sometimes “DoH server connection error, idle time out - connecting” after a few hour so i cant connect internet for 1-3 seconds. how to solve this thanks
Probaly problem with your connection, but likely these short time errors you will not notice for normal use.
You can also do DoH verification:
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=””
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
how long we can use this certifcate ?
It expires nov/10/2031 02:00:00, that’s more than 595 weeks from now.
how about this error
dns,error DoH server connection error: remote disconnected while in HTTP exchange
any solution ?
thank you sir
After trying to setup DOH on 6.47 (stable) and testing firlware on hex, using opendns, clouflare and google dns i always experience the same behavior. (settings up proper static DNS for the doh server, then ensuring SSL root cert is added)
Setup works very well for 45 minutes to 1h30 and then no more resolution is done. I can reboot the hex and it works again, but after 45 min to 1h30 again it don’t work again.
Log show server time out, while I can access it via IP adress… flushing the DNS cache doesn’t help.
Benoit
I’m experiencing same issue here and there and found post it may be due to low value of “max-concurrent-tcp-sessions”. I just did rise to default 20 and will see if it helps
Hi is there any update from Mikrotik on this stability issue with DOH ? I have the same here either using opendns cloudflare or Google DOH server, after around 1h queries timeout, restarting the router works but again 1h later same issue…
Same issue here. Not any fix yet?
DoH server connection error, idle time out connecting…
same here 15 line error log how it can be solve?
I’ve recently tried DoH feature and this error message appears from time to time depending on load.
If you enable logs for dns you can see something like that:
612 Mar/11/2021 18:18:42 memory dns, error DoH server connection error: Idle timeout - connecting
613 Mar/11/2021 18:18:42 memory dns done query: #16331 dns server failure
…
520 Mar/11/2021 18:18:37 memory dns query from 10.10.100.32: #16331 www.google.com. A
Just part of the queries fails. It stay so in any configuration: with google or cloudflare, with or w/o “Verify DoH Certificate”, w/ and w/o static records for DoH servers etc.
After removing DoH server error logs disappear.
my fw is 6.48.1
Same issue. HEX S stable 6.48.3, or longterm 6.47.10. Reboot router resolve issue for a time about few hours, maybe less winbox stuck on “Logining…”. Only reboot with power cycle can resolve.
RouterOS developers, please pay attention to this bug (stable and longterm branches). It’s kind of memory leak or something.
In log a lot of:
DoH server connection error: SSL: handshake timed out (6)
DoH server connection error: resolving error
l2tp connections with ipsec stop working and can’t reconnect without reboot with messages in log:
initiator can’t find identity for peer:
I can confirm the bug on my HAP AC, with or without certificate verification. The bug is also present in 6.49beta54 and 7.1beta6. It doesn’t appear it’s being addressed.
Just filled out a bug report.
Figured out the problem. The “Syn Flood” rules in the firewall are picking up DoH as a flood attack and blocking all packets from whoever your DoH provider is. Disable the “syn” firewall rules and DoH will work.
Hey, how do you disable the syn flood rule ? Do you create a new firewall rule or just simply disable an existing one, I didn’t find anything that says “Syn”…
There is a general ip setting:
/ip settings set tcp-syncookies=yes|no
No idea if that is what RoutoRooter referred…
Hi,
is i have the issue too…i set this to yes and will see if this has an impact. But not really shure if this is a risk for the own system?
What do you mean?
thanks
Regards
Cyb
In my router settings /ip settings set tcp-syncookies=no is disable but still i got the same issue.
“DoH server connection error: SSL: handshake timed out (6)”