Its a WORM or Just DNS problem

mkr848 · May 30, 2010, 9:19pm

hi
after a secend of flush the DNS cache this what i had( In Pic) :
zvqgmwiav.net unknown 0.0.0.0
zvqgmwiav.cc unknown 0.0.0.0
zrafqswyb.cc unknown 0.0.0.0

and the list go on, when i stop the tracking in ip-firewall-connections
the site stop appearing.
the problem couse site browsing slow and the DNS cache get full in about 10 Min !

is it kind of worm or what?
if it is how to stop it ,
note :
the 0.0.0.0 address and the sites scr address dose not appears in connections list and torch .

rmichael · May 31, 2010, 1:40am

It’s probably a worm. ROS does not offer adjusting negative cache lifetime…if you don’t like it tough it up (or make request to MT). If you are inclined on using the caching DNS server you can run a workaround script that will delete negative cache responses every 5 minutes or so.

sergejs · May 31, 2010, 7:34am

Make sure you are running the latest MikroTik RouterOS version, contact support (support@mikrotik.com) with the attached support output file.

xezen · May 31, 2010, 12:03pm

i have the same thing on 4.9

ill upgrade to 4.10 and send file to support

mkr848 · May 31, 2010, 2:51pm

how the upgrade will solve the problem?

i will search on nigative dns script, and reply

xezen · May 31, 2010, 5:09pm

as you can see what was asked for

normis · June 1, 2010, 6:17am

with the attached support output file> .

mkr848 · June 4, 2010, 9:42pm

hi
i did upgade to v 4.10, but still have the same problem
send the problem to mikrotik support was not useful i still bothering them up
and i can’t find such script also i can’t write

so ?? any solutions

sergejs · June 7, 2010, 5:51am

MikroTik RouterOS does not offer advanced DNS server setup, it just forwards the DNS requests from client to the configured server, when there is huge number of DNS requests from client, DNS requests are mostly UDP, the most secure way drop them from the specific client.

xezen · June 15, 2010, 5:34pm

so what was a solution to this? use linux box for dns server???

sergejs · June 16, 2010, 8:19am

xezen,
what could be the solution for it, when computer sends tons of DNS requests for 0.0.0.0 address.
MikroTik RouterOS DNS cache is just cache, you can filter DNS requests by firewall, but you could not distinguish good requests from bad requests.

rmichael · June 16, 2010, 8:26pm

serjejs, can you explain why adjusting negative cache life-time is not an option?

sergejs · June 17, 2010, 7:35am

How it could help for the original poster problem?

rmichael · June 17, 2010, 9:36am

Lowering negative-cache lifetime would lessen the number of useless entries giving more room for valid records. With higher percentage of useful records OP could lower cache size speeding up DNS lookup.

IMO current negative-cache lifetime value invites problems. For example, if DNS cache size is 10000 entries the cache would fill up with useless junk at minimum rate of 10000 bad queries/24h . With lower lifetime, say 5 minutes, the rate would have to be 10000/5 minutes or 172,800,000/24h.

TachinOli · May 3, 2016, 9:23pm

Hello dears
I have the same problem mkr848
The memory is quickly filled with negative entries and begins to fail internet customers solve problems in directions.
I could not detect the failure. If you can see this topic to see what I can do I’m going to thank .
I have already sent the file to support@mikrotik.com supout.rif

Thank you!!

jarda · May 4, 2016, 1:52pm

Check the firewall first. Most probably you are not dropping unwanted traffic from wan.

pe1chl · May 4, 2016, 2:33pm

Yet another victim of the decision to “drop unwanted traffic from wan” instead of “accept wanted traffic
and drop all other traffic” default firewall

jarda · May 4, 2016, 3:29pm

Everyone should finally drop everything what is unwanted.