Community discussions

MikroTik App
 
hendra
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 93
Joined: Wed Nov 22, 2017 2:21 am

DoH server connection error, idle time out connecting

Wed Jun 10, 2020 1:15 pm

sometimes "DoH server connection error, idle time out - connecting" after a few hour so i cant connect internet for 1-3 seconds. how to solve this thanks
You do not have the required permissions to view the files attached to this post.
 
Pea
Member Candidate
Member Candidate
Posts: 229
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: DoH server connection error, idle time out connecting

Wed Jun 10, 2020 2:28 pm

Probaly problem with your connection, but likely these short time errors you will not notice for normal use.

You can also do DoH verification:
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=””
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
 
hendra
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 93
Joined: Wed Nov 22, 2017 2:21 am

Re: DoH server connection error, idle time out connecting

Wed Jun 10, 2020 9:17 pm

how long we can use this certifcate ?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH server connection error, idle time out connecting

Wed Jun 10, 2020 9:29 pm

It expires nov/10/2031 02:00:00, that's more than 595 weeks from now.
 
hendra
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 93
Joined: Wed Nov 22, 2017 2:21 am

Re: DoH server connection error, idle time out connecting

Wed Jun 10, 2020 11:55 pm

how about this error

dns,error DoH server connection error: remote disconnected while in HTTP exchange

any solution ?
 
hendra
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 93
Joined: Wed Nov 22, 2017 2:21 am

Re: DoH server connection error, idle time out connecting

Wed Jun 10, 2020 11:57 pm

It expires nov/10/2031 02:00:00, that's more than 595 weeks from now.
thank you sir
 
benoitm974
just joined
Posts: 2
Joined: Fri Nov 13, 2020 10:38 pm

Re: DoH server connection error, idle time out connecting

Fri Nov 13, 2020 10:43 pm

After trying to setup DOH on 6.47 (stable) and testing firlware on hex, using opendns, clouflare and google dns i always experience the same behavior. (settings up proper static DNS for the doh server, then ensuring SSL root cert is added)

Setup works very well for 45 minutes to 1h30 and then no more resolution is done. I can reboot the hex and it works again, but after 45 min to 1h30 again it don't work again.

Log show server time out, while I can access it via IP adress... flushing the DNS cache doesn't help.

Benoit
 
dbarcot
just joined
Posts: 1
Joined: Sat Feb 03, 2018 11:07 pm

Re: DoH server connection error, idle time out connecting

Mon Dec 14, 2020 11:25 am

I'm experiencing same issue here and there and found post it may be due to low value of "max-concurrent-tcp-sessions". I just did rise to default 20 and will see if it helps
Last edited by dbarcot on Mon Dec 14, 2020 11:27 am, edited 1 time in total.
 
benoitm974
just joined
Posts: 2
Joined: Fri Nov 13, 2020 10:38 pm

Re: DoH server connection error, idle time out connecting

Wed Jan 06, 2021 5:06 am

Hi is there any update from Mikrotik on this stability issue with DOH ? I have the same here either using opendns cloudflare or Google DOH server, after around 1h queries timeout, restarting the router works but again 1h later same issue...
 
Note
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Fri Jun 03, 2016 12:39 pm

Re: DoH server connection error, idle time out connecting

Tue Feb 16, 2021 10:23 am

Same issue here. Not any fix yet?

DoH server connection error, idle time out connecting...........
 
homemark22
just joined
Posts: 1
Joined: Sat Nov 23, 2019 3:58 pm

Re: DoH server connection error, idle time out connecting

Sat Feb 27, 2021 5:34 pm

same here 15 line error log how it can be solve?
 
kato1
just joined
Posts: 1
Joined: Thu Mar 11, 2021 6:20 pm

Re: DoH server connection error, idle time out connecting

Thu Mar 11, 2021 6:35 pm

I've recently tried DoH feature and this error message appears from time to time depending on load.
If you enable logs for dns you can see something like that:

612 Mar/11/2021 18:18:42 memory dns, error DoH server connection error: Idle timeout - connecting
613 Mar/11/2021 18:18:42 memory dns done query: #16331 dns server failure
...
520 Mar/11/2021 18:18:37 memory dns query from 10.10.100.32: #16331 www.google.com. A

Just part of the queries fails. It stay so in any configuration: with google or cloudflare, with or w/o "Verify DoH Certificate", w/ and w/o static records for DoH servers etc.

