Community discussions

 
Åndrew
just joined
Topic Author
Posts: 6
Joined: Fri May 03, 2019 8:26 pm

Long DNS timeouts

Fri May 03, 2019 8:34 pm

Hi there. I've been using my Mikrotik hEX now for about a year. Yesterday I switched ISPs though and I haven't been able to get it to work right since then. It seems to take forever to do a DNS lookup. See https://www.dropbox.com/s/svzzh46bjdgk5 ... S.mp4?dl=0 for an example. Once the DNS has been cached it works fine.

In the router setup, it's using Google's DNS (8.8.8.8, 8.8.4.4) but those are greyed out and in "auto" mode and it doesn't seem like I can change them. I tried adding OpenDNS' records as well but I'm not sure if that's even the problem or not. I also switched my Mac to using OpenDNS, thinking that would bypass the router's DNS lookup but it hasn't helped.

Also, if I route through NordVPN everything works smoothly as I assume once the tunnel is open all the Mikrotik has to do is route the traffic. Right now I have the ethernet cable from the ISP's equipment going straight into my Mac and everything's fine.

I did a software reset, tried using the recommended settings, and also did a reset and tried configuring myself and haven't been able to resolve this issue. If anyone has any suggestions I'd appreciate it.

Thank you.
 
cieplik206
Trainer
Trainer
Posts: 286
Joined: Sun Jul 01, 2007 12:25 am
Contact:

Re: Long DNS timeouts

Sat May 04, 2019 1:12 pm

Is router itself resolving dns well?

Check it in ping tool or in console.

Paste
/ip dns export here
https://www.wispcasts.com - Mikrotik Video Tutorials.

The best place where you can improve your skills!

Facebook - F/wispcasts
Twitter - @wispcasts
 
Paternot
Long time Member
Long time Member
Posts: 607
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Long DNS timeouts

Sat May 04, 2019 2:44 pm

You changed ISP. So, the connection changed too. Is it pure DHCP? Is it PPPoE? Was it one thing, and the new router uses another?

Why do I ask?

Because several connections have the option "Use Peer DNS". If is checked, your router will use the DNS server of the ISP - and maybe these are slow.

Take a look at your configuration, and see if you can uncheck the option.

If it is already unchecked, there is another possibility: your ISP is intercepting your DNS queries, and changing them. Yes, some ISPs do this. One sure tell is when you no longer get the "could not resolve host name" error - the browser is directed to some generic site, with lots of advertisements.

Yes, this is imoral. Yes, it brakes completely the DNS system. But some ISPs do it.
 
Åndrew
just joined
Topic Author
Posts: 6
Joined: Fri May 03, 2019 8:26 pm

Re: Long DNS timeouts

Sat May 04, 2019 3:46 pm

Thank you both for your ideas.

[admin@MikroTik] > /ip dns export
# may/04/2019 08:17:41 by RouterOS 6.44.3
# software id = GF0B-N7VV
#
# model = RouterBOARD 750G r3
# serial number = 6F3908E9E80C
/ip dns
set servers=208.67.222.222,208.67.222.220
/ip dns static
add address=208.67.222.222 name=208.67.222.222
add address=208.67.222.220 name=208.67.222.220

Here's an example of a ping that worked, and one that didn't:

[admin@MikroTik] > ping example.com
SEQ HOST SIZE TTL TIME STATUS
0 93.184.216.34 56 48 28ms
1 93.184.216.34 56 48 24ms
2 93.184.216.34 56 48 24ms
sent=3 received=3 packet-loss=0% min-rtt=24ms avg-rtt=25ms max-rtt=28ms

[admin@MikroTik] > ping polaris.com
invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
while resolving ip-address: could not get answer from dns server

The Polaris ping took maybe 5-10 seconds to come up with that error. When I came back 30 seconds later and tried again, after a couple seconds pause it was successful:

[admin@MikroTik] > ping polaris.com
SEQ HOST SIZE TTL TIME STATUS
0 45.60.31.71 56 50 25ms
1 45.60.31.71 56 50 24ms
2 45.60.31.71 56 50 29ms
sent=3 received=3 packet-loss=0% min-rtt=24ms avg-rtt=26ms max-rtt=29ms

As per the question of the type of connection it is: the old ISP was PPPoE and the new one provides a DHCP address. I removed the PPPoE configuration.

[admin@MikroTik] /ip dhcp-server> /ip dhcp-client
[admin@MikroTik] /ip dhcp-client> print
Flags: X - disabled, I - invalid, D - dynamic
# INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS
0 ether1 yes yes bound 192.168.5.3/24

I turned off "use peer DNS" and things seem to be working now based on a short test. My computer is now telling me my DNS servers are 1.1.1.1 and 10.0.200.1 (I just pulled the OpenDNS entries out of there). Those are my ISP's DNS entries so I'm not sure how they're magically working now that I've turned "Use Peer DNS" off.

