Community discussions

just joined
Topic Author
Posts: 16
Joined: Thu Sep 25, 2008 7:45 pm

Perfomance CCR1009 (DNS)

Sat Dec 12, 2015 12:33 pm

Hello all ! ))

In my network is very much affected user routers, such as "ASUS", who changed DNS server on the virus.
I have tried to reprogram infected routers, but because a lot of them is the only way for me to redirect all queries to the unknown DNS IP addresses any incidental to my DNS.
Because I do not know all the wrong virus DNS server, the only option was to use a redirect rule to DNS Mikrotik.

/ip firewall nat
chain=dstnat action=redirect to-ports=53 protocol=udp src-address-list=my_user_net dst-address-list=!my_user_net in-interface=bonding1 dst-port=53 dst-limit=20,18,src-address/20s log=no log-prefix=""

usually it works, but I ran into a very poor performance mikrotik DNS server ((


DNS request timed out.
timeout was 2 seconds.
Server: UnKnown

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:

I do not understand why such a powerful performance hardware can not handle very small traffic load.

monitor-traffic bonding1 once
name: bonding1
rx-packets-per-second: 557
rx-bits-per-second: 395.3kbps
fp-rx-packets-per-second: 584
fp-rx-bits-per-second: 405.6kbps
rx-drops-per-second: 0
rx-errors-per-second: 0
tx-packets-per-second: 287
tx-bits-per-second: 739.6kbps

6.33.3 (stable)
free-memory: 1752.3MiB total-memory: 1956.2MiB
cpu: tileg cpu-count: 9 cpu-frequency: 1200MHz
cpu-load: 3%
monitor once
cpu-used: 5%
cpu-used-per-cpu: 1%,1%,0%,41%,1%,0%,2%,2%,0%

/ip dns
allow-remote-requests: yes
max-udp-packet-size: 4096
query-server-timeout: 2s
query-total-timeout: 4s
cache-size: 655384KiB
cache-max-ttl: 2d
cache-used: 39885KiB

Please Help )))
p/s probably a rhetorical question .. can we hope to improve the performance of DNS mikrotik?
User avatar
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia

Re: Perfomance CCR1009 (DNS)

Sat Dec 12, 2015 3:34 pm

mikrotik integrated dns server is not a substitute for a real dns server

has limited capacity

sometime ago was mentioned it has a limit of transactions per second but i dont remember how many

Who is online

Users browsing this forum: No registered users and 40 guests