Repetitive DNS query to www.mikrotik.com

RouterOS General
1

Hi all.

I have main router (RB2011, ROS 6.9, local ip 192.168.1.1). I added secondary wifi ap (Groove, ROS 6.10, local ip 192.168.1.91). All bridged, default gateway 192.168.1.1.

Unfortunatelly I left the “Allow remote requests” in DNS setting of the Groove on. Then I saw that there are repetitive DNS requests for resolving http://www.mikrotik.com sent from main router to the Groove. So I switched the “Allow remote requests” in DNS setting of the Groove off. Now it ends with error (that is right).

Feb/25/2014 10:26:02 dns local query: #18591 > http://www.mikrotik.com> . A
Feb/25/2014 10:26:02 dns,packet — sending udp query to 192.168.1.91:53:
Feb/25/2014 10:26:02 dns,packet id:f831 rd:1 tc:0 aa:0 qr:0 ra:0 QUERY ‘no error’
Feb/25/2014 10:26:02 dns,packet question: http://www.mikrotik.com:a:IN
Feb/25/2014 10:26:04 dns,packet — sending udp query to 192.168.1.91:53:
Feb/25/2014 10:26:04 dns,packet id:11de rd:1 tc:0 aa:0 qr:0 ra:0 QUERY ‘no error’
Feb/25/2014 10:26:04 dns,packet question: http://www.mikrotik.com:a:IN
Feb/25/2014 10:26:06 dns,packet — sending udp query to 192.168.1.91:53:
Feb/25/2014 10:26:06 dns,packet id:9bb8 rd:1 tc:0 aa:0 qr:0 ra:0 QUERY ‘no error’
Feb/25/2014 10:26:06 dns,packet question: http://www.mikrotik.com:a:IN
Feb/25/2014 10:26:08 dns,packet — sending udp query to 192.168.1.91:53:
Feb/25/2014 10:26:08 dns,packet id:f613 rd:1 tc:0 aa:0 qr:0 ra:0 QUERY ‘no error’
Feb/25/2014 10:26:08 dns,packet question: http://www.mikrotik.com:a:IN
Feb/25/2014 10:26:10 dns,packet — sending udp query to 192.168.1.91:53:
Feb/25/2014 10:26:10 dns,packet id:689c rd:1 tc:0 aa:0 qr:0 ra:0 QUERY ‘no error’
Feb/25/2014 10:26:10 dns,packet question: http://www.mikrotik.com:a:IN
Feb/25/2014 10:26:12 dns done query: #18591 dns server failure

I do not understand why it is still asking for this DNS resolve and why it is each 2 seconds?

I have nothing in my configuration or scripts that could cause such requests.

What is more, it is of course in local DNS cache of RB2011 with enough TTL, so there is no need to ask other DNS server for resolving it. And additionally the Groove is not written in the DNS server list of RB2011.

So, how is this possible?

2

I have found the reason:

It is Dude proble for DNS service. I switched it off and it was stopped. Hope will help someone in the future…

3

Definitely it helps me to solve DNS problems with DoH (DoH max concurrent queries reached, ignoring query) due to spammer’s like behavior of dude probe. I have tried to put time interval 5m, 10m instead of default but it doesn’t help me. Only deleting or disabling that probe.