See here for an overview: https://intodns.com/mynetname.net
One server is not answering, lame delegation, etc, quite a handful. I’m a bit concerned about these DNS servers, there’s only 2 of them for the “cloud” dynamic names, apparently no real strong clould backing infrastructure is present. Do you plan to enhance the service? It works 99% of the time and it makes life a lot easier for customers on dynamic endpoints, but for the remaining 1% we’re in trouble when we most need it.
Kobuki, thank you very much for the concerns, comments and for using our IP cloud.
Yes, we have plans to make big enhancements for the service in the near future, where all your concerts will be addressed.
Nice to know that you take note of the problems, however it’s still serviced from a single unicast IPv4 address…
While it’s nice of Mikrotik to offer such features there are a plethora of DDNS scripts that work perfectly. he.net has free DNS including dynamic records. Setup the DDNS script and place it in dhcp-client script area so that it triggers on DHCP changes and boom its done and its in your control.
I raised my concerns about the built-in function, the thread is not about the alternatives that I know and use as well (dns.he.net or freedns.afraid org are good examples among many). The functionality is a good addition to RouterOS but the backing service is flaky. Mikrotik might have underestimated the load this service can generate and are struggling with keeping the sync between their dedicated auth servers so they might have shut down one of the 2. I’m just guessing though as there is no info available anyway.
I don’t think using the serial number .sn.mynetname.net is a particularly great method either. People wanting to target Mikrotik devices could pound the name servers with DNS request generators and probably successfully generate the serials with the tools that are available for pen testing. It probably is more effective than scanning all IPv4 blocks and considerably less obvious as they are not tripping honeypots.. And I would highly doubt that the existing name servers would be having degradation from legitimate updates or queries.
With 60 sec TTL it’s entirely possible, but it was just a guess. If it keeps being DDOS’d, then well, SOL. And yes, using the serial directly in the host name is not a bright idea.
it’s good for mikrotik to track the equipment … 