Community discussions

MikroTik App
 
arm920t
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

DNS server is broken in 7.1beta4

Wed Mar 03, 2021 1:35 pm

Installed 7.1beta4 on X86.When system rebooted.It won't assign dns to client.I need to replug lan port to make it run again.
 
andryan
newbie
Posts: 40
Joined: Fri Nov 30, 2007 10:33 pm
Location: Jakarta, Indonesia
Contact:

Re: DNS server is broken in 7.1beta4

Wed Mar 03, 2021 2:33 pm

You mean DHCP server does not hand out DNS servers information to DHCP clients?
 
arm920t
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

Re: DNS server is broken in 7.1beta4

Wed Mar 03, 2021 4:26 pm

You mean DHCP server does not hand out DNS servers information to DHCP clients?
Yes,clients can not get DNS information when router rebooted.
 
arm920t
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

Re: DNS server is broken in 7.1beta4

Wed Mar 10, 2021 12:20 pm

I tested for many times.The clicent(PCs) takes 5 minuets to get dns when ros reboot.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: DNS server is broken in 7.1beta4

Wed Mar 10, 2021 1:02 pm

Your report is unclear. What do you mean:
- the clients do not know the address of the DNS server, which they usually obtain through DHCP.
that would not be a broken DNS server, that could be a broken DHCP server
- the clients know the address of the DNS server, but it does not respond to their queries, or it returns errors.
that could be a broken DNS server, but it could also be the DNS server is not statically configured with DNS resolvers and obtains this information from a server further down the path, e.g. a DHCP server of the ISP or a PPPoE connection

Without further details like the configuration of DHCP, DNS, and the upstream link, this is impossible to tell.
 
arm920t
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

Re: DNS server is broken in 7.1beta4

Wed Mar 10, 2021 1:58 pm

Your report is unclear. What do you mean:
- the clients do not know the address of the DNS server, which they usually obtain through DHCP.
that would not be a broken DNS server, that could be a broken DHCP server
- the clients know the address of the DNS server, but it does not respond to their queries, or it returns errors.
that could be a broken DNS server, but it could also be the DNS server is not statically configured with DNS resolvers and obtains this information from a server further down the path, e.g. a DHCP server of the ISP or a PPPoE connection

Without further details like the configuration of DHCP, DNS, and the upstream link, this is impossible to tell.
1.Boot up router and waite for the computer accesses Internet normally.(Need to replug the ethernet port of computer to make it work)
2.Reboot the router.The ethernet port of computer link down.
3.Wait for the router to boot up.Computer ethernet port link up again.
4.Computer got IP address from router.But the dns column is empty.
5.Replug the ethernet port or wait for morethan 5minute to get dns information from DHCP server.
6.If i change the network setting of the computer form DHCP to static by setting the dns column the same as gateway .This issus is gone.
ethernet .JPG
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: DNS server is broken in 7.1beta4

Wed Mar 10, 2021 3:44 pm

I guess that this is related to what I wrote already: the DNS server info is obtained from an upstream connection which is not "up" at the time you make the DHCP request.
You could work around this by putting the addresses of two external DNS servers in that DHCP Network tab.
Or you could put the address of the router itself there and enable remote requests in IP->DNS, so the MikroTik DNS resolver is used.
Of course make sure you do not enable access to the DNS resolver from internet, the default firewall rules are OK for that.

Your issue is likely caused by having everything "automatic" so the router obtains the DNS server addresses from the ISP using DHCP or PPPoE, puts that info in the IP->DNS server settings (under "dynamic servers"), then copies this info to the DHCP servers as well, but by that time you have already asked for a lease.
As your lease time is set to the default 15 minutes, this corrects itself when the computer asks for the lease again.
 
arm920t
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

Re: DNS server is broken in 7.1beta4

Thu Mar 11, 2021 5:39 am

I guess that this is related to what I wrote already: the DNS server info is obtained from an upstream connection which is not "up" at the time you make the DHCP request.
You could work around this by putting the addresses of two external DNS servers in that DHCP Network tab.
Or you could put the address of the router itself there and enable remote requests in IP->DNS, so the MikroTik DNS resolver is used.
Of course make sure you do not enable access to the DNS resolver from internet, the default firewall rules are OK for that.

Your issue is likely caused by having everything "automatic" so the router obtains the DNS server addresses from the ISP using DHCP or PPPoE, puts that info in the IP->DNS server settings (under "dynamic servers"), then copies this info to the DHCP servers as well, but by that time you have already asked for a lease.
As your lease time is set to the default 15 minutes, this corrects itself when the computer asks for the lease again.
The incoming network is from another ROS (v6) router which IP address is 192.168.1.1/24
I made a test by setting the WAN port to a static IP address(192.168.1.102/24) ,defaule Gateway(192.168.1.1) and DNS server(192.168.2.1&192.168.1.1 )
I checked IP->DNS and the servers is 192.168.2.1 & 192.168.1.1
Reboot the router and the issue is still there.Just the same like before.The dns column is empty.
The odd thing is with setting WAN to static ip,I can not access to internet even by setting my computer address to static.(IP 192.168.2.222/24 Gateway:192.168.2.1 DNS: 192.168.2.1 & 114.114.114.114)
I disabled static address of WAN and reenable dhcp-clicent ,I can access to internet now.
捕获a.JPG
捕获b.JPG
setting computer to static ip address
捕获c.JPG
ping baidu is not ok.ping wan gateway is ok .ping 114.114.114.114 is not ok
捕获d.JPG
You do not have the required permissions to view the files attached to this post.
 
arm920t
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

Re: DNS server is broken in 7.1beta4

Thu Mar 11, 2021 5:46 am

this is my configure,just basic nat.

