New dns addlist functionality and it doesn't work - I'm not even mad.

GreDi · June 14, 2024, 7:28am

This is on my work station

$ grep ck.getcookiestxt.com hosts
0.0.0.0 ck.getcookiestxt.com

And now RB4011 setup:

> /ip/dns export        
# 2024-06-14 09:12:24 by RouterOS 7.15.1
# software id = JXIK-VPN0
#
# model = RB4011iGS+
# serial number = XXXXXXXXXXX
/ip dns
set allow-remote-requests=yes cache-size=16384KiB servers=9.9.9.9,149.112.112.112 use-doh-server=https://dns.quad9.net/dns-query
/ip dns adlist
add ssl-verify=no url=https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
add ssl-verify=no url=https://hole.cert.pl/domains/v2/domains_hosts.txt

> /ip/dns/print 
                      servers: 9.9.9.9,149.112.112.112
              dynamic-servers: 
               use-doh-server: https://dns.quad9.net/dns-query
              verify-doh-cert: no
   doh-max-server-connections: 5
   doh-max-concurrent-queries: 50
                  doh-timeout: 5s
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 16384KiB
                cache-max-ttl: 1w
      address-list-extra-time: 0s
                          vrf: main
                   cache-used: 10733KiB
                   
> /ip/dns/adlist print
Flags: X - disabled 
 0   url="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" ssl-verify=no match-count=0 name-count=72341 

 1   url="https://hole.cert.pl/domains/v2/domains_hosts.txt" ssl-verify=no match-count=0 name-count=49722 



> /tool/ping ck.getcookiestxt.com
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                   
    0 103.224.212.213                            56  52 172ms463us
    1 103.224.212.213                            56  52 172ms373us
    2 103.224.212.213                            56  52 171ms539us
    sent=3 received=3 packet-loss=0% min-rtt=171ms539us avg-rtt=172ms125us max-rtt=172ms463us

Sometimes I get the feeling that even simple things don’t work with Mikrotik. I don’t know what is wrong with this company. Hardware, seems to be at the right level done. Or at least I don’t have any reservations.

But the software… ehh… Does QA exist in this company? Or do they all give a damn about what QA reports? Sometimes I get the feeling that this company lives from sprint to sprint and it doesn’t matter what comes out. The important thing is to get the router up and running and they will fix the rest of the bugs in the next sprint.

What I wrote above might hurt someone. But I have to admit that using Mikrotik solutions is starting to make me tired.

GreDi · July 4, 2024, 1:52am

This functionality does not work if the router has the Use DoH Server configured.

/ip/dns> /tool/ping ck.getcookiestxt.com
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                   
    0 103.224.212.213                            56  52 172ms33us 
    1 103.224.212.213                            56  52 171ms833us
    sent=2 received=2 packet-loss=0% min-rtt=171ms833us avg-rtt=171ms933us max-rtt=172ms33us 

/ip/dns> set use-doh-server=""

/ip/dns> /tool/ping ck.getcookiestxt.com
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                   
    0                                                              no address was specified                                                                                                 
    1                                                              no address was specified                                                                                                 
    2                                                              no address was specified                                                                                                 
    sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms 
    
/ip/dns> set use-doh-server="https://dns.quad9.net/dns-query"

/ip/dns> /tool/ping ck.getcookiestxt.com                     
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                   
    0 103.224.212.213                            56  52 171ms893us
    1 103.224.212.213                            56  52 171ms883us
    sent=2 received=2 packet-loss=0% min-rtt=171ms883us avg-rtt=171ms888us max-rtt=171ms893us

Kanzler · July 4, 2024, 5:14am

Yes, this doesn’t work with DoH. DoH support is available in 7.16beta

infabo · July 4, 2024, 6:32am

“RouterOS prioritizes DoH over the DNS server if both are configured on the device.”
https://help.mikrotik.com/docs/display/ROS/DNS#:~:text=name%3DDomain_Name-,RouterOS,-prioritizes%20DoH%20over

I know, we all know that the documentation could be better. But for DoH the info is there. You should have read the docs, especially when barking loud.

some people take their time to write long angry essays - instead of reading the fine manual in a fraction of the time.

ToTheFull · July 4, 2024, 6:52am

7.16_beta4 works all fine here with DoH/Adlist, as already stated it’s very NEW!

Edit: I’m finding load times slightly slower with the refactored dns, it’s all subjective and I need to test more.

What’s new in 7.16beta3 (2024-Jun-27 08:33):
*) dns - added support for DoH with static FWD entries;
*) dns - added support for mDNS proxy (CLI only);
*) dns - refactored DNS service internal processes;

What’s new in 7.16beta4 (2024-Jul-02 15:47):
*) dns - refactored DNS service internal processes (additional fixes);

infabo · July 4, 2024, 7:00am

For the sake of documentation:

What's new in 7.16beta2 (2024-Jun-12 12:03):

*) dns - added support for DoH with adlist;

rextended · July 4, 2024, 7:10am

In fact, you’re right, it’s really annoying how *** people are, who can’t even read two lines in a manual
(whether it’s done well or badly doesn’t matter, as that line already reported is correct).

You either love MikroTik or hate it, the rest is bu115h1t.

ToTheFull · July 4, 2024, 7:25am

When the statement was made, adlist over DoH didn’t work.
The OP had 7.15.1

anav · July 4, 2024, 9:44am

Hmm, methinks someone is upset Italy crashed out of the EuroCup!

The point to make is that the MT docs and examples are generic enough to give you an idea but should never be applied direclty without
modification to the scenario and context… sometimes a l ittle sometimes a lot.

erlinden · July 4, 2024, 9:47am

Canada wasn’t part of it in the first place

Too bad my RB760iGS isn’t able to download the file due to too little flash memory.
Does anyone have a solution to that? Apart from downloading it as file and load it from file, as there is no automatic update on this.