Hello,

I had a funny issue today - A user reported that he couldn't get to a website that he knew wasn't malfunctioning.

Curious, I tried a nslookup from my machine:
The next thing I tried was using Google's DNS:
Uhoh.. A problem with our ISP's DNS server? Nope - our ISP's DNS (the same DNS that is set in the Mikrotik router) returned the correct IP.

Next thing I tried was logging into our router, to see if there is a problem with DNS:
Ah.. DNS servers are set to our ISP's, so that is OK. But what is this 'cache-used'? Surely the router wouldn't stop serving DNS requests because the cache is fulll?
Oh - now I can resolve the website. The Mikrotik's cache was filled and so it decided to just stop doing DNS lookups.

1. Is this normal/expected behaviour?
2. What is the recommended DNS cache size?

RouterOS 5.12 on RB1100AH.

Thanks
Jeremy

first of, try running 5.20

second, how many dns requests you have in minute/second?

DNS caache should clean it self as it gets used more and more. and more you fill it more stuff should have been thrown out to make sure that there is enough space for the next request.

Try to increase cache size to 10MB and see how it fills up.

first of, try running 5.20

Well this is a 'production' device so I am reluctant to upgrade it - unless this is a bug in 5.12?

second, how many dns requests you have in minute/second?

Not too many I would have thought.. about 15 users in an office, all using web apps and browsing.

DNS caache should clean it self as it gets used more and more. and more you fill it more stuff should have been thrown out to make sure that there is enough space for the next request.
Try to increase cache size to 10MB and see how it fills up.

That's what I would have thought/expected also - that it would drop the oldest entries once the cache is full. I will increase the cache size.

when you encounter something similar again, please create support output file and send it to support@mikrotik.com