Community discussions

MikroTik App
 
billjellis
newbie
Topic Author
Posts: 37
Joined: Mon Dec 15, 2014 11:04 pm

google dns wierd issues

Thu Jan 07, 2016 9:49 pm

Hello,

I have been having issues at some but not all of my sites where the captive portal will fail because their default home page is at an https site mostly google.com.
Another correlation was that i get seemed to get is.

> ping google.ca
dns name exists, but no appropriate record
invalid value for argument ipv6-address
> ping http://www.google.ca
dns name exists, but no appropriate record
invalid value for argument ipv6-address
> ping http://www.google.ca
dns name exists, but no appropriate record
invalid value for argument ipv6-address
> ping google.ca
dns name exists, but no appropriate record
invalid value for argument ipv6-address

Once i remove 8.8.8.8 from the primary DNS i was able to ping properly. and i suspect my calls from (https) captive port error will work properly.

Bill
 
troffasky
Member
Member
Posts: 405
Joined: Wed Mar 26, 2014 4:37 pm

Re: google dns wierd issues

Thu Jan 07, 2016 10:40 pm

I have been having issues at some but not all of my sites where the captive portal will fail because their default home page is at an https site mostly google.com.
Not really sure what you can do about this if the client device doesn't trust you, ie you can't give them a fake certificate for their home page. Some OS/browsers will detect this and suggest you need to sign in.
Another correlation was that i get seemed to get is.

> ping google.ca
dns name exists, but no appropriate record
invalid value for argument ipv6-address
Do you have some sort of partial IPv6 connectivity at these sites [eg they have global IPs but no actual connectivity]?

Not sure I understand RouterOS handling of AAAA records. If I ping something that only has an AAAA record, I get:

invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
failure: dns name exists, but no appropriate record

If I ping something that has A and AAAA, it pings the A record, and both the A and AAAA records appear in /ip dns cache print!
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: google dns wierd issues

Thu Jan 07, 2016 11:01 pm

If I ping something that has A and AAAA, it pings the A record, and both the A and AAAA records appear in /ip dns cache print!
I think this is the DNS server giving everything it knows "just to be nice"
root ~ # dig A orange.kame.net

; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> A orange.kame.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65285
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;orange.kame.net.               IN      A

;; ANSWER SECTION:
orange.kame.net.        86283   IN      A       203.178.141.194

;; AUTHORITY SECTION:
kame.net.               172678  IN      NS      orange.kame.net.
kame.net.               172678  IN      NS      mango.itojun.org.

;; ADDITIONAL SECTION:
mango.itojun.org.       86278   IN      A       210.155.141.200
mango.itojun.org.       86278   IN      AAAA    2001:2f0:0:8800::1:1
orange.kame.net.        172678  IN      AAAA    2001:200:dff:fff1:216:3eff:feb1:44d7

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 07 15:07:43 CST 2016
;; MSG SIZE  rcvd: 176
See how the only thing I requested was an A record, but the server threw in the NS records and the AAAA records here? (I think this is because orange.kame.net is also an NS record, in this case, but often times, the hostname you are pinging to is a CNAME which will also cause servers to proactively hand you the answers to the logical next question - i.e. what are the A/AAAA records for the name the alias points to?)

I think the ping client doesn't bother to try resolving AAAA-only hostnames at all... it just sends an A record request and if the query fails, then it is done. It does know what an IPv6 address is though - so if you ping that, it will recognize it and work properly.

The same is true of the winbox ping tool. If I type a v6-only hostname into the tool, it throws an error that a valid IP address was expected, but if I type a v4-capable hostname or an IPv6 address into the field, it works correctly.


Sounds like a bug to me!
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: MCN, visata and 44 guests