Page 1 of 1

DNS Server Issues

Posted: Sat Aug 19, 2006 12:09 am
by MyThoughts
I currently operate an all Mikrotik wireless network. Recently I started noticing issues when loading certain websites. I have isolated the problem and it is associated with the DNS server.

When a client asks for a dns resolution it first asks the CPE, the CPE then asks the server and the server in turn asks my ISP DNS server as a last resort.

The problem appears when loading yahoo, ebay, and various other websites (many of them are on hosted on the akemi network). You can ping, traceroute, and the dns does resolve, but the page will just load blank, partially load, or take very long times to load.

If I alter the CPE and tell it to go directly to my ISPs DNS servers the problem disappears.

Has anyone else had these issues?
I have altered the cache-max-ttl times to 1h on the main server.

Posted: Sat Aug 19, 2006 3:08 am
by Equis
I set my clients DHCP server to set my DNS server and then my DNS server will foward to Upstream ISP

Seems to work best for me.

Seems strange you can resolve but then get a blank page?

Posted: Sat Aug 19, 2006 11:00 am
by MyThoughts
Unfortunately the network is fairly large and we recently switch from PPPoE authentication to PPTP authentication on the CPE devices (went from bridged network to a routed one). This makes it take a very long time to switch over CPE equipment to different settings (PPTP client doesn't have any option to use peer DNS Servers like PPPoE, a flaw I found out too late after switching the network over).

You are correct in that if I use just my server's DNS (cpe tells DHCP client to go directly to my server instead of itself 1st), everything works. I was just trying to improve response and reduce unnecessary traffic on the wireless network by resolving as close to client as possible.

This is what I want to work (but is not):
DHCP Client ----> CPE DNS Server ---> Main DNS Server ---> ISP DNS
6h 1h

The time underneath is the max-cache-ttl I have tested at to no avail.

This is what does work (but not what I really want):
DHCP Client ---> Main DNS Server ---> ISP DNS
OR
DHCP Client ---> CPE DNS Server ---> ISP DNS

Like i mentioned earlier 90+% of websites work only very few don't.
For repeatability ebay and yahoo seem to have problems the most.

Posted: Sat Aug 19, 2006 12:10 pm
by matt
msn.com, yahoo.com we had the same problem not working.

We had to adjust the MTU settings at customers end on there router. Anything from 1380 up to 1495.

There are lots of threads on msn and MTU settings.

Posted: Sun Aug 20, 2006 11:58 pm
by MyThoughts
This is not an MTU setting problem. I have already worked with MTU setting when getting hotmail to load correctly. I did test to see if this was related to MTU originally when the problem appeared.
I tried increments of 25 from 1200 to 1400, and increments of 10 from 1400 to 1500. It had no affect on these web sites. As I mentioned if I alter the dns server everything works. I was just trying to optimize preformance by resolving dns as close to customer as possible. I would still prefer the resolve at cpe then at my server then at ISP. BUT as this has not been working I switched everything to resolve at my server then my ISP until I find out why this doesn't work.

Posted: Mon Aug 21, 2006 3:20 pm
by HarvSki
I too have seen this problem, it is mostly showing up on Mac OSX 10.3/4 clients, but it sometimes effects PCs too.

These clients are connecting using PPPoE directly or using a router onto both ROS 2.8.19 or 2.9.28 access concentrators which makes me think it is something to do with the clients rather than the MikroTik router.

Posted: Tue Aug 22, 2006 10:49 pm
by rickard
Yes we have this problem to. and to resolve it is to get a own DNS server.
The MT dns cant handel CNAME corectly and other problems.
i hope they update that code soon .
//Rickard

Posted: Wed Aug 23, 2006 12:49 pm
by HarvSki
Yes we have this problem to. and to resolve it is to get a own DNS server.
The MT dns cant handel CNAME corectly and other problems.
i hope they update that code soon .
//Rickard
this is good news for me as I thought I might be going mad! (madder)

are you using BIND for DNS?

Posted: Sun Aug 27, 2006 11:07 pm
by raffacol
We are havig problems wit DNS on clients authenticating through PPPoE too! Some of them cannot open web pages but with IP address they can ! It seems the PC cannot get the local DNS (local DNS is a MT router which refers to a ISP DNS).
Thanks all,
Raffaele

Posted: Mon Aug 28, 2006 1:16 pm
by uldis
Yes we have this problem to. and to resolve it is to get a own DNS server.
The MT dns cant handel CNAME corectly and other problems.
i hope they update that code soon .
//Rickard
we need the support output file when you have problems with the CNAME. Send the support output file to support@mikrotik.com

Posted: Mon Aug 28, 2006 2:27 pm
by raffacol
Yes we have this problem to. and to resolve it is to get a own DNS server.
The MT dns cant handel CNAME corectly and other problems.
i hope they update that code soon .
//Rickard
we need the support output file when you have problems with the CNAME. Send the support output file to support@mikrotik.com
what is CNAME ?

Posted: Mon Aug 28, 2006 2:33 pm
by normis