Community discussions

MikroTik App
 
curtisi
just joined
Topic Author
Posts: 2
Joined: Mon Jan 06, 2020 5:15 am

Erroneous DNS packets down PPPoE interfaces

Thu May 06, 2021 8:24 am

We have a CCR1036-8G-2S+ running RouterOS 6.46.1. It has over 1000 PPPoE sessions running to our customers. Every one of these sessions is getting a DNS requests sent to the client routers approx every 1.5 secs. The Dst addresses are always 8.8.8.8 AND every other server configured in the router's DNS settings. Of course the client routers don't have those servers and just send the packet back. They are only 64 byte packets but over 1000 every 1.5 secs still consumes our precious WAN links.
Why is this so? How do I stop it?

Here is a packet trace
# TIME IN.. SRC-ADDRESS DST-ADDRESS IP-.. SIZE CPU FP
0 0.452 <p.. 100.127.1.3:5678 (discovery) 8.8.8.8:53 (dns) udp 64 34 no
1 0.453 <p.. 100.127.1.3:5678 (discovery) 8.8.8.8:53 (dns) udp 64 29 no
2 0.507 <p.. 100.127.1.3:5678 (discovery) 103.22.144.1:53 (dns) udp 64 34 no
3 0.508 <p.. 100.127.1.3:5678 (discovery) 103.22.144.1:53 (dns) udp 64 29 no
4 2.144 <p.. 100.127.1.3:5678 (discovery) 8.8.8.8:53 (dns) udp 64 34 no
5 2.144 <p.. 100.127.1.3:5678 (discovery) 8.8.8.8:53 (dns) udp 64 29 no
6 2.238 <p.. 100.127.1.3:5678 (discovery) 103.22.144.1:53 (dns) udp 64 34 no
7 2.239 <p.. 100.127.1.3:5678 (discovery) 103.22.144.1:53 (dns) udp 64 29 no
8 3.083 <p.. 100.64.0.10:59027 20.190.167.149:443 (https) tcp 60 29 no
9 3.891 <p.. 100.127.1.3:5678 (discovery) 8.8.8.8:53 (dns) udp 64 34 no
10 3.891 <p.. 100.127.1.3:5678 (discovery) 8.8.8.8:53 (dns) udp 64 29 no
11 4.001 <p.. 100.127.1.3:5678 (discovery) 103.22.144.1:53 (dns) udp 64 34 no
12 4.002 <p.. 100.127.1.3:5678 (discovery) 103.22.144.1:53 (dns) udp 64 29 no

In this example, 100.127.1.3, is the Local address in this clients PPP profile (an address on this NAS router). Other profiles use their own local address. At the time, only 103.22.144.1 is configured as a DNS server. If I add another one there will be another set of packets for that too. If I change the DNS timeout value (to say 4 secs), nothing changes, the frequency remains at about 1.5 secs. The DNS(s) configured on the PPP profile do not influence the problem, only the DNS for the router itself.

[admin@YL4-DC-AGG-01] /ip dns> print
servers: 103.22.144.1
dynamic-servers:
allow-remote-requests: no
max-udp-packet-size: 4096
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 100
max-concurrent-tcp-sessions: 20
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 19KiB

Here is the raw packet:
0000: 45 00 00 40 87 7d 00 00 40 11 7d 9e 64 7f 01 03 E..@.}.. @.}.d...
0010: 08 08 08 08 16 2e 00 35 00 2c 82 47 74 fb 01 00 .......5 .,.Gt...
0020: 00 01 00 00 00 00 00 00 05 63 6c 6f 75 64 08 6d ........ .cloud.m
0030: 69 6b 72 6f 74 69 6b 03 63 6f 6d 00 00 01 00 01 ikrotik. com.....

Can someone help please?
Thanks, Ian
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Erroneous DNS packets down PPPoE interfaces  [SOLVED]

Thu May 06, 2021 2:18 pm

Do you have the /interface detect-internet feature configured, if so set all of the entries to none
 
curtisi
just joined
Topic Author
Posts: 2
Joined: Mon Jan 06, 2020 5:15 am

Re: Erroneous DNS packets down PPPoE interfaces

Fri May 07, 2021 2:24 am

Thanks, good work!
was
/interface detect-internet
set detect-interface-list=all
now
set detect-interface-list=none

issue resolved

Who is online

Users browsing this forum: Bing [Bot] and 79 guests