Community discussions

MikroTik App
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

[7.10 stable] DNS Crash

Fri Jun 02, 2023 8:10 pm

DNS ALWAYS CRASHES DOWN IN THE NEW VERSION !!!
I already submitted a ticket SUP-117224
dns server down.png
WEB.png
You do not have the required permissions to view the files attached to this post.
Last edited by saber on Fri Jun 16, 2023 6:17 pm, edited 1 time in total.
 
Kaldek
Member Candidate
Member Candidate
Posts: 111
Joined: Sat Jul 11, 2015 2:40 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Sun Jun 04, 2023 10:09 am

What hardware? What was your config?

Pretty broad statement without more info.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Sun Jun 04, 2023 1:18 pm

The usual clickbait headline with the usual footwritten explanation:

Zero credibility, just bullshit.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Missing information

Sun Jun 04, 2023 1:20 pm

A modereator should change this tilte or just delete this message.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Sun Jun 04, 2023 1:23 pm

Even if there was REALLY a problem written like that crap it's not even helpful for support...

So far nothing has happened to me either with the CHR or with hAP ax²...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Sun Jun 04, 2023 8:45 pm

Repressed childhood syndrome.
 
psannz
Member Candidate
Member Candidate
Posts: 127
Joined: Mon Nov 09, 2015 3:52 pm
Location: Renningen, Germany

Re: [7.10rc3]DO NOT UPDATE!!!

Sun Jun 04, 2023 9:15 pm

Sooooooo, did noone notice the 0.000 second timeout values?
That automatically fails any dns request made. Same with the 00:00:00 second TTL...
 
hel
Member Candidate
Member Candidate
Posts: 199
Joined: Sun Jun 12, 2011 6:31 am
Location: Kirov, Russia

Re: [7.10rc3]DO NOT UPDATE!!!

Sun Jun 04, 2023 9:37 pm

When I see "DO NOT UPDATE!!!", I start to think that this update is bricking devices or other serious problems. But there's just a software bug/misconfiguration. You should correct your title so you will not confuse others.

Those who install beta and rc versions are aware of possible problems. Use only stable or long-term releases if you do not want to take risks.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Sun Jun 04, 2023 10:15 pm

Sooooooo, did noone notice the 0.000 second timeout values?
That automatically fails any dns request made. Same with the 00:00:00 second TTL...
Maybe if something in that service is broken, settings can't be read and those are the default (not default service values, but default GUI values shown)?
Just saying..
 
JoshDi
newbie
Posts: 37
Joined: Fri May 21, 2021 4:49 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Tue Jun 06, 2023 8:14 pm

not having any DNS issues for 7.10rc3 on my SXT. It looks like the OP has a misconfiguration, as others have stated.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Wed Jun 07, 2023 12:46 am

Way in the past, in some v6.xx version, one time I have seen the same thing on my router: timeout values suddenly zero, all DNS queries fail.
No idea what has caused it. Of course easy to fix.
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Thu Jun 08, 2023 8:12 am

What hardware? What was your config?

Pretty broad statement without more info.
RB4011iGS+5HacQ2HnD
The DNS configuration I have been using from 7.1 to 7.9.2 is fine, just upgrade to 7.10, DNS server crashed down
Last edited by saber on Thu Jun 08, 2023 8:34 am, edited 1 time in total.
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Thu Jun 08, 2023 8:27 am

Repressed childhood syndrome.
I just remind everyone to be cautious about upgrading the RC version, you are really showing yourself
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Thu Jun 08, 2023 8:33 am

When I see "DO NOT UPDATE!!!", I start to think that this update is bricking devices or other serious problems. But there's just a software bug/misconfiguration. You should correct your title so you will not confuse others.

Those who install beta and rc versions are aware of possible problems. Use only stable or long-term releases if you do not want to take risks.
But DNS server crash is a very serious problem in my opinion. Most web pages cannot be accessed and are directly interrupted
Last edited by saber on Thu Jun 08, 2023 8:33 am, edited 1 time in total.
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Thu Jun 08, 2023 8:45 am

Even if there was REALLY a problem written like that crap it's not even helpful for support...

