Community discussions

MUM Europe 2020
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

DNS problem

Fri Aug 24, 2007 11:51 am

I have in Mikrotik this rule:
[admin@Mikrotik] > ip dns static print 
Flags: D - dynamic, X - disabled 
 #    NAME                 ADDRESS                                 TTL         
 0    smtp.tynec.net       81.92.155.2                             40m         
[admin@Mikrotik] >


When I was using v 2.9.x It was all ok and there was no problem sending mails.
  • C:\Documents and Settings\Jarda>ping smtp.tynec.net

    Příkaz PING na smtp.tynec.net [81.92.155.2] s délkou 32 bajtů:

    Odpověď od 81.92.155.2: bajty=32 čas=8ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=12ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=9ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=8ms TTL=60

    Statistika ping pro 81.92.155.2:
    Pakety: Odeslané = 4, Přijaté = 4, Ztracené = 0 (ztráta 0%),




After I started using V3, sometimes this problem appear!
  • C:\Documents and Settings\Jarda>ping smtp.tynec.net
    Hostitele smtp.tynec.net se pomocí příkazu Ping nepodařilo najít. Zkontrolujte název hostitele a akci opakujte.
    (TRANSLATION from CZECH into ENG):
    Host smtp.tynec.net was unable to find by ping. Please find and test if you have right host name.
But I am still able to ping IP address directly:
  • Příkaz PING na 81.92.155.2 s délkou 32 bajtů:

    Odpověď od 81.92.155.2: bajty=32 čas=9ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=6ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=6ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=8ms TTL=60


After waiting a few minutes or hour now I am able to send my mails again....
  • Příkaz PING na smtp.tynec.net [81.92.155.2] s délkou 32 bajtů:

    Odpověď od 81.92.155.2: bajty=32 čas=5ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=14ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=11ms TTL=60
    Odpověď od 81.92.155.2: bajty=32 čas=9ms TTL=60



I think there is some problems in DNS.
How can I help you to find this problem / bug?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: DNS problem

Fri Aug 24, 2007 12:53 pm

Do you have enabled 'allow-remote-request' ? Do you have redirection to router DNS cache ?
As I have DNS cache running without any problems at 3.0rc2.
Currently it looks like that there might be problems with mail server (not with the RouterOS).
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Fri Aug 24, 2007 1:07 pm

Do you have enabled 'allow-remote-request' ? Do you have redirection to router DNS cache ?
As I have DNS cache running without any problems at 3.0rc2.
Currently it looks like that there might be problems with mail server (not with the RouterOS).
[admin@Mikrotik] > ip dns print 
            primary-dns: 81.92.155.1
          secondary-dns: 81.92.155.100
  allow-remote-requests: yes
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 2048KiB
I am sure it is Mikrotik fault.
See ping test.
When outlook is unable to send mails, I am unable to ping SMTP server through Mikrotik by hostname, but I am able to ping smtp server by IP ADDRESS directly.
Whenever this fault (sending mails) has ocured and I changed my SMTP server in Outlook Express from "smtp.tynec.net" to "81.92.155.2" I am immediately able to send emails. When I change smtp back to "smtp.tynec.net" I am unable to send any mail :/
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24425
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: DNS problem

Fri Aug 24, 2007 2:22 pm

can you ping the DNS servers during the time of the problem?
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Fri Aug 24, 2007 2:27 pm

can you ping the DNS servers during the time of the problem?
YES.
 
nazemg
newbie
Posts: 47
Joined: Tue Jun 08, 2004 8:40 am
Location: Baghdad Iraq, Tripoli Lebanon
Contact:

Re: DNS problem

Mon Sep 17, 2007 1:32 am

I had a short production run with RC4 I confirm an intermittent DNS problem, I couldn't trace it back to anything. Just downgraded and all was back to normal. Awaiting news about this issue before testing v3.00 again.
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Mon Sep 17, 2007 12:39 pm

I had to downgrade back to 2.9.46 too.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Tue Sep 18, 2007 10:07 am

have not seen any problems with rc4 and DNS

you have set your ROS box as only DNS source for your clients?
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Tue Sep 18, 2007 11:17 am

have not seen any problems with rc4 and DNS

you have set your ROS box as only DNS source for your clients?

YES, my RouterOS is only one DNS server for my clients.
 
aj_rade
just joined
Posts: 9
Joined: Wed Feb 01, 2006 1:34 am
Location: Czech Republic

Re: DNS problem

Tue Sep 18, 2007 10:50 pm

have not seen any problems with rc4 and DNS

you have set your ROS box as only DNS source for your clients?

YES, my RouterOS is only one DNS server for my clients.
Hello,

I have same problem. Many sites dont work, resp. DNS not working. Direct IP works properly.
I have RC4
 
User avatar
leoktv
Trainer
Trainer
Posts: 140
Joined: Thu Dec 01, 2005 1:39 pm
Location: sweden
Contact:

Re: DNS problem

Thu Sep 20, 2007 9:43 am

I'm allso having the same problem on rc5! i think it is a problem in the dns klient of the routerOS

regards
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Thu Sep 20, 2007 5:27 pm

have not seen any problems with rc4 and DNS

you have set your ROS box as only DNS source for your clients?

YES, my RouterOS is only one DNS server for my clients.
Hello,

I have same problem. Many sites dont work, resp. DNS not working. Direct IP works properly.
I have RC4
Yes same for me. I downgraded it to RC1 and it works. Try RC1. Just don't understand why the later RC versions have so much problems with DNS server. I wouldn't even try RC5 and just wait for others to try it out. MT guys should look into this! I really wanted to send email to supports but could not manage to set remote access to my router. every time I request a static IP address, my internet stuffed up. Could someone with similar problem send a supportout to mikrotik thanks. I think they don't even believe that this problem exist :(
 
User avatar
skillful
Trainer
Trainer
Posts: 557
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:

Re: DNS problem

Thu Sep 20, 2007 6:14 pm

I resolved this problem by adding a firewall rule to allow pings

/ip firewall filter
add action=accept chain=input comment="Allow ICMP" disabled=no protocol=icmp


Place this rule above all other rules.
 
aj_rade
just joined
Posts: 9
Joined: Wed Feb 01, 2006 1:34 am
Location: Czech Republic

Re: DNS problem

Fri Sep 21, 2007 1:54 pm

Yes same for me. I downgraded it to RC1 and it works. Try RC1. Just don't understand why the later RC versions have so much problems with DNS server. I wouldn't even try RC5 and just wait for others to try it out. MT guys should look into this! I really wanted to send email to supports but could not manage to set remote access to my router. every time I request a static IP address, my internet stuffed up. Could someone with similar problem send a supportout to mikrotik thanks. I think they don't even believe that this problem exist :(
I'd like to try RC1 but Mikrotik support told me old version dont distribute :( I haven't RC1 for PPC procesor, I got rb333.
 
