frequent query upgrade.mikrotik.com

Wilmar · December 14, 2015, 9:41pm

Why is my Mikrotik (Routerboard 2011UAS-2HnD, firmware 3.24, version 6.33.3 (stable)) sending these query about every minute?

Wilmar

pukkita · December 15, 2015, 9:48am

Do you have the cloud service (ala dyndns) enabled?

Wilmar · December 17, 2015, 12:20am

no, cloud is not enabled.

jo2jo · December 15, 2016, 10:57pm

im having this same issue, i noticed this was poping up in my remote syslog once every minute:

12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns VALvpn_RB_433_BACKUPmt__: done query: #1 upgrade.mikrotik.com 52.222.214.132
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <d355q2xs8kb5oj.cloudfront.net:A:36=52.222.214.18>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <d355q2xs8kb5oj.cloudfront.net:A:36=52.222.214.79>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <d355q2xs8kb5oj.cloudfront.net:A:36=52.222.214.195>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <d355q2xs8kb5oj.cloudfront.net:A:36=52.222.214.37>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <d355q2xs8kb5oj.cloudfront.net:A:36=52.222.214.96>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <d355q2xs8kb5oj.cloudfront.net:A:36=52.222.214.232>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <d355q2xs8kb5oj.cloudfront.net:A:36=52.222.214.67>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <d355q2xs8kb5oj.cloudfront.net:A:36=52.222.214.132>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: <upgrade.mikrotik.com:CNAME:5042=d355q2xs8kb5oj.cloudfront.net>
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: answer:
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: question: upgrade.mikrotik.com:A:IN
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: id:4aaf rd:1 tc:0 aa:0 qr:1 ra:1 QUERY 'no error'
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: --- got answer from 4.2.2.1:53:
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: question: upgrade.mikrotik.com:A:IN
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: id:4aaf rd:1 tc:0 aa:0 qr:0 ra:0 QUERY 'no error'
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns,packet VALvpn_RB_433_BACKUPmt__: --- sending udp query to 4.2.2.1:53:
12-15-2016	16:55:11	Local7.Debug	192.168.4.210	dns VALvpn_RB_433_BACKUPmt__: local query: #1 upgrade.mikrotik.com. A

any idea or fixes?

I dont have any cloud enabled:

[val_VPN] /system package> print
Flags: X - disabled 
 #   NAME                     VERSION                     SCHEDULED              
 0   routeros-mipsbe          6.37.3                                             
 1   system                   6.37.3                                             
 2 X ipv6                     6.37.3                                             
 3 X wireless                 6.37.3                                             
 4 X hotspot                  6.37.3                                             
 5   dhcp                     6.37.3                                             
 6 X mpls                     6.37.3                                             
 7   routing                  6.37.3                                             
 8   ppp                      6.37.3                                             
 9   security                 6.37.3                                             
10   advanced-tools           6.37.3                                             
[val_VPN] /system package> /ip cloud export
# dec/15/2016 16:57:08 by RouterOS 6.37.3
# software id = P
#
/ip cloud
set update-time=no
[@val_VPN] /system package>

normis · December 16, 2016, 7:50am

There was a bug on 6.33 early versions. You have .3.

Upgrade and it should not do this anymore. It is simply re-trying when it should not.

jo2jo · December 16, 2016, 7:16pm

I dont understand your reply, so are you saying i should update via the Release Candidate channel? because this router is currently running the latest rOS, 6.37.3 the only newer release is a “beta” 6.38rc49.

DaveN · September 12, 2017, 7:14am

Sorry for resurrecting an old post, but I’m running 6.40.3 on a RB750Gr3, and see the same issue - frequent DNS queries to upgrade.mikrotik.com (approximately a couple times every minute).
Has the bug on 6.33 early versions crept back into the code?

03:00:02 dns local query: #47433 upgrade.mikrotik.com. A 
03:00:02 dns done query: #47433 upgrade.mikrotik.com 54.192.55.160 
03:00:52 dns local query: #47434 upgrade.mikrotik.com. A 
03:00:52 dns done query: #47434 upgrade.mikrotik.com 54.192.55.69 
03:01:52 dns local query: #47441 upgrade.mikrotik.com. A 
03:01:52 dns done query: #47441 upgrade.mikrotik.com 54.192.55.116 
03:02:02 dns local query: #47442 upgrade.mikrotik.com. A 
03:02:02 dns done query: #47442 upgrade.mikrotik.com 54.192.55.160 
03:02:52 dns local query: #47447 upgrade.mikrotik.com. A 
03:02:52 dns done query: #47447 upgrade.mikrotik.com 54.192.55.198 
03:03:52 dns local query: #47449 upgrade.mikrotik.com. A 
03:03:52 dns done query: #47449 upgrade.mikrotik.com 54.192.55.182 
03:04:02 dns local query: #47450 upgrade.mikrotik.com. A 
03:04:02 dns done query: #47450 upgrade.mikrotik.com 54.192.55.182 
03:05:02 dns local query: #47452 upgrade.mikrotik.com. A 
03:05:02 dns done query: #47452 upgrade.mikrotik.com 54.192.55.198

Like the previous posters, both cloud services are disabled.