So far nothing has happened to me either with the CHR or with hAP ax²...
DNS configuration I had used in many versions without problems, including the beta version, but when I upgrade to the 7.10 beta or RC version, the DNS service crashes quickly in a short time. I didn't get any useful information from the log.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 10:16 am

You're just writing a lot of bullshit, instead of showing your DNS configuration, (a screenshot is not one configuration)
and since you're the only one on the forum that happens,
you're just typing random words without providing anything useful, just misleading to get attention unjustified.
 
gabacho4
Member
Member
Posts: 329
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 11:20 am

Post your router configuration. Your ENTIRE router config!

In terminal: /export hide-sensitive file=AnyNameYouWish. Then view in a text editor, copy and paste for others to review.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 11:21 am

Post your router configuration. Your ENTIRE router config!

In terminal: /export hide-sensitive file=AnyNameYouWish. Then view in a text editor, copy and paste for others to review.

The post is for 7.10rc3, hide-sensitive is only for v6...

But you will see that instead of posting something useful,
he will still write things like that we're all stupid, thank goodness he's reporting these things, and that seeing the configuration is useless...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 11:54 am

But DNS server crash is a very serious problem in my opinion. Most web pages cannot be accessed and are directly interrupted
It is not a "DNS server crash", it is configuration of the DNS with unusable parameters.
It would have to be found how that happened, but that likely cannot be traced anymore now.
Just reset the configuration to correct values and be done with it!
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 12:10 pm

In other words, you can trash the DNS service with just setting some unsupported value in some setting that doesn't have input validation?
Interesting.
 
gabacho4
Member
Member
Posts: 329
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 12:14 pm

hide-sensitive is a working export command for me on 7.9.2 and 7.10rc5. Is it just not needed anymore?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 12:17 pm

In other words, you can trash the DNS service with just setting some unsupported value in some setting that doesn't have input validation?
Interesting.
Yes, the unvalidated unique value is max concurrent queries, setting it to 0, DNS no longer responds...
But it is a setting that is only done manually, it is not the default one, it is a user error that does not know what he does ...
RouterOS can't prevent all user errors...
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 12:18 pm

In other words, you can trash the DNS service with just setting some unsupported value in some setting that doesn't have input validation?
Interesting.
Which is strength and weakness of ros...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 12:23 pm

it is a user error that does not know what he does...
RouterOS is not a training program...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 12:27 pm

In other words, you can trash the DNS service with just setting some unsupported value in some setting that doesn't have input validation?
Interesting.
I agree with you that such parameter values, unless they have some special meaning that is useful (like "infinity" or "not checked"), should
not be allowed.
As I wrote before, it happened to me too, way back in 6.3x somewhere, that after an upgrade (I think) these parameters were set to zero.
Maybe it can be explained by some race condition or other error during the upgrade processing?
Anyway, when 0 is not a useful value the code should replace it with the default when it encounters it, and refuse it when the user tries it.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Mon Jun 12, 2023 1:36 pm

when 0 is not a useful value the code should replace it with the default when it encounters it, and refuse it when the user tries it.
+1
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: [7.10rc3]DO NOT UPDATE!!!

Fri Jun 16, 2023 5:18 pm

maybe should change title to 7.10 stable,
viewtopic.php?t=197095
I think it's same issue.
I have many forward-to rule in dns-static.
it works on 7.9.2, but random lost happen on 7.10 stable.

Moreover, I have conducted tests and found that if no rules are configured in dns-static, it does not cause this issue.
It seems that the DNS resolver is crashing.
1.jpg
2.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: [7.10 RC3] Router may give you problem. The end of the univers is near.

Fri Jun 16, 2023 6:41 pm

DNS ALWAYS CRASHES DOWN IN THE NEW VERSION !!!
1. This thread is about RC3. If you have problem with Stable make a new thread.
2. What has MT written about your SUP?
3. Title of this thread is just stupid. This version may work for 99% or more of the user out there.