User avatar
skillful
Trainer
Trainer
Posts: 557
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:

Re: DNS problem

Fri Sep 21, 2007 2:41 pm

This issue you are facing is more of a firewall issue than DNS. In ROS 3.0RC5, if your have a firewall rule to drop invalid connections, some of the locally generated ICMP connections will be dropped by that rule. To allow unrestricted pings, you have to create a rule to allow ICMP from local interfaces and place this rule above the rule that drops invalid connections.
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Fri Sep 21, 2007 3:04 pm

This issue you are facing is more of a firewall issue than DNS. In ROS 3.0RC5, if your have a firewall rule to drop invalid connections, some of the locally generated ICMP connections will be dropped by that rule. To allow unrestricted pings, you have to create a rule to allow ICMP from local interfaces and place this rule above the rule that drops invalid connections.

Hm.....
But I tried to have no Firewall rules and I had still DNS problems :/

Now, I have v 2.9.46 and I have nearly no DNS problem. Sometimes I have only problems sending mails (SMTP server was not found). But it is not as bad as in V3.xx
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Fri Sep 21, 2007 5:14 pm

so you are saying that some addresses cannot be opened, are these addresses the same all the time or they change over time, we cannot reproduce anything you have written here, and if we cannot reproduce it it cannot be taken further to devs, and cannot be resolved.

if someone could set like step by step what to do (from a clean install) to reproduce the problem like

1) basic config - ip on eth1 outgoing, local clients on eth2 interface
2) local addresses distributed by dhcp and dhcp settings
3) firewall nat rules, filter rules

check the PC for settings (ip, gw, dns, time server if available) can iopen address aaa.bbb.com cannot aaa.ccc.com

we would be very grateful if you could do that.

i am behind RC5 box with static ip, that is my dns server, gateway, timeserver
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Fri Sep 21, 2007 5:46 pm

so you are saying that some addresses cannot be opened, are these addresses the same all the time or they change over time, we cannot reproduce anything you have written here, and if we cannot reproduce it it cannot be taken further to devs, and cannot be resolved.

if someone could set like step by step what to do (from a clean install) to reproduce the problem like

1) basic config - ip on eth1 outgoing, local clients on eth2 interface
2) local addresses distributed by dhcp and dhcp settings
3) firewall nat rules, filter rules

check the PC for settings (ip, gw, dns, time server if available) can iopen address aaa.bbb.com cannot aaa.ccc.com

we would be very grateful if you could do that.

i am behind RC5 box with static ip, that is my dns server, gateway, timeserver

Hi....

I have did it in post: http://forum.mikrotik.com/viewtopic.php?p=85251#p85251

My ROUTER used for this was:
1) reseted to default
2) upgraded to v 3rc1
3) I set Public IP, Private IP, DNS, Masquarade, DST-NAT, Routes, No Firewall Rules !!!!
4) I started using this configured Router and my Customers started called me, taht some pages does not open (http://www.vse.cz) ; sending mail due my ISP smtp server was very often imposible

Whenever I have changed my DNS servers on my PC or my customers PC directly to my ISP DNS, all problems disappeared and all worked fine. When I use my router as DNS server, all described problems appeared again.

I had to downgrade to 2.9.46 to be operational again :/
But sometimes I have problems to send mails. ERROR: "smtp server was not found".
I am sure that it is due to Router OS DNS problems.

My SMTP server set in outlook is "smtp.tynec.net" and on Mikrotik I have static DNS to translate smtp.tynec.net to my ISP smtp server. When I was using smtp.my_isp_smtp_server.cz I have not got any problem sending mails........ When I am using static DNS translation on RouterOS I have these problems.

Try to read again my post: http://forum.mikrotik.com/viewtopic.php?p=85251#p85251

Or I could send u my mail conversation with Mikrotik support.

I made one more thing. When I was unable to send mail I immediately made suppout.rif and when I was able to send it i made suppout.rif again.

I am going to send these two suppout.rif to Mikrotik Support.

Jarda
 
akukula
newbie
Posts: 33
Joined: Wed May 16, 2007 3:57 pm

Re: DNS problem

Sat Sep 29, 2007 4:59 pm

I confirm the problem. In a network we switched from BIND to MT 2.9.46 DNS cache. The customer phoned me after ~30mins telling that some hosts didn't resolve - randomly - sometimes the same host DID resolve, and after several seconds it DIDN'T. I checked that myself and it really behaved that way. He was in panic (the cache served ~1000 PCs) so we had to quickly switch back to BIND, that's why I haven't done proper analysis and will speculate hereinafter.

You may test whether heavy DNS traffic doesn't simply DoS the Mikrotik DNS cache. I saw trojaned PCs generating around 80-100 DNS queries per second to obtain MXes for random domains then A records for those MXes, to send spam to them. Several such trojans and you get pretty heavy load, and MT may not be able to respond to every legitimate query.

And I'll recall another relevant thread - 1000s of PCs can query so much distinct records that 10MB cache will saturate quickly. That's why we ask to increase the limit in the future.

Regards,
Andrzej
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: DNS problem

Mon Oct 08, 2007 3:33 am

After upgradeing my Rb153 from 2.9.46 to 3RC6 I am unable to resolve
web4.secureinternetbank.com
www.ntp.org

This is a repeatable issue. I have downgraded and re-upgraded to confirm issue with V3.

-Louis
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Mon Oct 08, 2007 3:31 pm

After upgradeing my Rb153 from 2.9.46 to 3RC6 I am unable to resolve
web4.secureinternetbank.com
http://www.ntp.org

This is a repeatable issue. I have downgraded and re-upgraded to confirm issue with V3.

-Louis
Did you tried changing MTU settings? Changing mtu settings did not work for me. Unfortunately, MT guys could not replicate/simulate the problem so it's just not existed :(

Ps. I have trouble loading http://dictionary.reference.com/ and http://www.titanpoker.com
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Tue Oct 09, 2007 2:22 pm

using RB532 with RC6 as dns cache, that is allowed to contact another RC6 router for dns - and i have no problems what so ever.

did:
1) system reset
2)ip/nat/ntp/dns/dhcp-server configurations
3) update to rc6
4)browse, no problems to open mentioned sites
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: DNS problem

Tue Oct 09, 2007 3:57 pm

Issue IS reproducible.

