Community discussions

MikroTik App
 
peydude
just joined
Topic Author
Posts: 7
Joined: Thu Mar 18, 2010 1:27 am

Hotspot blocks access to DNS servers over time

Wed Sep 29, 2010 7:02 pm

Hello,

I have a RouterOS hotspot (level 6) running at my core location. Behind it I have a few servers and a couple of other Mtik hotspots. My problem is:

After a period of time (hours) everything behind the core hotspot can't ping the DNS servers. The core hotspot router can ping the DNS servers but nothing behind it can. As soon as I turn off the hotspot server on the core router I can ping the DNS servers. When I turn the hotspot back on after some time I lose DNS connectivity again.

What I have done to troubleshoot:

Tried pinging other IPs outside the network: works, just DNS IPs don't respond
Cleared DNS cache on the core hotspot router: still couldn't ping DNS IPs
Turned off connection tracking on the core hotspot router: still couldn't ping DNS
Turned off hotpot on the core router: I could ping DNS servers
Turned hotspot back on: I could still ping the DNS servers but after a few hours I lose connectivity to DNS

I am not sure what exactly happens over a period of time. Something fills up or the hotspot proxy crashes? It's not connection tracking since turning that feature off didn't make a difference. The CPU load and memory usage were also fine on the core hotspot server when this happened. How do I turn off DNS caching (I am not sure if this could be the issue either)?

I am running version 4.11 on an x86 box. I have the number of hotspot users set to 3000 but don't come anywhere near this number (only have a 100 or so users). All idle timeouts, etc have been turned off. If I leave the hotspot service off everything is fine. I have the hotspot running on its own vlan interface. Initially it was running on the same vlan as everything else (servers, other hotspots, etc) and this problem would occur withing 5~10 mins. Now it takes hours but still happens.

Any ideas?


Thanks!
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Hotspot blocks access to DNS servers over time

Wed Sep 29, 2010 7:06 pm

I've had some problems with the Hotspot servlet and DNS, and nowadays I just circumvent it. By default all DNS traffic is redirected to it. You can shortcircuit that with the following configuration:
/ip firewall nat
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=udp
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=tcp
/ip hotspot walled-garden ip
add action=accept disabled=no dst-port=53 protocol=udp
add action=accept disabled=no dst-port=53 protocol=tcp
At that point you really are using the DNS servers and are not proxied through the Hotspot servlet, and things will continue to work nice. At that point it's important that you get the DNS mappings for the Hotspot DNS name vs its IP address 100% right on your external DNS servers, or things will break in bad ways.
 
peydude
just joined
Topic Author
Posts: 7
Joined: Thu Mar 18, 2010 1:27 am

Re: Hotspot blocks access to DNS servers over time

Wed Sep 29, 2010 7:12 pm

Thanks Guru. I will give this a shot. Can I use the hotspot's IP address as the dns-name or can I not even set a dns-name in its profile because I don't have access/control to the external DNS servers. So I might not be able to add an entry for the hotspot's dns name to the dns servers.

Thanks again.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Hotspot blocks access to DNS servers over time

Wed Sep 29, 2010 7:15 pm

You HAVE to have the DNS name set up under the Hotspot server profile mapped to the IP address set up under the same Hotspot server profile, or the Hotspot will not work. If you cannot do that on the external DNS server you want users to use directly, you CANNOT use it directly and must have DNS proxied through the Hotspot servlet.

In that case it would probably be best to take supout.rifs and send them to support@mikrotik.com and get an official bug report open and the issue resolved for good.

My method really is a cop-out anyway as it works around the issue rather than fix it.
 
billjellis
newbie
Posts: 37
Joined: Mon Dec 15, 2014 11:04 pm

Re: Hotspot blocks access to DNS servers over time

Tue Nov 03, 2015 4:23 am

I seem to be having these issues on my RB450 hotspot is there any other solution or is this the best one? Current ROS.

I bypass the MAC and get then to go to a site and then enable it. then the Captive portal shows up then they have to log back in.


Going to test this one out.

Who is online

Users browsing this forum: Baidu [Spider], EbeltoftsNet, Google [Bot], SinTeZ, VaMpIrEKiNg and 85 guests