Community discussions

 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Topic Author
Posts: 899
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

DNS utilization

Wed Nov 25, 2015 3:21 pm

Dear all,

I know it has been discussed before but I seem unable to find the information I need :-/

How does RouterOS' DNS service handle the defined servers?
I'd like to have clients use the router's DNS service.
Does RouterOS by default query only the first DNS in the list (and skip to the next when this one becomes unavailable) or does it query round-robin across all servers?

And: will a CCR1036 (16GB, w/ approx 30 FW rules, NAT for six to ten subnets, Queues for each client) be able to serve as DNS for approx 30'000 clients, all actively surfing?

Thanks,
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
User avatar
pukkita
Trainer
Trainer
Posts: 2982
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: DNS utilization

Wed Nov 25, 2015 6:48 pm

Does RouterOS by default query only the first DNS in the list (and skip to the next when this one becomes unavailable) or does it query round-robin across all servers?
I recall (not 100% sure) having read that it uses them sequentially passing on to the next only if it doesn't receive an answer.
And: will a CCR1036 (16GB, w/ approx 30 FW rules, NAT for six to ten subnets, Queues for each client) be able to serve as DNS for approx 30'000 clients, all actively surfing?
I asked recently if there was any kind of limit to the simultaneous DNS query rate ROS DNS server can handle, and was told by Mikrotik it's actually limited to 100 queries per second, so I'm afraid it won't cope with 30000 clients no matter the hardware being powerful enough for that.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS utilization

Thu Nov 26, 2015 8:36 am

In RouterOS 6.x DNS cache is limited to 100 concurrent requests.
To serve more requests you have to have very fast parent and/or you have to set up a quite large cache to ensure that DNS names are resolved as fast as possible if the answer is not in the cache.

And regarding how servers for queries are chosen that is correct - router will use 1 cache server and only if it starts to not respond will go to next entry and change only if current one is not responding.
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Topic Author
Posts: 899
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: DNS utilization

Thu Nov 26, 2015 9:31 am

Thank you, Janisk!
Very informative.
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
User avatar
pukkita
Trainer
Trainer
Posts: 2982
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: DNS utilization

Thu Nov 26, 2015 12:48 pm

In RouterOS 6.x DNS cache is limited to 100 concurrent requests.
Does that concurrent figure includes both incoming and outgoing requests?
To serve more requests you have to have very fast parent and/or you have to set up a quite large cache to ensure that DNS names are resolved as fast as possible if the answer is not in the cache.
It would be very useful if the rate stats were shown, even better in a "min max, last 24h,6h,5min average" requests per second manner.

Having a large cache will certainly speed up answering these requests, and prevent simultaneous queries to "build up", but cannot reliably predict how many concurrent DNS queries will be hitting the DNS server in a given time.

A ballpark figure by experience with other dns cache (DJB's dnscache) on medium networks (<1000 users) is about 750k per user will keep average requests per second between 50-60... say we derrate that to 500k per user (expected 80 average requests per second) to keep a safe margin to cope with spikes.

Again as we increase the cache size for bigger networks, there will be more "common" queries already stored in the cache, say a wild guess being 1Gb would be the "common" core, then calculate about 200k per user, that will mean about 1Gb+6Gb= 7Gb for 30000 users.

But... then comes DNS record's TTL, so that is just that, a wild guess. Definitely having some sort of simultaneous query rate stats will be very useful. I'd prefer devoting a CCR devoted just for DNS cache rather than a PC server 10 times out of 10!
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8305
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: DNS utilization

Sun Jul 31, 2016 10:30 pm

And regarding how servers for queries are chosen that is correct - router will use 1 cache server and only if it starts to not respond will go to next entry and change only if current one is not responding.
guys, please add this to the manual. was searching for it for about 10 minutes because it's not on http://wiki.mikrotik.com/wiki/Manual:IP/DNS
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
MTusewk
newbie
Posts: 32
Joined: Sat Nov 15, 2014 1:12 pm

Re: DNS utilization

Wed Aug 03, 2016 1:13 pm

In RouterOS 6.x DNS cache is limited to 100 concurrent requests.
To serve more requests you have to have very fast parent and/or you have to set up a quite large cache to ensure that DNS names are resolved as fast as possible if the answer is not in the cache.

And regarding how servers for queries are chosen that is correct - router will use 1 cache server and only if it starts to not respond will go to next entry and change only if current one is not responding.
Does it mean that the MikroTik DNS server will respond to only 100 concurrent DNS requests? Whether it is giving response from its internal cache or querying a upstream DNS server such as Google's 8.8.8.8?

You said the upstream server needs to be fast, I guess Google's DNS server is as fast as it gets? So let's say a client is querying a MikroTik DNS server and MikroTik in turn is querying Google's DNS server to get response to forward to client, in this case MikroTik will only respond to 100 requests concurrently? And when we say concurrently, what is unit of time measurment involved here? 100 requests per Second, Millisecond, Microsecond?