[admin@RB750Gr3] > /ip cloud print
  ddns-enabled: no
   update-time: no

and automatic time-zone is disabled.

[admin@RB750Gr3] > /system clock print 
                  time: 03:01:15
                  date: sep/12/2017
  time-zone-autodetect: no
        time-zone-name: America/Montreal
            gmt-offset: -04:00
            dst-active: yes

Is there any other setting that could prevent (or cause) this behaviour?

Cheers,
DaveN

normis · September 12, 2017, 7:39am

Do you have QuickSet open? Maybe you have scripts that upgrade the router?

The upgrade.mikrotik.com domain is not the same as the cloud.mikrotik.com domain.

DaveN · September 15, 2017, 3:23am

Hi normis,

Thanks for the quick reply - apologies for the slow follow-up. To answer your question, I did not have QuickSet open, but I did have many windows open in WinBox, and your reply gave me a hint.

I was able to replicate the problem tonight.
I first opened WinBox and setup my logging to show all “dns”.
I waited a few minutes then verified that there were no dns queries to upgrade.mikrotik.com
I then triggered a query by opening System->Packages, clicking on “Check for Updates” and then clicking in the popup window on the next “Check for Updates”.
This triggered the same pattern of queries (about a couple per minute) reported earlier.

I then closed both the “Check for Updates” and the “Package List” windows, but the DNS queries continued at the frequency of about a couple queries a minute - with all but the Log window closed.

I was able to stop the dns queries by closing WinBox and reopening it.

Is this a bug, or expected behaviour according to the way WinBox is coded?

Cheers,
DaveN

normis · September 15, 2017, 5:46am

Sorry, but I could not repeat it. Are you sure that in all locations IP CLOUD features are off?

Quickset - Disable the VPN option.
IP → CLOUD menu, disable Time and DNS options.

DaveN · September 15, 2017, 8:22am

Hi normis,

Yes, the IP CLOUD features are off. I checked both locations you mention - and I also verified that System->Clock, Time Zone Autodetected is deselected.

As a test, I checked what would happen if I turned on one of the cloud features. If I turn DDNS on, then I see (as expected) additional DNS query’s to cloud.mikrotik.com.

In this example, the “item changed by admin” was turning on DNS.

04:06:52 dns local query: #66189 upgrade.mikrotik.com. A 
04:06:52 dns done query: #66189 upgrade.mikrotik.com 54.192.48.237 
04:07:52 dns local query: #66191 upgrade.mikrotik.com. A 
04:07:52 dns done query: #66191 upgrade.mikrotik.com 54.192.48.24 
04:08:52 dns local query: #66192 upgrade.mikrotik.com. A 
04:08:52 dns done query: #66192 upgrade.mikrotik.com 54.192.48.16 
04:09:20 system,info item changed by admin 
04:09:20 dns local query: #66193 cloud.mikrotik.com. A 
04:09:20 dns done query: #66193 cloud.mikrotik.com 91.188.51.139 
04:09:52 dns local query: #66194 upgrade.mikrotik.com. A 
04:09:52 dns done query: #66194 upgrade.mikrotik.com 54.192.48.187 
04:10:20 dns local query: #66195 cloud.mikrotik.com. A 
04:10:20 dns done query: #66195 cloud.mikrotik.com 81.198.87.240 
04:10:52 dns local query: #66196 upgrade.mikrotik.com. A 
04:10:52 dns done query: #66196 upgrade.mikrotik.com 54.192.48.238 
04:11:02 dns local query: #66198 upgrade.mikrotik.com. A 
04:11:02 dns done query: #66198 upgrade.mikrotik.com 54.192.48.187 
04:11:20 dns local query: #66199 cloud.mikrotik.com. A 
04:11:20 dns done query: #66199 cloud.mikrotik.com 91.188.51.139

Anyway - not to worry. Too bad you can’t reproduce, but I now know that if I close WinBox and reopen it, the queries to upgrade.mikrotik.com stop (until I force an update check in WinBox, at which point they continue until I close WinBox).

Cheers,
DaveN

Cha0s · September 15, 2017, 1:37pm

I just tried DaveN’s procedure and I have the same resutls.

I don’t use any Cloud features nor Timezone autodetect. It is triggered only by “Check for updates” button.

Also If I flush the DNS cache (and keep flushing it) then the queries are done every 10 seconds.
Otherwise every X minutes (where X is the TTL of the DNS replies).

Restarting winbox makes these lookups to stop and all cached DNS replies related to upgrade.mikrotik.com expire (otherwise they are keep getting refreshed since they are being looked up periodically).

Also this is not consistent. After restarting windbox and trying to flush the DNS cache again it didn’t try to lookup every 10 seconds as it did the first time I tried it. But it will definitely keep trying at other intervals until winbox is restarted.