A customer that uses PS4 open a ticket due to instability loggin’ on PSN.
This guy have a parallel ADSL from another ISP, natted. At the ADSL PS4 logs in without problems all tries, “easy setup” (e.g all auto DNS, IP, 1472 MTU etc).
CPE uses DNS/GW from AP/MT router (lets say 10.0.0.1) and receive an IP at the same range. Natted to 192.168.X.1 with GW/DNS at the same range.
ADSL uses 192.168.X.1 - but - both DNS are public IPs.
MT router have a simple but traditional DNS setup (4 valid DNSs, allowing remote requests, max udp 8192) and nothing special on DHCP server.
There are 2 DNS related rules at firewall, one does not allows dns requests on public port / ip and the other dst-nat any UDP on port 53 back to 10.0.0.1.
This second “work around” helped me a couple of years ago to get rid of a cell phone worm that changed DNS setup at customers WiFi routers of common brands which still with factory login (admin/admin).
I modified this dst-nat rule, keeping it working for all requests to any dns IP except when it’s 8.8.8.8, 8.8.4.4, open dns, etc etc (a small trusted dns list).
This way PS4 started working with manual public ip setup.
The question is: why PS4 does not like MT private ip DNS ???
Two hw involved: a RB3011 and later a spare 433UAH. Both running ROS 6.37.3.
Not all DNS resolvers are necessarily equal in knowledge, so in theory, redirecting all queries to yours can cause problems, because it may not be able to provide the right answer. On the other hand, you’re far from being the only one who does that. And generally all resolvers operating from common DNS root should have same data. It also sounds unlikely that PS4 would require something unusual.
But if you see clear difference between redirecting and not redirecting everything to you, then it’s probably it. If you can experiment, I’d try to catch DNS traffic with both configs, compare it and perhaps it would reveal something.
Btw, I’m not sure if I understand how exactly is everything connected at customer’s side.
You’re right, may be some sniffing reveal differences.
At the customer side things are as plain as possible, nothing special: at the ADSL providor a Motorola box with WiFi included, PPPoe etc. The difference is that ADSL providor leases public DNS as … DNS for each device on LAN.
At my side, a TP-Link BGN and a natted CPE from UBNT and DNS is at a private LAN address range. So manual config at PS4 solved the problem (after the “trusted dns” list at dst-nat trap).
Bottom line all surfing services works fine (voip included).
Only PS4 seems a bit tricky (MTU 1472 and comfortable with public DNS IP addresses). I’ll ask the customer to wire this TP-Link at one of his ADSL LAN ports and try using TP Link’s DHCP to provide IP to PS4.
Even configuring CPE as transparent bridge and connecting PS4 direct (no home routers, nothing) solve the problem. PS4 received address from MT DHCP direct but if I does not use a public DNS IP address … no game.
BTW, uPNP are enabled at public / local interfaces (external / internal etc) and I saw its use from such customer at the Winbox NAT pane for some time (temporary redirecting ports).
I’ll sniffer the “boot up” process to see whats up.
We were using MT routers at the client end and through DHCP handing out the router as the DNS.
Changed the DHCP server to offer out a public DNS (such as 8.8.8.8 and 8.8.4.4) and PSN connectivity returned.
The “issue” as we saw it was the MikroTik acting as the DNS, stop it from responding to requests and hand out DNS directly and it fixed it (for us at least)
Maybe some queries are not sent to public resolver but forced elsewhere, redirected queries are instead all catched so something can definitely be different
Every proxy resolver caches records. It depends on TTL set by whoever publishes the record. I didn’t see RouterOS doing anything unusual in this regard.
However reality dictates that using a MT as a cacheing DNS server stops your connection to PSN and when you push the DNS out further (ISP for example) it starts working again. Maybe Mikrotik is ignoring TTL?
I am also curious about this problem. I have same problem with DNS published to clients in local network from my Mikrotik. I have 5 DNS servers set in my Mikrotik (2 from my provider, 1 from Google, 2 from CZ NIC), allowed remote requests from local network, and default values for other settings:
Max UDP size: 4096
Query server timeout: 2s
Query total timeout: 10s
Cache size: 2048 KiB
TTL: 7d
Also I have some static records, but only for machines in local network. For clients is Mikrotik propagated as only DNS server. Same as OP I have problems to connect to PSN with my Mikrotik DNS. Other DNS servers (open, or ISP) set manually in PS4 settings are working well.
PS4 is not only device having problems with this. Few months later I had same problems with Hackintosh in Virtualbox, and week ago I had same problems with my new MacBook Pro. It was impossible to download anything large from AppStore (update to macOS Sierra, Xcode, …). Download speed was constantly slowing down from maximum to very low speeds. Connection was unstable, and interrupted automatically every few minutes.Despite of fact I have stable optical cable connection 100/10Mbit. Downloading everything (also big files like for example Debian/Ubuntu iso images) from browser was ok. Solution was the same - change DNS servers, and don’t use Mikrotik ones.