Example tiltle.
Take care, if you have this or that, it may break, so test before upgrade.

Have you use Netinstall and started from a clean configuration? No backup/restore/upgrade?
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

Re: [7.10rc3]DO NOT UPDATE!!!

Fri Jun 16, 2023 6:45 pm

maybe should change title to 7.10 stable,
viewtopic.php?t=197095
I think it's same issue.
I have many forward-to rule in dns-static.
it works on 7.9.2, but random lost happen on 7.10 stable.

Moreover, I have conducted tests and found that if no rules are configured in dns-static, it does not cause this issue.
It seems that the DNS resolver is crashing.

1.jpg
2.jpg
It's really a random serious problem and I can't catch any useful logs, so I think maybe the DNS server crashed before print logs
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

Re: [7.10 RC3] Router may give you problem. The end of the univers is near.

Fri Jun 16, 2023 6:46 pm

DNS ALWAYS CRASHES DOWN IN THE NEW VERSION !!!
1. This thread is about RC3. If you have problem with Stable make a new thread.
2. What has MT written about your SUP?
3. Title of this thread is just stupid. This version may work for 99% or more of the user out there.

Example tiltle.
Take care, if you have this or that, it may break, so test before upgrade.

Have you use Netinstall and started from a clean configuration? No backup/restore/upgrade?
MT has written nothing

I don't use Netinstall and started from a clean configuration because just downgrade to 7.9.2 or an early version without any problem. I think if there is a problem appears, just reinstalling the system will never find the reason.
Last edited by saber on Fri Jun 16, 2023 6:57 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10rc3]DO NOT UPDATE!!!

Fri Jun 16, 2023 7:01 pm

I think it's same issue.
I have many forward-to rule in dns-static.
it works on 7.9.2, but random lost happen on 7.10 stable.
Moreover, I have conducted tests and found that if no rules are configured in dns-static, it does not cause this issue.
There is no export, but at least you have deigned, not like other fools, to give a minimum of explanations and do some tests.

Thank you.
Last edited by rextended on Fri Jun 16, 2023 7:10 pm, edited 4 times in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: [7.10 stable]DO NOT UPDATE!!!

Fri Jun 16, 2023 7:45 pm

As a potential workaround block access to dns resolver from WAN port and do not flush dns cache on every ppp reconnect.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10 stable]DO NOT UPDATE!!!

Fri Jun 16, 2023 7:47 pm

As a potential workaround block access to dns resolver from WAN port and do not flush dns cache on every ppp reconnect.
:shock: :?: :?: :?:
I assume you read about its configuration somewhere, or is it the classic generic rule of not opening DNS to the world?
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

Re: [7.10 stable]DO NOT UPDATE!!!

Fri Jun 16, 2023 7:48 pm

As a potential workaround block access to dns resolver from WAN port and do not flush dns cache on every ppp reconnect.
Thanks, I try it
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10 stable]DO NOT UPDATE!!!

Fri Jun 16, 2023 7:49 pm

do not flush dns cache on every ppp reconnect.
Is a RouterOS instruction (?) or is the habit of some ISP?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10 stable]DO NOT UPDATE!!!

Fri Jun 16, 2023 7:52 pm

As a potential workaround block access to dns resolver from WAN port and do not flush dns cache on every ppp reconnect.
Thanks, I try it
(see, it always works... ;) )
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10 stable]DO NOT UPDATE!!!

Fri Jun 16, 2023 7:58 pm

Looking forward to @mrz's kind reply...

So if a user disables the firewall that is there by default,
(or doesn't configure it correctly, since the model was never specified)
allowing the whole world to use the RouterBOARD as a DNS server (and optionally, a DDoS amplifier),
and moreover it sets in the ppp profile that at each reconnection it must unnecessarily delete the DNS cache...

DNS hangs.

I don't think it happens on RouterOS 7.10x only, and that's why so far there has only been 1 (or 2 if the problem is the same) report...
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: [7.10 stable]DO NOT UPDATE!!!

