.217.161.135>
 22:11:03 dns,warning DoH server response not OK: 502: no downstream server available
 22:11:03 dns done query: #409898 dns server failure
 22:11:03 dns,packet --- sending reply to 192.168.11.100:45539:
 22:11:03 dns,packet id:7e2b rd:1 tc:0 aa:0 qr:1 ra:1 QUERY 'server failure'
 22:11:03 dns,packet question: tracker.lelux.fi.:AAAA:IN

Any ideas?

2

In http, 502 (and generally all 5xx) means error on server side.

3

It looks like DoH worked fine, but the server you are using is not able to reach it’s own DNS server. So just try a different DoH server for now.

4

The server was 9.9.9.10. I switched to 1.1.1.1 and now I have the following:

12:15:31 dns,packet question: p4p.arenabg.com.:AAAA:IN 
12:15:31 dns query from 192.168.11.100: #469400 p4p.arenabg.com. AAAA 
12:15:31 dns,packet --- got query from 192.168.11.100:20632: 
12:15:31 dns,packet id:9ebf rd:1 tc:0 aa:0 qr:0 ra:0 QUERY 'no error' 
12:15:31 dns,packet question: p4p.arenabg.com.:A:IN 
12:15:31 dns query from 192.168.11.100: #469401 p4p.arenabg.com. A 
12:15:31 dns,error DoH server connection error: remote disconnected while in HTTP exchange 
12:15:31 dns done query: #469401 dns server failure 
12:15:31 dns,packet --- sending reply to 192.168.11.100:20632: 
12:15:31 dns,packet id:9ebf rd:1 tc:0 aa:0 qr:1 ra:1 QUERY 'server failure'

I’m getting random DoH errors at this site from the very first implementation of DoH in MikroTik.
With similar configurations at other locations I’ve never had such issues…