Reset router config
Added bridge1
Added Ether2-5 + wlan1 to bridge1
Setup IP 192.168.10.1/24 on bridge1

enabled wlan1, set mode to ap bridge, Band to 2.4Ghz-only-G, frequency to 2412, SSID to Home
Setup security profile w/ WPA PSK + WPA2 PSK with tkip
Setup DHCP Client on ether1 - add Default Router, Use Peer DNS, and Use Peer NTP all checked

Went through DHCP Setup for bridge1 all default except for DNS. Changed that to 192.168.10.1
Setup password for admin account
checked Allow Remote Requests in DNS
Added NAT Masquerade rule

Unit is a RB153 w/ V3RC6
These test results show that when asking the Mikrotik to resolve http://www.ntp.org and http://www.titanpoker.com it failed. Howerver if I ask the parent DNS that mikrotik has configured, it does answer all my requests.


---------------------Window Config ----------------------------

Windows IP Configuration

Host Name . . . . . . . . . . . . : hawk
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : [CommView] Atheros Wireless Network Adapter
Physical Address. . . . . . . . . : 00-0C-42-0C-7A-6E
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.10.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DHCP Server . . . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.1
Lease Obtained. . . . . . . . . . : Tuesday, October 09, 2007 8:25:59 AM
Lease Expires . . . . . . . . . . : Friday, October 12, 2007 8:25:59 AM

-------------------- Test ---------------------

C:\Documents and Settings\User>nslookup
*** Can't find server name for address 192.168.10.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.10.1

> www.google.com
Server: UnKnown
Address: 192.168.10.1

Non-authoritative answer:
Name: www.l.google.com
Addresses: 64.233.169.99, 64.233.169.103, 64.233.169.104, 64.233.169.147
Aliases: www.google.com

> yahoo.com
Server: UnKnown
Address: 192.168.10.1

Non-authoritative answer:
Name: yahoo.com
Addresses: 66.94.234.13, 216.109.112.135

> www.titanpoker.com
Server: UnKnown
Address: 192.168.10.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
> web4.secureinternetbank.com
Server: UnKnown
Address: 192.168.10.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
> server 24.25.5.150
Default Server: dns-cac-lb-01.southeast.rr.com
Address: 24.25.5.150

> www.google.com
Server: dns-cac-lb-01.southeast.rr.com
Address: 24.25.5.150

Non-authoritative answer:
Name: www.l.google.com
Addresses: 64.233.169.147, 64.233.169.99, 64.233.169.103, 64.233.169.104
Aliases: www.google.com

> www.yahoo.com
Server: dns-cac-lb-01.southeast.rr.com
Address: 24.25.5.150

Non-authoritative answer:
Name: www.yahoo-ht3.akadns.net
Address: 69.147.114.210
Aliases: www.yahoo.com

> www.titanpoker.com
Server: dns-cac-lb-01.southeast.rr.com
Address: 24.25.5.150

Non-authoritative answer:
Name: www.titanpoker.com
Addresses: 64.69.80.88, 216.187.118.248, 69.90.3.120, 65.39.155.232

> web4.secureinternetbank.com
Server: dns-cac-lb-01.southeast.rr.com
Address: 24.25.5.150

Non-authoritative answer:
Name: web4.secureinternetbank.com
Address: 12.145.177.201

>
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Tue Oct 09, 2007 9:17 pm

MIKROTIK has random DNS problems.....

That is the conclusion.
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: DNS problem

Wed Oct 10, 2007 3:32 am

I did some 'dig'ging around and found that the sites we are having problems resolving have AAAA DNS server records.

Example. ntp.org

;; QUESTION SECTION:
;ntp.org. IN A

;; ANSWER SECTION:
ntp.org. 603005 IN A 204.152.184.138
ntp.org. 603005 IN A 128.4.35.16

;; AUTHORITY SECTION:
ntp.org. 603005 IN NS maccarony.ntp.org.
ntp.org. 603005 IN NS ns1.ntp.org.
ntp.org. 603005 IN NS ns2.ntp.org.
ntp.org. 603005 IN NS huey.ntp.org.
ntp.org. 603005 IN NS louie.ntp.org.

;; ADDITIONAL SECTION:
ns1.ntp.org. 84580 IN A 204.152.184.126
ns1.ntp.org. 603005 IN AAAA 2001:4f8:0:2::22
ns2.ntp.org. 84580 IN A 204.152.184.138
ns2.ntp.org. 603005 IN AAAA 2001:4f8:0:2::23
huey.ntp.org. 84580 IN A 128.4.40.10
louie.ntp.org. 170980 IN A 128.4.40.12
maccarony.ntp.org. 84580 IN A 128.4.35.16



example: secureinternetbank.com

;; QUESTION SECTION:
;ultradns.net. IN A

;; ANSWER SECTION:
ultradns.net. 300 IN A 204.74.99.100

;; AUTHORITY SECTION:
ultradns.net. 84500 IN NS pdns3.ultradns.org.
ultradns.net. 84500 IN NS pdns4.ultradns.org.
ultradns.net. 84500 IN NS pdns5.ultradns.info.
ultradns.net. 84500 IN NS pdns6.ultradns.co.uk.
ultradns.net. 84500 IN NS pdns1.ultradns.net.
ultradns.net. 84500 IN NS pdns2.ultradns.net.

;; ADDITIONAL SECTION:
pdns1.ultradns.net. 157309 IN A 204.74.108.1
pdns1.ultradns.net. 84500 IN AAAA 2001:502:f3ff::1
pdns2.ultradns.net. 157309 IN A 204.74.109.1
pdns3.ultradns.org. 70909 IN A 199.7.68.1
pdns4.ultradns.org. 70909 IN A 199.7.69.1
pdns5.ultradns.info. 70909 IN A 204.74.114.1
pdns6.ultradns.co.uk. 157309 IN A 204.74.115.1


Could we please get the Mikrotik technical staff to take this issue serious.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24425
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: DNS problem

