I have a RouterOS hotspot (level 6) running at my core location. Behind it I have a few servers and a couple of other Mtik hotspots. My problem is:
After a period of time (hours) everything behind the core hotspot can’t ping the DNS servers. The core hotspot router can ping the DNS servers but nothing behind it can. As soon as I turn off the hotspot server on the core router I can ping the DNS servers. When I turn the hotspot back on after some time I lose DNS connectivity again.
What I have done to troubleshoot:
Tried pinging other IPs outside the network: works, just DNS IPs don’t respond
Cleared DNS cache on the core hotspot router: still couldn’t ping DNS IPs
Turned off connection tracking on the core hotspot router: still couldn’t ping DNS
Turned off hotpot on the core router: I could ping DNS servers
Turned hotspot back on: I could still ping the DNS servers but after a few hours I lose connectivity to DNS
I am not sure what exactly happens over a period of time. Something fills up or the hotspot proxy crashes? It’s not connection tracking since turning that feature off didn’t make a difference. The CPU load and memory usage were also fine on the core hotspot server when this happened. How do I turn off DNS caching (I am not sure if this could be the issue either)?
I am running version 4.11 on an x86 box. I have the number of hotspot users set to 3000 but don’t come anywhere near this number (only have a 100 or so users). All idle timeouts, etc have been turned off. If I leave the hotspot service off everything is fine. I have the hotspot running on its own vlan interface. Initially it was running on the same vlan as everything else (servers, other hotspots, etc) and this problem would occur withing 5~10 mins. Now it takes hours but still happens.
I’ve had some problems with the Hotspot servlet and DNS, and nowadays I just circumvent it. By default all DNS traffic is redirected to it. You can shortcircuit that with the following configuration:
At that point you really are using the DNS servers and are not proxied through the Hotspot servlet, and things will continue to work nice. At that point it’s important that you get the DNS mappings for the Hotspot DNS name vs its IP address 100% right on your external DNS servers, or things will break in bad ways.
Thanks Guru. I will give this a shot. Can I use the hotspot’s IP address as the dns-name or can I not even set a dns-name in its profile because I don’t have access/control to the external DNS servers. So I might not be able to add an entry for the hotspot’s dns name to the dns servers.
You HAVE to have the DNS name set up under the Hotspot server profile mapped to the IP address set up under the same Hotspot server profile, or the Hotspot will not work. If you cannot do that on the external DNS server you want users to use directly, you CANNOT use it directly and must have DNS proxied through the Hotspot servlet.
In that case it would probably be best to take supout.rifs and send them to support@mikrotik.com and get an official bug report open and the issue resolved for good.
My method really is a cop-out anyway as it works around the issue rather than fix it.