Now I'll just give it some time to see if it's actually fixed or just a blip.

Thanks again for your help.
 
cieplik206
Trainer
Trainer
Posts: 286
Joined: Sun Jul 01, 2007 12:25 am
Contact:

Re: Long DNS timeouts

Sat May 04, 2019 3:56 pm

Remove this as well, is not needed

/ip dns static
add address=208.67.222.222 name=208.67.222.222
add address=208.67.222.220 name=208.67.222.220

And your isp via DHCP was giving you dns that might be slow. By turning off use-peer-dns you told your router to not use dns provided by dhcp
https://www.wispcasts.com - Mikrotik Video Tutorials.

The best place where you can improve your skills!

Facebook - F/wispcasts
Twitter - @wispcasts
 
anav
Forum Guru
Forum Guru
Posts: 3106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Long DNS timeouts

Sat May 04, 2019 4:38 pm

Your config............
/ip dns static
add address=208.67.222.222 name=208.67.222.222
add address=208.67.222.220 name=208.67.222.220


OpenDNS addresses, 208.67.222.222 and 208.67.220.220
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
Paternot
Long time Member
Long time Member
Posts: 607
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Long DNS timeouts

Sun May 05, 2019 1:42 am

Your config............
/ip dns static
add address=208.67.222.222 name=208.67.222.222
add address=208.67.222.220 name=208.67.222.220


OpenDNS addresses, 208.67.222.222 and 208.67.220.220
Weird thing is, I did a DNS lookup and both 222 servers answered!
 
Paternot
Long time Member
Long time Member
Posts: 607
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Long DNS timeouts

Sun May 05, 2019 1:45 am

I turned off "use peer DNS" and things seem to be working now based on a short test. My computer is now telling me my DNS servers are 1.1.1.1 and 10.0.200.1 (I just pulled the OpenDNS entries out of there). Those are my ISP's DNS entries so I'm not sure how they're magically working now that I've turned "Use Peer DNS" off.

Now I'll just give it some time to see if it's actually fixed or just a blip.

Thanks again for your help.
I don't know which server 1.1.1.1 is, but 10.0.200.1 must be your intranet default gateway. Makes sense, since You disabled the "use server DNS". Now it is your router that is doing the heavy lifting.
 
Åndrew
just joined
Topic Author
Posts: 6
Joined: Fri May 03, 2019 8:26 pm

Re: Long DNS timeouts

Sun May 05, 2019 3:53 am

Here's what I have now:
[admin@MikroTik] > /ip dns export
# may/04/2019 20:50:34 by RouterOS 6.44.3
# software id = GF0B-N7VV
#
# model = RouterBOARD 750G r3
# serial number = 6F3908E9E80C
/ip dns
set servers=208.67.222.222,208.67.220.220

I removed the static DNS entries and changed the second OpenDNS IP address. When things work, they work, but maybe 10% of the time a page will time out the first time I visit it. Or just take a long time to resolve. Even speed tests, sometimes they'll do the download against a new server and repeatedly fail the upload, until it works, or sometimes it will work the first time, or sometimes won't work at all.

I don't THINK this is on my ISP's end as when I had the ethernet plugged into my computer directly things seemed to work well for several hours. But I'm not sure.

Also, I thought if I removed those two "set servers" completely from DNS it would pick up the ISP's settings, but it seemed like all it did was knock me offline so I put them back.

Thanks again for your help.
 
Paternot
Long time Member
Long time Member
Posts: 607
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Long DNS timeouts

Sun May 05, 2019 3:12 pm

It should work, with two remote DNS servers. I did test them, and they work ok for me.

But, first, lets clarify some things.

1) At the connection tab, you can make the mikrotik use the DNS server given by your ISP - or not. If you uncheck the "Use Peer DNS" option, your router will do the name resolution itself. Problem is: the clients (your desktop) will not have a DNS server to use, and won't solve anything. That is where the step 2) comes in
2) At IP/DNS, you can check the "Allow Remote Requests" box. This will turn your router in a recursive DNS cache. That is: it will do the DNS heavy lifting for the clients.

== VERY IMPORTANT ==

Before checking the "Allow Remote Requests" box, confirm that your firewall is denying DNS queries that come FROM the internet. Time and again we find someone that don't do this, and the router gets used in DDoS attacks.

That said, I still find odd your problem. Unless, of course, that the culprit is the remote DNS server, not yours. Could it be that some of the domains you access are overloaded? May it is their problem, not yours.
 
Åndrew
just joined
Topic Author
Posts: 6
Joined: Fri May 03, 2019 8:26 pm

Re: Long DNS timeouts

Mon May 06, 2019 11:50 am

I think that's finally sorted it out. I have added some firewall rules for port 53, removed my customer DNS IPs, and turned on "Allow Remote Requests" and "Use Peer DNS". It seems like everything's working the way it should. Thank you all very much; I wouldn't have figured that out on my own.

Who is online

Users browsing this forum: No registered users and 27 guests