Wed Oct 10, 2007 10:28 am

we tried the same config and same sites. it took a little longer for the AAAA site to resolve, but everything worked.
No answer to your question? How to write posts
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Wed Oct 10, 2007 10:39 am

it is 3.0rc6 in RB532
[admin@origin] /ip dns cache> print
Flags: S - static
 #   NAME                  ADDRESS                                 TTL
 0   forum.mikrotik.com    159.148.147.198                         23h55m52s
 1   www.ntp.org           204.152.184.138                         6d23h57m11s
 2   www.ntp.org           128.4.35.16                             6d23h57m11s
 3   www.titanpoker.com    64.69.80.88                             7m43s
 4   www.titanpoker.com    216.187.118.248                         7m43s
 5   www.titanpoker.com    69.90.3.120                             7m43s
 6   www.titanpoker.com    65.39.155.232                           7m43s
 7   p.mii.instacontent... 81.22.33.114                            7m45s
 8   banner.titanpoker.com 216.187.97.26                           7m58s
 9   banner.titanpoker.com 66.199.155.194                          7m58s
what i am doing wrong

i tried every possible configuration and it just works. the configuration is as simple as possible
ip address
nat masquerade rule
bridge for client interfaces (ether2 and wlan1 bridged)
dns parent is another RouterOS device with 3.0rc6 cahcing allowed

i am using linux and firefox

EDIT:

maybe there is a posibility for MT support to create pptp tunnel to your problematic router and try out your dns? with 1500 byte packages using MRRU
 
User avatar
jorj
Member
Member
Posts: 398
Joined: Mon Mar 12, 2007 4:34 pm
Location: /dev/null

Re: DNS problem

Wed Oct 10, 2007 11:37 am

Do you have enabled 'allow-remote-request' ? Do you have redirection to router DNS cache ?
As I have DNS cache running without any problems at 3.0rc2.
Currently it looks like that there might be problems with mail server (not with the RouterOS).
[admin@Mikrotik] > ip dns print 
            primary-dns: 81.92.155.1
          secondary-dns: 81.92.155.100
  allow-remote-requests: yes
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 2048KiB
.........................
In case you did not solve that:
Increase your cache size. It is full. ( cache-size = cache-used ! )
If you receive requests that have to be forwarded, than you have to wait till the answer comes back. Otherwise, try several times. It should work. But if you have a lot of dns requests, your chache will fill rapidly and your dns performance by caching will be worse than redirecting by each client.
 
akukula
newbie
Posts: 33
Joined: Wed May 16, 2007 3:57 pm

Re: DNS problem

Wed Oct 10, 2007 12:34 pm

Increase your cache size. It is full. ( cache-size = cache-used ! )
That may be the cause - cache aging/purging algo not working well.

Regards,
Andrzej
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Wed Oct 10, 2007 1:52 pm

Increase your cache size. It is full. ( cache-size = cache-used ! )
That may be the cause - cache aging/purging algo not working well.

Regards,
Andrzej
In my case - flushed cache. Still doesn't help - changed MTU setings. Many sites still not loading. The only way for me was to downgrade to V2.9 or RC1 because RC2--> RC6 are problematic. So weird! I wish that MT guys could simulate the problem. I have tried various things including resetting router's config and build again from scratch and also change from DHCP client to PPPoE client for IP config on MT router back and fourth. Nothing works for RC2 and up. Anyone who could find a fix/work round for this would be my hero :)

PS. It appears that there are some common sites that not loading for many people. Lets make a list of them so that we could all check them out. Sites not loading that I just checked in cluding:
http://www.dictionary.com/
http://dictionary.reference.com/
http://www.ntp.org
http://www.titanpoker.com
https://www.ap.visaonline.com
Last edited by kvan64 on Wed Oct 10, 2007 2:13 pm, edited 2 times in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24425
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: DNS problem

Wed Oct 10, 2007 2:10 pm

see janisk post
No answer to your question? How to write posts
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Wed Oct 10, 2007 2:20 pm

EDIT:

maybe there is a posibility for MT support to create pptp tunnel to your problematic router and try out your dns? with 1500 byte packages using MRRU
I would volunteer. Just managed to get a working static IP. Just show me what I need to do to get my problem router checked.

Regards
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Wed Oct 10, 2007 2:30 pm

contact support (support@mikrotik.com) with details of tunnel (ip address to connect to, username, password, any other settings) and time when we can do almost anything to this router, and, of course, login and password to this router so, in case we need to change some settings there.
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Wed Oct 10, 2007 3:02 pm

janisk, I have just sent the email with all requested info. Hope that you or other MT staff could help check it out.
Regards,
DK
 
pekr
Member Candidate
Member Candidate
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Re: DNS problem

Wed Oct 10, 2007 8:54 pm

Sorry guys, that I am posting non OS 3.0 report, but maybe the internal code is similar. I will shortly describe my troubles:

- some random unavailable domains
- Windows Vista, XP Professional, connected to RB133, version 2.9.38
- all our inner nodes are chained to the main router x86PC, latest 2.9.46 to resolve DNS entries
- I take domain that does not work - go to cmd.exe, type ping http://www.nonworkingdomain.cz
- No luck, address is not resolved
- I go to closest RB (2.9.38), no firewall rules there, I check the cache, requested domain is not there. I flush the case, try pinging once again (on PC), still no luck
- I try to ping from RB - it resolves the address and pings
- I go back to PC and retry ping once again. It starts to work!
- I go to browser, type http://www.nonworkingdomain.cz, and it loads.

Strange thing, that it did not resolve. I will try to investigate the situation further, set-up some FW rules, once I reach another domain which does not work, but maybe I just should upgrade to latest version :-)

Petr
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: DNS problem

Thu Oct 11, 2007 5:32 am

After some research, here is what I have found so far.

Mikrotik can not handle DNS responses from servers that pass along AAAA records. I used the packet sniffer tool to help show this.


Packet number 22 is a query to my local road runner dns server. It responds (packet 24) as normal but the mikrotik can not seem to parse the answer properly and return a timed out to the desktop.

When the mikrotik tries the secondary DNS (packet 92) which I have set as my companies DNS server running older software. The response (packet 93) does not have as much information... but the mikrotik is able to handle it and pass along the answer to the desktop.

I hope this is enough information to pass along to the techs and get this resolved. If you need anything more please let me know.

