Services DNS not respond in CCR1036-8G-2S+ / Los servicios DNS no responden en CCR1036-8G-2S+

Tengo un router CCR1036-8G-2S+ la configuración del DNS es: / I have a CCR1036-8G-2S + router, the DNS configuration is:
allow-remote-requests=yes cache-max-ttl=1w cache-size=8192KiB max-concurrent-queries=300 max-concurrent-tcp-sessions=300 max-udp-packet-size=4096
query-server-timeout=2s query-total-timeout=10s servers=“198.41.0.4,192.228.79.201,192.33.4.12,199.7.91.13,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.1
48.17,192.58.128.30,193.0.14.129,199.7.83.42,202.12.27.33,8.8.4.4,1.1.1.1,1.0.0.1,9.9.9.9,149.112.112.112,8.8.8.8” use-doh-server=“” verify-doh-cert=no

En NAT tengo configurado / In NAT I have configured
action=redirect chain=dstnat comment=DNS !connection-bytes !connection-limit !connection-mark !connection-rate !connection-type !content disabled=no !dscp
!dst-address !dst-address-list !dst-address-type !dst-limit dst-port=53 !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface
!in-interface-list !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix=“” !nth !out-bridge-port !out-bridge-port-list
!out-interface !out-interface-list !packet-mark !packet-size !per-connection-classifier !port !priority protocol=tcp !psd !random !routing-mark !routing-table
!src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host !to-addresses to-ports=53 !ttl
action=redirect chain=dstnat comment=DNS !connection-bytes !connection-limit !connection-mark !connection-rate !connection-type !content disabled=no !dscp
!dst-address !dst-address-list !dst-address-type !dst-limit dst-port=53 !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface
!in-interface-list !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix=“” !nth !out-bridge-port !out-bridge-port-list
!out-interface !out-interface-list !packet-mark !packet-size !per-connection-classifier !port !priority protocol=udp !psd !random !routing-mark !routing-table
!src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host !to-addresses to-ports=53 !ttl

Pero cada cierto tiempo los clientes dejan de navegar por que el router deja de responder a las peticiones DNS. / But every so often clients stop browsing because the router stops responding to DNS requests.

Tenía la versión 6.48.3, actualice a 6.49 y sigue pasando lo mismo. / I had version 6.48.3, update to 6.49 and the same thing keeps happening.

¿Alguna idea de dónde está mi problema? ¿Cómo puedo resolver esto sin quitar el NAT? / Any idea where is my problem? How I can resolve this without remove the NAT?

#DNS #CCR1036 #v6.49 #v6.48.3

I have a similar problem.
Router CCR1036-8G-2S+, ros v6.49. Recently, customers have started complaining about “slow Internet”. Websites often don’t open on the first try. But after reloading the pages normally worked. Otherwise, everything is fine. Speed and ping are normal. This usually happened in the evening. The problem was solved by assigning an external dns server on the customers routers. So far in the dhcp-server/network settings I give them not my dns cache sever but 1.1.1.1 and 8.8.8.8.

The settings on the ccr are default:

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s servers=1.1.1.1,8.8.8.8,8.8.4.4 use-doh-server="" \
    verify-doh-cert=no

How can this be fixed?

Ya encontré el error y es que cuando tienes muchos clientes comienza a fallar, por lo tanto es recomendable montar un servidor solo para DNS que no sea con software Mikrotik

I already found the error and it is that when you have many clients it starts to fail, therefore it is recommended to set up a server only for DNS that is not with Mikrotik software

Almost one year later, not bad.