Fri Jun 16, 2023 10:54 pm

Boys ... ROS connects people ... try to get calm
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: [7.10 stable]DO NOT UPDATE!!!

Sat Jun 17, 2023 1:58 am

i know one case with a ccr1036 and ccr2004 with a similar problem starting with 7.9.2, persist after upgrading to 7.10, was escalated to support, waiting for answer
 
saber
just joined
Topic Author
Posts: 9
Joined: Wed May 24, 2023 3:43 pm

Re: [7.10 stable]DO NOT UPDATE!!!

Sat Jun 17, 2023 6:42 am

I'm deeply dissatisfied that the forum deleted my reply. On the contrary, the perpetrators' rudeness guys were not punished, In the future, I will not give feedback on any BUG and slowly replace hundreds of devices of Mikrotik in my company including switch. I will no longer promote this brand to my customer. In the end, this serious problem from the first 7.10 beta version including the developed version of 7.10appha44-7.10appha236 lasted until the stable version. Congratulations to @rextended and @anav for their great contribution to Mikrotik in the future.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: [7.10 rc3]DO NOT UPDATE!!!

Sat Jun 17, 2023 11:10 am

Congratulations to @rextended and @anav for their great contribution to Mikrotik in the future.
They have done more for the forum than you ever will do.

Just some tip for you.

1. That you do have problem with some does not mean that all do have problem with a releas. I have not seen any problems with my setups.
2. Use a proper title on of your message. DO NOT UPDATE is a title that does not give any information. For me this title is just a click bate.
3. Give as much information as possible. A good diagram. Post config off all devices.
4. Try netinstall and start from scratch.
5. Simplify setup. Remove all that are not needed.
6. Respect other on the forum. You are a newcomer (on this forum). rextended and anav has posted 1000s of good post and have done a lot to help other. They may be some trigger happy, but listen and reply what you are asked for and all will be simpler and you get better support.
7. No one are foring you to use latest version. Do you really need latest version? Why?
 
SkyBeam
just joined
Posts: 1
Joined: Sat Jun 17, 2023 12:38 pm

Re: [7.10 stable]DO NOT UPDATE!!!

Sat Jun 17, 2023 12:55 pm

I should potentially have read this before 7.10 upgrade too on my CRS310-1G-5S-4S+.
Perhaps the title is inappropriate and should point to the OP DNS issues but they might be valid. I personally cannot use 7.10 stable as I found my ONTi SFP Modules to be read with 255C temperature and ROS shutting them down with for overtemperature protection every couple of minutes. Also my switch sfp-temperature is reported 255C and "temperature" on 255C in "Health" panel. As a result also the fan spinning at >13000rpm.
Downgrading to 7.9.2 resolved the problem entirely:
  • board-temperature1: 45C
  • board-temperature2: 31C
  • cpu-temperature: 46C
  • fan1-speed: 0rpm
  • psu1-voltage: 23.7V
  • sfp-temperature: 25C
  • temperature: 25C
  • voltage: 23.4V
Sure my ONTi Modules from Aliexpress might be crap. They never reported any temperature and the corresponding line in ROS 7.9.2 is simply displaying empty. But in ROS 7.10 it reports 255C constantly. Not sure if it could be fixed by SFP module upgrade but I also don't know if I could get an upgrade and why the readouts suddenly changed in ROS 7.10. So I am back to 7.9.2 for now.
 
User avatar
krafg
Forum Guru
Forum Guru
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: [7.10 stable]DO NOT UPDATE!!!

Sat Jun 17, 2023 2:55 pm

Anyway, now there is the stable version. I updated to it without issues from ROS6.

Regards.
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: [7.10 stable]DO NOT UPDATE!!!

Sat Jun 17, 2023 5:42 pm

I will not give feedback on any BUG and slowly replace hundreds of devices of Mikrotik in my company including switch. I will no longer promote this brand to my customer
I think support from community is big part of deciding which technology you want to use along with cost/benefit ratio of performance and features. But deciding to switch technology which can potentially generate more problems/costs just because of certain individuals on forum which are not even officials from brand not sure how wise is that idea, unless there are some other reasons.
You can always set foes in forum CP:
foes.png
You do not have the required permissions to view the files attached to this post.
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: [7.10 stable]DO NOT UPDATE!!!