--------- Packets ------------

No. Time Source Destination Protocol Info
22 5.245727 24.88.114.79 24.25.5.150 DNS Standard query A www.titanpoker.com

Frame 22 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: Routerbo_0b:44:3e (00:0c:42:0b:44:3e), Dst: Cisco_dc:a0:01 (00:14:f1:dc:a0:01)
Internet Protocol, Src: 24.88.114.79 (24.88.114.79), Dst: 24.25.5.150 (24.25.5.150)
User Datagram Protocol, Src Port: 32811 (32811), Dst Port: domain (53)
Domain Name System (query)
[Response In: 24]
Transaction ID: 0xf3f0
Flags: 0x0100 (Standard query)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries

No. Time Source Destination Protocol Info
24 5.284933 24.25.5.150 24.88.114.79 DNS Standard query response A 216.187.118.248 A 69.90.3.120 A 65.39.155.232 A 64.69.80.88

Frame 24 (465 bytes on wire, 465 bytes captured)
Ethernet II, Src: Cisco_dc:a0:01 (00:14:f1:dc:a0:01), Dst: Routerbo_0b:44:3e (00:0c:42:0b:44:3e)
Internet Protocol, Src: 24.25.5.150 (24.25.5.150), Dst: 24.88.114.79 (24.88.114.79)
User Datagram Protocol, Src Port: domain (53), Dst Port: 32811 (32811)
Domain Name System (response)
[Request In: 22]
[Time: 0.039206000 seconds]
Transaction ID: 0xf3f0
Flags: 0x8180 (Standard query response, No error)
Questions: 1
Answer RRs: 4
Authority RRs: 6
Additional RRs: 8
Queries
Answers
www.titanpoker.com: type A, class IN, addr 216.187.118.248
www.titanpoker.com: type A, class IN, addr 69.90.3.120
www.titanpoker.com: type A, class IN, addr 65.39.155.232
www.titanpoker.com: type A, class IN, addr 64.69.80.88
Authoritative nameservers
titanpoker.com: type NS, class IN, ns pdns5.ultradns.info
titanpoker.com: type NS, class IN, ns pdns1.ultradns.net
titanpoker.com: type NS, class IN, ns pdns2.ultradns.net
titanpoker.com: type NS, class IN, ns pdns6.ultradns.co.uk
titanpoker.com: type NS, class IN, ns pdns4.ultradns.org
titanpoker.com: type NS, class IN, ns pdns3.ultradns.org
Additional records
pdns6.ultradns.co.uk: type A, class IN, addr 204.74.115.1
pdns5.ultradns.info: type A, class IN, addr 204.74.114.1
pdns4.ultradns.org: type A, class IN, addr 199.7.69.1
pdns4.ultradns.org: type AAAA, class IN, addr 2001:502:4612::1
pdns3.ultradns.org: type A, class IN, addr 199.7.68.1
pdns2.ultradns.net: type A, class IN, addr 204.74.109.1
pdns1.ultradns.net: type A, class IN, addr 204.74.108.1
pdns1.ultradns.net: type AAAA, class IN, addr 2001:502:f3ff::1

No. Time Source Destination Protocol Info
92 7.244168 24.88.114.79 207.144.AAA.BBB DNS Standard query A www.titanpoker.com

Frame 92 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: Routerbo_0b:44:3e (00:0c:42:0b:44:3e), Dst: Cisco_dc:a0:01 (00:14:f1:dc:a0:01)
Internet Protocol, Src: 24.88.114.79 (24.88.114.79), Dst: 207.144.AAA.BBB (207.144.AAA.BBB)
User Datagram Protocol, Src Port: 32811 (32811), Dst Port: domain (53)
Domain Name System (query)
[Response In: 93]
Transaction ID: 0xc3f7
Flags: 0x0100 (Standard query)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries

No. Time Source Destination Protocol Info
93 7.282901 207.144.AAA.BBB 24.88.114.79 DNS Standard query response A 69.90.3.120 A 65.39.155.232 A 64.69.80.88 A 216.187.118.248

Frame 93 (142 bytes on wire, 142 bytes captured)
Ethernet II, Src: Cisco_dc:a0:01 (00:14:f1:dc:a0:01), Dst: Routerbo_0b:44:3e (00:0c:42:0b:44:3e)
Internet Protocol, Src: 207.144.AAA.BBB (207.144.AAA.BBB), Dst: 24.88.114.79 (24.88.114.79)
User Datagram Protocol, Src Port: domain (53), Dst Port: 32811 (32811)
Domain Name System (response)
[Request In: 92]
[Time: 0.038733000 seconds]
Transaction ID: 0xc3f7
Flags: 0x8180 (Standard query response, No error)
Questions: 1
Answer RRs: 4
Authority RRs: 0
Additional RRs: 0
Queries
Answers
www.titanpoker.com: type A, class IN, addr 69.90.3.120
www.titanpoker.com: type A, class IN, addr 65.39.155.232
www.titanpoker.com: type A, class IN, addr 64.69.80.88
www.titanpoker.com: type A, class IN, addr 216.187.118.248
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24425
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: DNS problem

Thu Oct 11, 2007 12:22 pm

look above, we tried the same setup with the same AAAA adresses and it worked. send your router access info to support and we will see if we can repeat it.
No answer to your question? How to write posts
 
simplybits
just joined
Posts: 6
Joined: Sun Feb 06, 2005 10:00 am

Re: DNS problem

Sun Oct 14, 2007 1:28 am

We have also been experiencing similar problems on the 3.0rc6 99% of the dns queries resolve just fine, but there are a few sites that will not resolve such as photobucket.com.
The DNS records on this site are quite long, could it be some kind of internal overflow?? Please see below...

C:\Users\mikeb>ping photobucket.com
Ping request could not find host photobucket.com. Please check the name and try again.

C:\Users\mikeb>nslookup
Default Server: UnKnown
Address: 192.168.250.1:53 <= 3.0rc6 running on RB532

> google.com
Server: UnKnown
Address: 192.168.250.1:53

Non-authoritative answer:
Name: google.com <= Test with google.com first
Addresses: 64.233.187.99, 72.14.207.99, 64.233.167.99 <=works fine

> photobucket.com
Server: UnKnown
Address: 192.168.250.1:53

DNS request timed out. <=Not so good!
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
> server 192.168.11.1 => Ok, try a different 'tik 2.9.46
Default Server: [192.168.11.1]
Address: 192.168.11.1
> google.com
Server: [192.168.11.1] => Baseline with Google..OK
Address: 192.168.11.1:53

Non-authoritative answer:
Name: google.com
Addresses: 64.233.167.99, 64.233.187.99, 72.14.207.99

> photobucket.com =>try this again
Server: [192.168.11.1]
Address: 192.168.11.1:53

Non-authoritative answer:
Name: photobucket.com
Addresses: 209.17.66.11, 209.17.70.11, 66.11.50.5, 66.11.54.5 => and it works through 2.9.46

> exit

C:\Users\mikeb>

Both local tiks are conneceted to the same upstream DNS Server, but clearly are responding differently, Is anyone able to resolve photobucket.com through 3.0rc6?C:\Users\mikeb>nslookup
Default Server: UnKnown
Address: 192.168.250.1:53