What I want to know is that is there a hard coded limit in (x86) MikroTik's DNS server to respond to only 100 requests concurrently? No matter the hardware configuration of the x86 router and the speed of the upstream DNS server being queried?
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Topic Author
Posts: 899
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: DNS utilization

Thu Aug 04, 2016 9:03 am

Well, concurrent means concurrent and has no time factor ;-)
We're now using an unbound dns on a ubuntu vm for those applications.
In those applications we distribute the unbound server directly through DHCP to the clients and additionally dst-nat all outgoing udp/53 requests (for people adding their own DNS servers) to it.
This cuts our WAN-side DNS traffic to the absolute minimum and unbound has fantastic response times.
Working like a charm.
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS utilization

Mon Aug 15, 2016 1:43 pm

as cdiedrich wrote - concurrent - has no time limit. All that means is - how many simultaneous connections you can have. If the parent server takes 50ms to respond and you have 100 requests in those 50ms, then all your queue is full, so the 101st request will not get the response. As the response is sent - the slot is emptied and a new request will get through.
 
guipoletto
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Mon Sep 19, 2011 5:31 am

Re: DNS utilization

Thu Jan 25, 2018 9:17 pm

Is this still the current behavior, as of 6.41 (jan/2018?)
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1773
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: DNS utilization

Thu Jan 25, 2018 11:15 pm

My question exactly, as it's configurable?
/ip dns
set allow-remote-requests=yes max-concurrent-queries=200 max-udp-packet-size=512
 
User avatar
pukkita
Trainer
Trainer
Posts: 2982
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: DNS utilization

Fri Feb 02, 2018 8:33 am

Is this still the current behavior, as of 6.41 (jan/2018?)
No.

That concurrent hardcoded limit was removed some versions ago, and as sebastia posted now you can set up the max concurrent queries limit at will.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
MTusewk
newbie
Posts: 32
Joined: Sat Nov 15, 2014 1:12 pm

Re: DNS utilization

Thu Feb 15, 2018 1:51 pm

Is this still the current behavior, as of 6.41 (jan/2018?)
No.

That concurrent hardcoded limit was removed some versions ago, and as sebastia posted now you can set up the max concurrent queries limit at will.

Good decision to remove the hardcoded limit of 100 queries.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1361
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: DNS utilization

Thu Feb 15, 2018 7:11 pm

What will the suggested settings be, i.e. per 25 user = ???
MTCNA, MTCTCE, MTCRE & MTCINE
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 958
Joined: Fri May 26, 2006 1:25 am

Re: DNS utilization

Thu Sep 27, 2018 5:33 am

And regarding how servers for queries are chosen that is correct - router will use 1 cache server and only if it starts to not respond will go to next entry and change only if current one is not responding.
guys, please add this to the manual. was searching for it for about 10 minutes because it's not on http://wiki.mikrotik.com/wiki/Manual:IP/DNS
I agree, this (bold) still needs to be added to the manual. I had searched forums before and could not get a straight answer on this, this thread looks like a official answer, but it still needs to officially be in the manual. (in general the manual needs more detail added). tks
:beep :beep :beep
 
User avatar
pukkita
Trainer
Trainer
Posts: 2982
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: DNS utilization

Sun Sep 30, 2018 2:49 pm

To recap in the meanwhile it gets to the Wiki:
  • Concurrent Simultaneous Requests is now settable
  • DNS Servers (RouteOS DNS Client Settings): goes through them sequentially passing on to the next only if it doesn't receive an answer (fails).
Further clarification regarding this on the wiki would be great, as from the current wiki:
When both static and dynamic servers are set, static server entries are more preferred, however it does not indicate that static server will always be used (for example, previously query was received from dynamic server, but static was added later, then dynamic entry will be preferred).
Does all this get "reset" if e.g. the cache is reset? When is the Dynamic One "forgot" and the process picks back the first Server and goes down the list sequentially only if the DNS server timeouts?

Does Enabling/Disabling DNS Server impacts Client settings/behaviour in any way??

A diagram of the decision algorithm to define active DNS server when both/only multiple static & Dynamic DNS Servers are present will be really helpful.

As important as Traffic block diagram IMHO. DNS service is key, specially client portion behaviour, as it's the typical most fast/resilient setup, to point routers statically to internal cache(s) resorting to query outside DNS servers only as the last resort, putting the Mikrotik DNS Server as close to clients as possible.
however it does not indicate that static server will always be used (for example, previously query was received from dynamic server, but static was added later, then dynamic entry will be preferred
Why? It seems more natural to behave just in the opposite way; if I'm adding a new static entry, it may very possibly be because I prefer that over any dynamic, e.g. I want to include a DC, I may want to include static entries in any requests...
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum

Who is online

Users browsing this forum: joegoldman and 47 guests