Community discussions

MikroTik App
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

DoH memory bug.

Wed Apr 28, 2021 12:33 pm

I have done som more investigation in the DoH memory leakage on all Router OS.

In previous setup I have replaced the DNS with IP in DNS setup and some comment that the certificate was by name only.
So here are the reult of my test.

Setup 1 [cloudflare]
DoH -> https://cloudflare-dns.com/dns-query
Static DNS entry cloudflare-dns.com->104.16.249.249
Setup 2 [nextdns]
DoH -> https://dns.nextdns.io/dns-query
Static DNS entry dns.nextdns.io ->45.90.28.0
Certificate are installed for both setup.

Test 1
Setup 1 with verify certificate turned off
Memory leakage: No

Test 2
Setup 1 with verify certificate turned on
Memory leakage: Yes

Test 3
Setup 2 with verify certificate turned off
Memory leakage: No

Test 4
Setup 2 with verify certificate turned on
Memory leakage: No

Conclusion.
Memory leakage only using Cloadflare and Verify Certificate on gives memory leakage
nexdns does not give any problem, so I will use that.

Red=Test2
Green= Test 1, 3, 4
doh_mem5.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH memory bug.

Wed Apr 28, 2021 2:30 pm

Is this possibly related to the certificate type? Chances are that cloudflare uses ECC certificates and others do not. I will check when I am back to a physical keyboard.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: DoH memory bug.

Wed Apr 28, 2021 2:40 pm

Mmm...

1) ECDSA with SHA-384 - Elliptic Curve P-256 / Parent Elliptic Curve P-384 / ROOT SHA-1 with RSA Encryption 2048

2) SHA-256 with RSA Encryption / Parent SHA-256 with RSA Encryption / ROOT SHA-256 with RSA Encryption 4096

eworm :))

Try this:
/certificate settings
set crl-download=no crl-store=ram crl-use=no
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH memory bug.

Wed Apr 28, 2021 3:00 pm

Anybody has an open ticket on that topic, no? Jotne is that you? I guess this is information worth adding to the ticket.
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH memory bug.

Wed Apr 28, 2021 6:03 pm

Support ticket: SUP-47171

Reverted back to https://cloudflare-dns.com/dns-query and will test rextended suggestion.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: DoH memory bug.

Wed Apr 28, 2021 6:07 pm

Support ticket: SUP-47171

Reverted back to https://cloudflare-dns.com/dns-query and will test rextended suggestion.
Thanks
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH memory bug.

Wed Apr 28, 2021 10:10 pm

@rextended Did not help, raising again, so going back to https://dns.nextdns.io/dns-query

Please do not quote the whole post directly above you. There is a "Post Reply" button to use below the post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: DoH memory bug.

Wed Apr 28, 2021 10:20 pm

Please do not quote the whole post directly above you. There is a "Post Reply" button to use below the post.
I understand this,
viewtopic.php?f=9&t=173722#p855218

but do not blame me...

see this two examples:
viewtopic.php?f=1&t=174834#p855144
viewtopic.php?f=7&t=174706#p854502
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH memory bug.

Wed Apr 28, 2021 11:17 pm

You are free to do what you do, but I do not like and many other does not like it. :)
 
hatred
just joined
Posts: 21
Joined: Tue Sep 01, 2015 10:23 pm
Location: Belarus, Minsk

Re: DoH memory bug.

Mon May 03, 2021 12:18 pm

Thanks for the info, successfully switched to the NextDNS.
If someone needs, the script for adding NextDNS can be found here: https://my.nextdns.io/start
 
hatred
just joined
Posts: 21
Joined: Tue Sep 01, 2015 10:23 pm
Location: Belarus, Minsk

Re: DoH memory bug.

Sat May 15, 2021 7:03 pm

Unfortunately, switching to the NextDNS doesn't fix the memory leak in my case.
Don't know what is going wrong.
 
marathoneer
just joined
Posts: 14
Joined: Fri Feb 03, 2012 6:20 pm

Re: DoH memory bug.

Sat Jul 17, 2021 5:11 pm

Hello!

I'd like to confirm that hAP ac^2 6.48.3 (stable) is affected by this issue, the memory leak. Once I disable "Verify DoH Certificate" memory leak stops.

I'm grateful to topic starter, without you it would take me ages to realize what causing it without any profiler available for us.

@mikrotik - guys do you have this bug reported and fix in progress?

Best regards!
 
mitzone
newbie
Posts: 27
Joined: Mon Jan 02, 2012 1:17 pm

Re: DoH memory bug.

Sat Jun 18, 2022 10:04 pm

*Leaving this here for the next internet soul trying to search for a solution.

This bug seems to be fixed in v6.49. Personally, I have a lot of issues with 7.x version, so if you want to run v6, then this is the minimal version to install.
I'm running v6.49.6 for 2 days now and it looks good.

Cheers!

LE: spoke too soon. Using CF servers and Verify cert on a CCR1009 with 6.49.6 still causes memory leaks.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: DoH memory bug.

Wed Sep 21, 2022 9:02 am

We have been trying to reproduce this problem in our lab with the latest RouterOS v7 releases and have not managed to notice such behavior.

If anyone is still experiencing memory leak caused by DoH services with v7.5 or later, then please send a supout file from your device (generated while the problematic configuration is set on the router and leak is already noticeable) to use - https://help.mikrotik.com/servicedesk/s ... r/portal/1.
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DoH memory bug.

Wed Sep 21, 2022 4:26 pm

Did some testing now and do not see the problem any more.
Tested with same configuration (as gave problem on 6.x) on 7.2.5 and 7.5 without seeing the problem. I looks like it was solved in 7.x
 
mrksnlcln
just joined
Posts: 4
Joined: Fri Apr 15, 2022 4:58 am

Re: DoH memory bug.

Wed Jan 04, 2023 2:08 am

I am using Mikrotik Haplite and I noticed my router keeps on rebooting after I activate the "Use DoH Server". How can I fix this issue?

Log:
router was rebooted without proper shutdown
kernel failure in previous boot
out of memory condition was detected

DNS Settings:
Max UDP Packet Size: 4096
Query Server Timeout: 2.000
Query Total Timeout: 10.000
Max Concurrent Queries: 100
Max Concurrent TCP Sessions: 20
Cache Size: 8192
Cache Max TTL: 1d 00:00:00

Firmware:
7.6

Model:
RB941-2nD

Who is online

Users browsing this forum: gigabyte091, lurker888 and 63 guests