Here is a NSLookup pointed to of one of our Linux DNS Servers....
> server 64.119.32.100
Default Server: ns1.simplybits.net
Address: 64.119.32.100

> set type=all
> photobucket.com
Server: ns1.simplybits.net
Address: 64.119.32.100

Non-authoritative answer:
photobucket.com internet address = 66.11.54.5
photobucket.com internet address = 209.17.66.11
photobucket.com internet address = 209.17.70.11
photobucket.com internet address = 66.11.50.5
photobucket.com nameserver = pdns5.ultradns.info
photobucket.com nameserver = pdns6.ultradns.co.uk
photobucket.com nameserver = pdns1.ultradns.net
photobucket.com nameserver = pdns2.ultradns.net
photobucket.com nameserver = pdns3.ultradns.org
photobucket.com nameserver = pdns4.ultradns.org

photobucket.com nameserver = pdns3.ultradns.org
photobucket.com nameserver = pdns4.ultradns.org
photobucket.com nameserver = pdns5.ultradns.info
photobucket.com nameserver = pdns6.ultradns.co.uk
photobucket.com nameserver = pdns1.ultradns.net
photobucket.com nameserver = pdns2.ultradns.net
pdns1.ultradns.net internet address = 204.74.
pdns1.ultradns.net AAAA IPv6 address = 2001:5
pdns2.ultradns.net internet address = 204.74.
pdns3.ultradns.org internet address = 199.7.6
pdns4.ultradns.org internet address = 199.7.6
pdns4.ultradns.org AAAA IPv6 address = 2001:5
pdns5.ultradns.info internet address = 204.74.
pdns6.ultradns.co.uk internet address = 204.74.
> set d2
> photobucket.com
Server: ns1.simplybits.net
Address: 64.119.32.100:53

------------
SendRequest(), len 33
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority re

QUESTIONS:
photobucket.com, type = ANY, class = IN

------------
------------
Got answer (504 bytes):
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: response, want recursion, r
questions = 1, answers = 10, authority r

QUESTIONS:
photobucket.com, type = ANY, class = IN
ANSWERS:
-> photobucket.com
type = A, class = IN, dlen = 4
internet address = 209.17.66.11
ttl = 9509 (2 hours 38 mins 29 secs)
-> photobucket.com
type = A, class = IN, dlen = 4
internet address = 209.17.70.11
ttl = 9509 (2 hours 38 mins 29 secs)
-> photobucket.com
type = A, class = IN, dlen = 4
internet address = 66.11.50.5
ttl = 9509 (2 hours 38 mins 29 secs)
-> photobucket.com
type = A, class = IN, dlen = 4
internet address = 66.11.54.5
ttl = 9509 (2 hours 38 mins 29 secs)
-> photobucket.com
type = NS, class = IN, dlen = 20
nameserver = pdns3.ultradns.org
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 8
nameserver = pdns4.ultradns.org
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 21
nameserver = pdns5.ultradns.info
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 22
nameserver = pdns6.ultradns.co.uk
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 20
nameserver = pdns1.ultradns.net
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 8
nameserver = pdns2.ultradns.net
ttl = 56897 (15 hours 48 mins 17 secs)
AUTHORITY RECORDS:
-> photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns4.ultradns.org
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns5.ultradns.info
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns6.ultradns.co.uk
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns1.ultradns.net
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns2.ultradns.net
ttl = 56897 (15 hours 48 mins 17 secs)
-> photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns3.ultradns.org
ttl = 56897 (15 hours 48 mins 17 secs)
ADDITIONAL RECORDS:
-> pdns1.ultradns.net
type = A, class = IN, dlen = 4
internet address = 204.74.108.1
ttl = 63655 (17 hours 40 mins 55 secs)
-> pdns1.ultradns.net
type = AAAA, class = IN, dlen = 16
AAAA IPv6 address = 2001:502:f3ff::1
ttl = 34502 (9 hours 35 mins 2 secs)
-> pdns2.ultradns.net
type = A, class = IN, dlen = 4
internet address = 204.74.109.1
ttl = 32520 (9 hours 2 mins)
-> pdns3.ultradns.org
type = A, class = IN, dlen = 4
internet address = 199.7.68.1
ttl = 32597 (9 hours 3 mins 17 secs)
-> pdns4.ultradns.org
type = A, class = IN, dlen = 4
internet address = 199.7.69.1
ttl = 32597 (9 hours 3 mins 17 secs)
-> pdns4.ultradns.org
type = AAAA, class = IN, dlen = 16
AAAA IPv6 address = 2001:502:4612::1
ttl = 32597 (9 hours 3 mins 17 secs)
-> pdns5.ultradns.info
type = A, class = IN, dlen = 4
internet address = 204.74.114.1
ttl = 34582 (9 hours 36 mins 22 secs)
-> pdns6.ultradns.co.uk
type = A, class = IN, dlen = 4
internet address = 204.74.115.1
ttl = 32597 (9 hours 3 mins 17 secs)

------------
Non-authoritative answer:
photobucket.com
type = A, class = IN, dlen = 4
internet address = 209.17.66.11
ttl = 9509 (2 hours 38 mins 29 secs)
photobucket.com
type = A, class = IN, dlen = 4
internet address = 209.17.70.11
ttl = 9509 (2 hours 38 mins 29 secs)
photobucket.com
type = A, class = IN, dlen = 4
internet address = 66.11.50.5
ttl = 9509 (2 hours 38 mins 29 secs)
photobucket.com
type = A, class = IN, dlen = 4
internet address = 66.11.54.5
ttl = 9509 (2 hours 38 mins 29 secs)
photobucket.com
type = NS, class = IN, dlen = 20
nameserver = pdns3.ultradns.org
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 8
nameserver = pdns4.ultradns.org
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 21
nameserver = pdns5.ultradns.info
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 22
nameserver = pdns6.ultradns.co.uk
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 20
nameserver = pdns1.ultradns.net
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 8
nameserver = pdns2.ultradns.net
ttl = 56897 (15 hours 48 mins 17 secs)

photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns4.ultradns.org
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns5.ultradns.info
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns6.ultradns.co.uk
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns1.ultradns.net
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns2.ultradns.net
ttl = 56897 (15 hours 48 mins 17 secs)
photobucket.com
type = NS, class = IN, dlen = 2
nameserver = pdns3.ultradns.org
ttl = 56897 (15 hours 48 mins 17 secs)
pdns1.ultradns.net
type = A, class = IN, dlen = 4
internet address = 204.74.108.1
ttl = 63655 (17 hours 40 mins 55 secs)
pdns1.ultradns.net
type = AAAA, class = IN, dlen = 16
AAAA IPv6 address = 2001:502:f3ff::1
ttl = 34502 (9 hours 35 mins 2 secs)
pdns2.ultradns.net
type = A, class = IN, dlen = 4
internet address = 204.74.109.1
ttl = 32520 (9 hours 2 mins)
pdns3.ultradns.org
type = A, class = IN, dlen = 4
internet address = 199.7.68.1
ttl = 32597 (9 hours 3 mins 17 secs)
pdns4.ultradns.org
type = A, class = IN, dlen = 4
internet address = 199.7.69.1
ttl = 32597 (9 hours 3 mins 17 secs)
pdns4.ultradns.org
type = AAAA, class = IN, dlen = 16
AAAA IPv6 address = 2001:502:4612::1
ttl = 32597 (9 hours 3 mins 17 secs)
pdns5.ultradns.info
type = A, class = IN, dlen = 4
internet address = 204.74.114.1
ttl = 34582 (9 hours 36 mins 22 secs)
pdns6.ultradns.co.uk
type = A, class = IN, dlen = 4
internet address = 204.74.115.1
ttl = 32597 (9 hours 3 mins 17 secs)
>


Any Ideas?????
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Mon Oct 15, 2007 2:11 pm

what is timeout time for resolve requests on windows?

i have noticed that resolving such address takes a lot of time (some times even up to 15 seconds as example - ntp.org if dns cache contacts another ROS device that is RC6 and is DNS cache)

can you time, after what time you see this message?
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: DNS problem

Mon Oct 15, 2007 3:31 pm

*Bangs head against wall* I never thought it would be this difficult to report and get a bug fixed from Mikrotik. Especially when little old me can track it down and even provide packet dumps.

Janisk / Normis: If you would look at the packets dumps I provided. You will see that the Mikrotik recieves the answer but does not pass it along. You say you have tested this and are not able to reproduce. You need to be using a upstream DNS server that provides the "Authoritative nameservers", "Additional records" and supports IPV6 and passes those to the Mikrotik box.

Simplybits: As a temporary fix you can change your Secondary DNS server to another DNS machine that does not pass along the "Authoritative nameserver" and "Additional records" sections.

-Louis
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24425
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: DNS problem

Mon Oct 15, 2007 3:53 pm

It's very easy actually. Write to support [at] mikrotik [dot] com, not in a user discussion forum.
No answer to your question? How to write posts
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Mon Oct 15, 2007 4:55 pm

ok, here is the setup i used to test it

so my PC is Linux Ubuntu box, nothing fancy, that is connected to a RB532 with RouterOS rc6 installed, it serves ip address through DHCP and NTP server for my ntp client and is DNS server for me, this has set up dns server a major gateway that is another RouterOS machine that is DNS cache, no other DNS entries are used.

try with or without hotspot, anything changes?
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Mon Oct 15, 2007 5:03 pm

Hi Janisk,
I have repplied to your email. Have you tried again to log into my router to test/check the settings?
DK
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Wed Oct 17, 2007 11:05 am

Thanks Janisk for the repply through email.
And for everyone else. According to Janisk, the DNS problem will be fixed in the next release. Woooohoooo!
Hello,
problem will be solved in RouterOS 3.0rc7. So you will have to wait for that
release.

Regards,
Janis K.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Wed Oct 17, 2007 11:37 am

But still i want you to report back if that was the issue i have found. Because i only could recreate something like that using Hotspost + DNS cahce. alone i could not spot the problem.

as i wrote before - maybe linux is handling these requests in a different way. And we here at MT use hotspot and rc6 version and have no problems with DNS resolving.
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Wed Oct 17, 2007 10:36 pm

Thanks Janisk for the repply through email.
And for everyone else. According to Janisk, the DNS problem will be fixed in the next release. Woooohoooo!
What was the problem ???

I hope the DNS problem will dissapear ;-)
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Sat Oct 20, 2007 1:36 am

Don't know what to say. Installed RC7....No Luck for me. http://www.dictionary.com and http://www.titanpoker.com still not loading. Anyone?
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Sat Oct 20, 2007 1:49 am

Don't know what to say. Installed RC7....No Luck for me. http://www.dictionary.com and http://www.titanpoker.com still not loading. Anyone?

Lol....

Did you read changelog?
I havent seen "DNS leak problem solved!" there................
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Sat Oct 20, 2007 2:43 am

Doh, stupid me! I just thought that It would be there as I was told :(
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: DNS problem

Mon Oct 22, 2007 9:46 am

as i wrote before - i was never ever able to get my DNS unresolved - just that took very very long time - but the only problem that i was able to get where resolve time reduced.

I spoke with devs and they too seemed to be confused about the problem - because everything resolves correctly no matter what configuration you have (with or without hotspot, dynamic configuration or static) we always got responses from the sites like http://www.dictionary.com http://www.titanpoker.com and http://www.ntp.org

is DNS server that is your main server available for use from other destinations? maybe there is some problem? our main dns server resolves those dns names without any problems, same as dns cache gets all the responses and caches everything as it should.

anyone that can provide us with ssh or winbox accessibility to your router and grant us privileged account and pptp tunnel please contact support support@mikrotik.com (we are GMT+2) so we can conduct tests and see by ourselves.

if it is a bug eventually we should catch it and fix.
 
kvan64
Member Candidate
Member Candidate
Posts: 186
Joined: Tue Apr 10, 2007 1:54 pm
Location: Brisbane Australia
Contact:

Re: DNS problem

Sat Oct 27, 2007 3:19 pm

I don't know if it works for the rest of you guys but DNS problem has been solved for me with RC9. Yahoooooo!!!!
I don't know what you did but thanks Janis for your efforts!
 
LaSolitaire
newbie
Topic Author
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: DNS problem

Sat Oct 27, 2007 7:40 pm

And now, Mikrotik should repair the same DNS problem in version 2.9.xx

There is this DNS problem too, but it is not horrible as in v3.xx. This problem appear randomly :/ (often sending mails).
 
akukula
newbie
Posts: 33
Joined: Wed May 16, 2007 3:57 pm

Re: DNS problem

Sun Oct 28, 2007 7:19 pm

Unfortunately the maximum cache size is still 10MB... Nothing changed in this matter...

