ROS 7.3.1 All DNS settings reverting on reboot

ilium007 · July 4, 2022, 10:07am

I have a cAP ac running 7.3.1. I am attempting to set up DoH via Quad9 DNS and after removing all old static DNS entries and setting it all up and testing it reverts all settings on reboot.

I found an old thread about DNS settings reverting due to DHCP client but I have no DHCP client configured.

[admin@capac] /ip/dns> print
                      servers: 9.9.9.9,149.112.112.112
              dynamic-servers:
               use-doh-server: https://dns.quad9.net/dns-query
              verify-doh-cert: yes
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 2048KiB
                cache-max-ttl: 1d
                   cache-used: 74KiB
                   
[admin@capac] /ip/dns/static> print
Columns: NAME, ADDRESS, TTL
# NAME           ADDRESS          TTL
0 dns.quad9.net  9.9.9.9          1d
1 dns.quad9.net  149.112.112.112  1d
[admin@capac] /ip/dns/static>

This all reverts on reboot.

ilium007 · July 4, 2022, 10:13am

Thats the problem. How do I see whats taking up 16MB HDD?

The only extra package I have installed is zerotier.

[admin@capac] > /system/resource/print
                   uptime: 18m5s
                  version: 7.3.1 (stable)
               build-time: Jun/09/2022 08:58:15
         factory-software: 6.44
              free-memory: 58.7MiB
             total-memory: 128.0MiB
                      cpu: ARM
                cpu-count: 4
            cpu-frequency: 672MHz
                 cpu-load: 0%
           free-hdd-space: 0
          total-hdd-space: 15.2MiB
  write-sect-since-reboot: 944
         write-sect-total: 963566
               bad-blocks: 0%
        architecture-name: arm
               board-name: cAP ac
                 platform: MikroTik
[admin@capac] >

ilium007 · July 4, 2022, 10:58am

I managed to get 104Kb free but still lost settings on reboot. I now have a unit that I can’t save settings on.

[admin@capac] > /system/resource/print
                   uptime: 2m6s
                  version: 7.3.1 (stable)
               build-time: Jun/09/2022 08:58:15
         factory-software: 6.44
              free-memory: 56.4MiB
             total-memory: 128.0MiB
                      cpu: ARM
                cpu-count: 4
            cpu-frequency: 896MHz
                 cpu-load: 16%
           free-hdd-space: 104.0KiB
          total-hdd-space: 15.2MiB
  write-sect-since-reboot: 1447
         write-sect-total: 967408
               bad-blocks: 0%
        architecture-name: arm
               board-name: cAP ac
                 platform: MikroTik
[admin@capac] > /system package print
Columns: NAME, VERSION
# NAME      VERSION
0 zerotier  7.3.1
1 routeros  7.3.1
[admin@capac] > /file print
Columns: NAME, TYPE, CREATION-TIME
#  NAME         TYPE       CREATION-TIME
0  flash        disk       jul/04/2022 20:23:22
1  flash/skins  directory  jan/01/1970 10:00:18
2  flash/pub    directory  sep/08/2020 21:03:33
[admin@capac] >

holvoetn · July 4, 2022, 11:00am

Netinstall and import settings again ?

ilium007 · July 4, 2022, 11:02am

Seems extreme to save a settings worth bytes of data. Never had to save a backup and restore / import settings on any router I have ever owned because of storage space. Just insane.

holvoetn · July 4, 2022, 11:12am

Just a suggestion, your choice to apply it or not.

But I have seen reports where devices being upgraded from ROS6-something to various ROS7 versions ultimately had to be netinstalled and using the EXACT same config, all worked.
Even had to do it myself once on a Hex …

Export backup to rsc, retrieve to PC, netinstall, reapply rsc-backup.
Can not be more then 10 minutes, 15 minutes tops.

ilium007 · July 4, 2022, 11:28am

I’ll give it a go now

ilium007 · July 4, 2022, 11:31am

Can I force netinstall from CLI or do I have to go and now pull the cap ac off the roof to reset? All for a DNS setting change.