After removing DoH server error logs disappear.
my fw is 6.48.1
 
greenchigo
just joined
Posts: 3
Joined: Sat Feb 02, 2019 6:17 pm

Re: DoH server connection error, idle time out connecting

Mon Jun 21, 2021 7:41 pm

Same issue. HEX S stable 6.48.3, or longterm 6.47.10. Reboot router resolve issue for a time about few hours, maybe less winbox stuck on "Logining...". Only reboot with power cycle can resolve.
RouterOS developers, please pay attention to this bug (stable and longterm branches). It's kind of memory leak or something.

In log a lot of:

DoH server connection error: SSL: handshake timed out (6)
DoH server connection error: resolving error

l2tp connections with ipsec stop working and can't reconnect without reboot with messages in log:
initiator can't find identity for peer:
 
RoutoRooter
just joined
Posts: 5
Joined: Tue Sep 25, 2018 5:55 pm

Re: DoH server connection error, idle time out connecting

Sun Aug 01, 2021 5:52 pm

I can confirm the bug on my HAP AC, with or without certificate verification. The bug is also present in 6.49beta54 and 7.1beta6. It doesn't appear it's being addressed.
 
RoutoRooter
just joined
Posts: 5
Joined: Tue Sep 25, 2018 5:55 pm

Re: DoH server connection error, idle time out connecting

Wed Aug 04, 2021 11:15 pm

Just filled out a bug report.
 
RoutoRooter
just joined
Posts: 5
Joined: Tue Sep 25, 2018 5:55 pm

Re: DoH server connection error, idle time out connecting

Wed Sep 01, 2021 1:45 am

Figured out the problem. The “Syn Flood” rules in the firewall are picking up DoH as a flood attack and blocking all packets from whoever your DoH provider is. Disable the “syn” firewall rules and DoH will work.
 
iamsyaqib
just joined
Posts: 1
Joined: Sun Dec 17, 2017 1:32 pm

Re: DoH server connection error, idle time out connecting

Sun Sep 12, 2021 9:26 pm

Figured out the problem. The “Syn Flood” rules in the firewall are picking up DoH as a flood attack and blocking all packets from whoever your DoH provider is. Disable the “syn” firewall rules and DoH will work.
Hey, how do you disable the syn flood rule ? Do you create a new firewall rule or just simply disable an existing one, I didn't find anything that says "Syn"...
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH server connection error, idle time out connecting

Tue Sep 28, 2021 11:16 pm

There is a general ip setting:
/ip settings set tcp-syncookies=yes|no
No idea if that is what RoutoRooter referred...
 
Cyberurmel
just joined
Posts: 14
Joined: Fri Dec 29, 2017 12:59 pm

Re: DoH server connection error, idle time out connecting

Wed Oct 27, 2021 12:36 pm

Hi,

is i have the issue too...i set this to yes and will see if this has an impact. But not really shure if this is a risk for the own system?
What do you mean?

thanks
Regards
Cyb
 
jaxed8
Member Candidate
Member Candidate
Posts: 195
Joined: Tue Jul 27, 2021 8:25 pm

Re: DoH server connection error, idle time out connecting

Wed Oct 27, 2021 3:08 pm

Figured out the problem. The “Syn Flood” rules in the firewall are picking up DoH as a flood attack and blocking all packets from whoever your DoH provider is. Disable the “syn” firewall rules and DoH will work.
In my router settings /ip settings set tcp-syncookies=no is disable but still i got the same issue.
"DoH server connection error: SSL: handshake timed out (6)"

Who is online

Users browsing this forum: Bing [Bot], itamx and 78 guests