Regards,
Andrzej
 
uldis
MikroTik Support
MikroTik Support
Posts: 3428
Joined: Mon May 31, 2004 2:55 pm

Re: DNS problem

Mon Oct 29, 2007 3:03 pm

Unfortunately the maximum cache size is still 10MB... Nothing changed in this matter...

Regards,
Andrzej
why would you need more than 10MB of DNS cache entries? Is your current DNS cache full?
Note that those 10MB are stored in the router RAM and if you would set the cache size to big, the router could get in situations where you don't have enough memory for other operations.
 
akukula
newbie
Posts: 33
Joined: Wed May 16, 2007 3:57 pm

Re: DNS problem

Tue Oct 30, 2007 11:10 am

Unfortunately the maximum cache size is still 10MB... Nothing changed in this matter...

Regards,
Andrzej
why would you need more than 10MB of DNS cache entries? Is your current DNS cache full?
Note that those 10MB are stored in the router RAM and if you would set the cache size to big, the router could get in situations where you don't have enough memory for other operations.
Sorry, but I think I am able to decide myself what maximum size I need in a network I know. 10MB is just an artificial limit, which renders DNS cache useless in some circumstances. One of the Mikrotiks I installed in my customers' site serves nearly 1000 PCs. Those people use various services, and 10MB DNS cache becomes saturated in an hour. The Mikrotik hardware is P4 3GHz with 1GB of RAM. I think I'd increase cache size (in this very network) to 256MB and it wouldn't impact the router operations. I think there shouldn't be a limit at all. Leave the decision to the admin.

Regards,
Andrzej
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: DNS problem

Thu Feb 14, 2008 5:49 am

The issue I was experiencing got resolved with v3.0rc9
*) fixed dns resolver - sometimes could not parse packets with AAAA records;

Thank you MT.

-Louis
 
mtmx80
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Wed Mar 16, 2011 11:12 pm

Re: DNS problem

Wed Mar 16, 2011 11:23 pm

I have a bad news. I'm using ROS 4.16 and I'm experiencing the same issue. In my case google.com doesn't resolves properly.
Situation:
- Using firefox quick search box doesn't works.
- Go to URL google.com - website doesn't loads.
- Going to cmd. once nothing,nothing,nothing...ops it works...and if it caches the good result is will work until it expires.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

>ping google.com
^C
>ping google.com
^C
>ping google.hu

Pinging google.hu [74.125.87.99] with 32 bytes of data:

Reply from 74.125.87.99: bytes=32 time=13ms TTL=55
Reply from 74.125.87.99: bytes=32 time=12ms TTL=55
Reply from 74.125.87.99: bytes=32 time=11ms TTL=55
Reply from 74.125.87.99: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.87.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 13ms, Average = 12ms

>ping google.com
Ping request could not find host google.com. Please check the name and try again.

>ping google.com
Ping request could not find host google.com. Please check the name and try again.

>ping google.com

Pinging google.com [74.125.87.99] with 32 bytes of data:

Reply from 74.125.87.99: bytes=32 time=14ms TTL=54
Reply from 74.125.87.99: bytes=32 time=11ms TTL=54
Reply from 74.125.87.99: bytes=32 time=44ms TTL=54
Reply from 74.125.87.99: bytes=32 time=14ms TTL=54

Ping statistics for 74.125.87.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 44ms, Average = 20ms

>ping google.com

Pinging google.com [74.125.87.99] with 32 bytes of data:

Reply from 74.125.87.99: bytes=32 time=14ms TTL=55
Reply from 74.125.87.99: bytes=32 time=11ms TTL=55
Reply from 74.125.87.99: bytes=32 time=12ms TTL=55
Reply from 74.125.87.99: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.87.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 14ms, Average = 12ms

>ping google.com

Pinging google.com [74.125.87.99] with 32 bytes of data:

Reply from 74.125.87.99: bytes=32 time=12ms TTL=54
Reply from 74.125.87.99: bytes=32 time=13ms TTL=54
Reply from 74.125.87.99: bytes=32 time=10ms TTL=54
Reply from 74.125.87.99: bytes=32 time=14ms TTL=54

Ping statistics for 74.125.87.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 14ms, Average = 12ms

Any advice? Nothing special is configured in router. It does it with default settings of RB 750G, ROS 4.16 too.

ps.: I made a short research and found that this issue may be caused if parent DNS server doesn't supports IPv6 AAAA addresses. If that's true, than there is nothing to done on MikroTik side. You should use Ipv6 ready DNS servers.
 
chojrak11
Member Candidate
Member Candidate
Posts: 129
Joined: Sun Apr 05, 2009 10:37 am

Re: DNS problem

Thu Mar 17, 2011 10:12 am

Send this info via email to: support _at_ mikrotik.com. IMO it's serious.
 
User avatar
zerkalka
just joined
Posts: 7
Joined: Wed May 11, 2011 9:35 am
Location: Russia, Saint-Petersburg
Contact:

Re: DNS problem

Fri Mar 09, 2012 9:19 pm

I have same problem since 5.14...
RB751U-2HnD
/ip dns print 
                servers: 8.8.8.8
        dynamic-servers: 213.234.192.8,85.21.192.3
  allow-remote-requests: yes
    max-udp-packet-size: 512
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 106KiB
periodically i can't ping any server by its DNS
Official MikroTik Reseller in Saint-Petersburg, Russia http://mikrotik.spb.ru
 
User avatar
Xeron
just joined
Posts: 9
Joined: Wed Mar 14, 2012 12:35 am
Location: San Jose, CA, USA
Contact:

Re: DNS problem

Wed Mar 14, 2012 12:45 am

I have problem with random resolve issues since 5.x version too, I can't remember, but it's about 5.10, may be earlier.

And it's strange, browser, curl/wget and any other software can't resolve name, but nslookup works without problems. So usually I have:
xeron@macbook:~$ wget — can't resolve
xeron@macbook:~$ wget — can't resolve
xeron@macbook:~$ nslookup — resolved
xeron@macbook:~$ wget — can't resolve
wait 1-2 minutes
xeron@macbook:~$ wget — resolved
And really often this problem happens with Amazon S3 hosts, but not only S3.

I tried to increase max-udp-packet-size, but still no luck.
 
User avatar
Xeron
just joined
Posts: 9
Joined: Wed Mar 14, 2012 12:35 am
Location: San Jose, CA, USA
Contact:

Re: DNS problem

Wed Mar 14, 2012 12:50 am

Oh sorry for bumping old thread, I think it's related to http://forum.mikrotik.com/viewtopic.php?f=2&t=58243

Who is online

Users browsing this forum: eworm, MSN [Bot] and 118 guests