/interface ethernet set [ find default-name=ether2 ] advertise=1000M-half,1000M-full,10000M-full
mac-address=54:AB:3A:70:D6:30 name=LAN rx-flow-control=auto speed=1Gbps tx-flow-control=auto
/interface ethernet set [ find default-name=ether1 ] advertise=1000M-half,1000M-full,10000M-full
mac-address=54:AB:3A:70:D6:32 name=WAN rx-flow-control=auto tx-flow-control=auto
/interface lte apn set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip pool add name=dhcp ranges=192.168.2.2-192.168.2.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=LAN name=DHCP
/queue type set 1 pfifo-limit=100
/queue type add kind=pcq name=PCQ-up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-src-
address6-mask=64
/queue type add kind=pcq name=PCQ-down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-sr
c-address6-mask=64
/queue type add kind=pcq name=Om_down pcq-burst-time=2s pcq-classifier=dst-address pcq-dst-addres
s6-mask=64 pcq-limit=100KiB pcq-src-address6-mask=64 pcq-total-limit=6000KiB
/queue type add kind=pcq name=0m_up pcq-burst-time=2s pcq-classifier=src-address pcq-dst-address6
-mask=64 pcq-src-address6-mask=64 pcq-total-limit=6000KiB
/queue type add kind=pcq name=ack_pcq_up pcq-burst-time=2s pcq-classifier=src-address pcq-dst-add
ress6-mask=64 pcq-limit=15KiB pcq-src-address6-mask=64 pcq-total-limit=3000KiB
/queue type add kind=pcq name=ack_pcq_down pcq-burst-time=2s pcq-classifier=dst-address pcq-dst-a
ddress6-mask=64 pcq-limit=15KiB pcq-src-address6-mask=64 pcq-total-limit=3000KiB
/queue type add kind=fq-codel name=FQ_CODEL
/routing bgp template set default as=65530 disabled=no name=default output.network=bgp-networks
/routing table add fib name=""
/ip neighbor discovery-settings set discover-interface-list=all
/interface list member add
/ip address add address=192.168.2.1/24 interface=LAN network=192.168.2.0
/ip address add address=192.168.1.102/24 disabled=yes interface=WAN network=192.168.1.0
/ip cloud set update-time=no
/ip dhcp-client add disabled=no interface=WAN
/ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
/ip dhcp-server network add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24
/ip dns set allow-remote-requests=yes servers=192.168.2.1,192.168.1.1
/ip firewall nat add action=masquerade chain=srcnat out-interface=WAN
/ip firewall service-port set udplite disabled=yes
/ip firewall service-port set dccp disabled=yes
/ip firewall service-port set sctp disabled=yes
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: DNS server is broken in 7.1beta4

Thu Mar 11, 2021 10:48 am

/ip dns set allow-remote-requests=yes servers=192.168.2.1,192.168.1.1
This is wrong! You specify your own address as a DNS resolver for the router to use!
You should put only external addresses here.
/ip dhcp-server network add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24
Add some DNS servers (either 192.168.2.1 and/or some external addresses) here.

Also I do not see a route so external addresses will not be reachable. That is why you cannot reach that 114.114.114.114. server.
 
arm920t
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

Re: DNS server is broken in 7.1beta4

Fri Mar 12, 2021 12:00 pm

/ip dns set allow-remote-requests=yes servers=192.168.2.1,192.168.1.1
This is wrong! You specify your own address as a DNS resolver for the router to use!
You should put only external addresses here.
/ip dhcp-server network add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24
Add some DNS servers (either 192.168.2.1 and/or some external addresses) here.

Also I do not see a route so external addresses will not be reachable. That is why you cannot reach that 114.114.114.114. server.
Thanks for your reply.I did set the DNS server in ROS which is 192.168.2.1 the same as the LAN gateway.Use ROS to deliver the DNS request.
Picture below is the test environment.Ros v6 is the up router which works well. Ros v7 is the testing machine.Which get IP and DNS from up router.
The problem is PC got ip address from ROS v7 normaly whitch is 192.168.2.254 but the DNS column is empty.
If i configure PC to static address with LAN IP: 192.168.2.254 default gateway: 192.168.2.1 and dns: 192.168.2.1. everything works as expected.
The only thing is dhcp-clicent can not get dns information from ROS v7 DHCP-SERVER when router bootup.It takes nearly 5 minutes to wait for the imformation.
捕获.JPG
below is the configure
I did set a masquerade to WAN /ip firewall nat add action=masquerade chain=srcnat out-interface=WAN


/interface ethernet set [ find default-name=ether2 ] advertise=1000M-half,1000M-full,10000M-full mac-address=54:AB:3A:70:D6:30 name=LAN rx-flow-control=auto speed=1Gbps tx-flow-control=auto
/interface ethernet set [ find default-name=ether1 ] advertise=1000M-half,1000M-full,10000M-full mac-address=54:AB:3A:70:D6:32 name=WAN rx-flow-control=auto tx-flow-control=auto
/ip pool add name=dhcp ranges=192.168.2.2-192.168.2.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=LAN name=DHCP
/ip neighbor discovery-settings set discover-interface-list=all
/ip address add address=192.168.2.1/24 interface=LAN network=192.168.2.0
/ip dhcp-client add disabled=no interface=WAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24
/ip dns set allow-remote-requests=yes servers=192.168.2.1
/ip firewall nat add action=masquerade chain=srcnat out-interface=WAN
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 32 guests