This is why I now only use Ubiquiti Unifi AP’s…

pe1chl · July 4, 2022, 11:59am

You can set “try ethernet once then nand” in system->routerboard->settings and then do a system->reboot.
Then it will enter the netinstall mode once without having to press the button.

ilium007 · July 4, 2022, 12:29pm

ok thanks, maybe that will help. Currently trying with netinstall running via Wine on OSX (I have done this in the past successfully) using

sudo -H -u root "/Applications/Winbox-mac.app/Contents/Resources/wine/bin/wine64" ~/Downloads/netinstall64/netinstall64.exe

When I put into netinstall mode via reset button I see this:

bootp recv bytes: 300 mac=48:8F:5A:2D:15:F8
client: 48:8F:5A:2D:15:F8
bootp req received
FAILED TO REPLY
bootp recv bytes: 300 mac=48:8F:5A:2D:15:F8
client: 48:8F:5A:2D:15:F8
bootp req received
FAILED TO REPLY
bootp recv bytes: 300 mac=48:8F:5A:2D:15:F8
client: 48:8F:5A:2D:15:F8
bootp req received
FAILED TO REPLY
bootp recv bytes: 300 mac=48:8F:5A:2D:15:F8
client: 48:8F:5A:2D:15:F8
bootp req received
FAILED TO REPLY

ilium007 · July 4, 2022, 12:31pm

Tried this with fresh netinstall download for 7.3.1 and get the same failed output as above.

mkx · July 4, 2022, 12:33pm

The problem you see originates on your management computer, not from router.

ilium007 · July 4, 2022, 12:45pm

I found another post that suggested to place a switch between router and netinstall computer. That worked after the third attempt.

All seemed to work up until this point:

change state 9
select zerotier 1
selected: Z:\Users\zzz\support\mikrotik\7.3.1\capac\capac.rsc
send key:
script: Z:\Users\zzz\support\mikrotik\7.3.1\capac\capac.rsc
prepare ok
format ok
sending zerotier-7.3.1-arm.npk, size: 749713
bootp recv bytes: 300 mac=48:8F:5A:2D:15:F8
client: 48:8F:5A:2D:15:F8
bootp req received
onTftp 137 vmlinux
sendRes=137
port: 41800
blksize 1452
sendFile 8000968
~Installator()
changing RBcAPGi-5acD2nD

ilium007 · July 4, 2022, 1:09pm

So this is where I am at… netinstalled, selected configure script from export I took before. It looks like it has re-deployed routerOS and zerotier but when I winbox to the device it is a blank slate.
Screen Shot 2022-07-04 at 11.05.01 pm.png
Should there have been more output after “~Installator()”

ilium007 · July 4, 2022, 1:33pm

A thread on these forums (from 2006) shows people ‘learning the hard way’ that there are undocumented issues in the length of the backup script that can be deployed via the netinstall process.

pe1chl · July 4, 2022, 1:46pm

You can do a full reset of the AP, connect via MAC address and import the rsc file.

ilium007 · July 4, 2022, 2:01pm

Tried doing reset and set ‘run after reset’ script. It also fails with this message in log:

error while running run-after-reset script: failure: cannot change builtin

Screen Shot 2022-07-04 at 11.58.23 pm.png
Out of ideas and patience. Whats the point of an ‘export’ file if it can’t be re-imported?

I’ve been at this for 6hrs now… trying to make a simple DNS change to a ceiling mounted AP. I am usually 800km away from this device and will never be comfortable remotely trying to change a setting.

pe1chl · July 4, 2022, 3:48pm

I agree that it sucks. I told you to connect via MAC address and then reset the config.
After that you upload the export file and run an import command from the terminal:

/import verbose=yes filename

Should it issue some minor error message you can skip that line by adding from-line=1234 (for example) to the import command.

MikroTik does not respond to requests to make the import facility more sturdy. Not a priority, apparently.

ilium007 · July 5, 2022, 2:50am

After another few hours I have the cAP ac back on the roof and its working but I can no longer SSH to the device. I could before it was ‘recovered’. My RSA keys that were configured previously can no longer be imported to the device, when I attempt to import them I get a message about raising a support case with a supout file. The device is on the exact same routerOS version 7.3.1 and I’m trying the same keys. I also tried enabling password login and that fails as well.

ssh -vvv cAPac
OpenSSH_9.0p1, OpenSSL 1.1.1p  21 Jun 2022
debug1: Reading configuration data /Users/xxx/.ssh/config
debug3: /Users/xxx/.ssh/config line 1: Including file /Users/xxx/.ssh/fp_config depth 0
debug1: Reading configuration data /Users/xxx/.ssh/fp_config
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug1: /Users/xxx/.ssh/config line 53: Applying options for cAPac
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug1: /Users/xxx/.ssh/config line 74: Applying options for *
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.120.2 is address
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.120.2 [192.168.120.2] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /Users/xxx/support/rsa_keys/xxx_id_rsa type 0
debug1: identity file /Users/xxx/support/rsa_keys/xxx_id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
kex_exchange_identification: Connection closed by remote host
Connection closed by 192.168.120.2 port 22

ilium007 · July 5, 2022, 3:52am

So now reset to default and manually entering all config back in. SSH works now. This is insane.