I had a funny issue today - A user reported that he couldn't get to a website that he knew wasn't malfunctioning.
Curious, I tried a nslookup from my machine:
The next thing I tried was using Google's DNS:
# nslookup domain.com Server: 192.168.1.1 Address: 192.168.1.1#53 ** server can't find domain.com: NXDOMAIN
Uhoh.. A problem with our ISP's DNS server? Nope - our ISP's DNS (the same DNS that is set in the Mikrotik router) returned the correct IP.
nslookup domain.com 126.96.36.199 Server: 188.8.131.52 Address: 184.108.40.206#53 Non-authoritative answer: Name: domain.com Address: 208.113.134.XXX
Next thing I tried was logging into our router, to see if there is a problem with DNS:
Ah.. DNS servers are set to our ISP's, so that is OK. But what is this 'cache-used'? Surely the router wouldn't stop serving DNS requests because the cache is fulll?
[admin@router] > /ip dns print servers: 220.127.116.11,18.104.22.168 allow-remote-requests: yes max-udp-packet-size: 4096 cache-size: 2048KiB cache-max-ttl: 1w cache-used: 2048KiB
Oh - now I can resolve the website. The Mikrotik's cache was filled and so it decided to just stop doing DNS lookups.
[admin@router] > /ip dns cache flush
1. Is this normal/expected behaviour?
2. What is the recommended DNS cache size?
RouterOS 5.12 on RB1100AH.