Community discussions

MikroTik App
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 2342
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

DoH memory bug.

Wed Apr 28, 2021 12:33 pm

I have done som more investigation in the DoH memory leakage on all Router OS.

In previous setup I have replaced the DNS with IP in DNS setup and some comment that the certificate was by name only.
So here are the reult of my test.

Setup 1 [cloudflare]
DoH -> https://cloudflare-dns.com/dns-query
Static DNS entry cloudflare-dns.com->104.16.249.249
Setup 2 [nextdns]
DoH -> https://dns.nextdns.io/dns-query
Static DNS entry dns.nextdns.io ->45.90.28.0
Certificate are installed for both setup.

Test 1
Setup 1 with verify certificate turned off
Memory leakage: No

Test 2
Setup 1 with verify certificate turned on
Memory leakage: Yes

Test 3
Setup 2 with verify certificate turned off
Memory leakage: No

Test 4
Setup 2 with verify certificate turned on
Memory leakage: No

Conclusion.
Memory leakage only using Cloadflare and Verify Certificate on gives memory leakage
nexdns does not give any problem, so I will use that.

Red=Test2
Green= Test 1, 3, 4
doh_mem5.jpg
You do not have the required permissions to view the files attached to this post.
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 
 
User avatar
eworm
Forum Veteran
Forum Veteran
Posts: 836
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH memory bug.

Wed Apr 28, 2021 2:30 pm

Is this possibly related to the certificate type? Chances are that cloudflare uses ECC certificates and others do not. I will check when I am back to a physical keyboard.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
For contact join the RouterOS-Scripts Telegram group!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5896
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: DoH memory bug.

Wed Apr 28, 2021 2:40 pm

Mmm...

1) ECDSA with SHA-384 - Elliptic Curve P-256 / Parent Elliptic Curve P-384 / ROOT SHA-1 with RSA Encryption 2048

2) SHA-256 with RSA Encryption / Parent SHA-256 with RSA Encryption / ROOT SHA-256 with RSA Encryption 4096

eworm :))

Try this:
/certificate settings
set crl-download=no crl-store=ram crl-use=no
 
User avatar
eworm
Forum Veteran
Forum Veteran
Posts: 836
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH memory bug.

Wed Apr 28, 2021 3:00 pm

Anybody has an open ticket on that topic, no? Jotne is that you? I guess this is information worth adding to the ticket.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
For contact join the RouterOS-Scripts Telegram group!
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 2342
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH memory bug.

Wed Apr 28, 2021 6:03 pm

Support ticket: SUP-47171

Reverted back to https://cloudflare-dns.com/dns-query and will test rextended suggestion.
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5896
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: DoH memory bug.

Wed Apr 28, 2021 6:07 pm

Support ticket: SUP-47171

Reverted back to https://cloudflare-dns.com/dns-query and will test rextended suggestion.
Thanks
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 2342
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH memory bug.

Wed Apr 28, 2021 10:10 pm

@rextended Did not help, raising again, so going back to https://dns.nextdns.io/dns-query

Please do not quote the whole post directly above you. There is a "Post Reply" button to use below the post.
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5896
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: DoH memory bug.

Wed Apr 28, 2021 10:20 pm

Please do not quote the whole post directly above you. There is a "Post Reply" button to use below the post.
I understand this,
viewtopic.php?f=9&t=173722#p855218

but do not blame me...

see this two examples:
viewtopic.php?f=1&t=174834#p855144
viewtopic.php?f=7&t=174706#p854502
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 2342
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH memory bug.

Wed Apr 28, 2021 11:17 pm

You are free to do what you do, but I do not like and many other does not like it. :)
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 
 
hatred
just joined
Posts: 21
Joined: Tue Sep 01, 2015 10:23 pm
Location: Belarus, Minsk

Re: DoH memory bug.

Mon May 03, 2021 12:18 pm

Thanks for the info, successfully switched to the NextDNS.
If someone needs, the script for adding NextDNS can be found here: https://my.nextdns.io/start
 
hatred
just joined
Posts: 21
Joined: Tue Sep 01, 2015 10:23 pm
Location: Belarus, Minsk

Re: DoH memory bug.

Sat May 15, 2021 7:03 pm

Unfortunately, switching to the NextDNS doesn't fix the memory leak in my case.
Don't know what is going wrong.
 
marathoneer
just joined
Posts: 14
Joined: Fri Feb 03, 2012 6:20 pm

Re: DoH memory bug.

Sat Jul 17, 2021 5:11 pm

Hello!

I'd like to confirm that hAP ac^2 6.48.3 (stable) is affected by this issue, the memory leak. Once I disable "Verify DoH Certificate" memory leak stops.

I'm grateful to topic starter, without you it would take me ages to realize what causing it without any profiler available for us.

@mikrotik - guys do you have this bug reported and fix in progress?

Best regards!

Who is online

Users browsing this forum: Ahrefs [Bot], Google [Bot], Semrush [Bot] and 24 guests