Sat Jun 17, 2023 7:40 pm

Can someone just kill this topic.....
 
gabacho4
Member
Member
Posts: 329
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: [7.10 stable]DO NOT UPDATE!!!

Sat Jun 17, 2023 7:47 pm

Can someone just kill this topic.....
You said what I've been thinking painfully inside for days.
 
hel
Member Candidate
Member Candidate
Posts: 199
Joined: Sun Jun 12, 2011 6:31 am
Location: Kirov, Russia

Re: [7.10 stable]DO NOT UPDATE!!!

Sun Jun 18, 2023 1:49 am

A great example how a "screaming" title irritates forum users. Such threads should be deleted at sight.
A thread title should reflect the problem. Forum users could decide by themselves what to do with this information.
 
jasonchen0917
just joined
Posts: 2
Joined: Sat Jun 17, 2023 2:50 am

Re: [7.10 stable]DO NOT UPDATE!!!

Sun Jun 18, 2023 6:13 am

RB5009, got the similar problem since early version of 7.10 (maybe rc4, it is the first version I've tried)
The configuration works well in 7.9.2 but when upgrade to 7.10 stable, dns became stucked every 5-10mins.
I set multiple static FWD records with regexp and address-list values, and forward to dns servers in local network.
when all static settings with regexp were disabled, the problem remains. It may not be the problem of setting regexp or address-list values.
One CPU core keep 100% when stucked, and webfig shows the resources were used by dns resolver.
When it got stucked, DNS settings, static and cache turns blanks.
After about 1mins' stuck or more, the cpu returns normal and the setting and cache values reappears (maybe a restart of winbox was required).
At the time when the dns stucked, I tried upstream local dns resolver, both upstream dns servers work normally.
Currently I have to manually downgrade to 7.9.2 and it returns normal.
Hoping to get fixed, thx.

# jun/17/2023 08:29:41 by RouterOS 7.9.2
# software id = Q5P7-****
#
# model = RB5009UG+S+
# serial number = ***********
/ip dns
set allow-remote-requests=yes cache-max-ttl=2h cache-size=40960KiB \
max-concurrent-queries=200 max-concurrent-tcp-sessions=200 \
max-udp-packet-size=4096 query-server-timeout=1s500ms \
query-total-timeout=5s servers=10.114.0.10,10.114.0.11
/ip dns static
add address-list=service cname=kr.actual.battle.net name=\
prod.actual.battle.net type=CNAME
add address-list=service forward-to=10.114.0.10 regexp=.*ntp.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*dav.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*time.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*dns.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*srv.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*api.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*welink.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*pay.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*io.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=pop.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=imap.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=smtp.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=mail.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=login.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=appleid.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=idmsa.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=gsa.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*device.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*vpn.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*game.* type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*pumch.cn type=FWD
add address-list=service forward-to=10.114.0.10 regexp=.*alipay.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*push.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*notify.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*getui.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*talk.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*sns.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*im.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*wns.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*message.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*blued.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*finka.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*chat.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*zoom.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*meeting.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*weixin.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*passport.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*auth.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*captive.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*img.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*gif.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*pic.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*mi.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*xiaomi.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*miot.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*weibo.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*bing.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*sina.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*static.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*fonts.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*alicdn.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*tbcache.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*meituan.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*dianping.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*toutiao.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*map.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*navi.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*taobao.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*steam.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*read.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*store.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*origin.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*epic.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*jd.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*tube.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*video.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*pod.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*bili.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*hdslb.com type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*mcdn.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*keep.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*youku.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*iqiyi.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*tudou.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*douyin.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*kuaishou.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*zijie.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*byte.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*itunes.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*music.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*xiaohongshu.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*xhscdn.com type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*tracker.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*sandai.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*p2p.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=bt.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=pt.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=download.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=appldnld.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=update.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*pan.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*dist.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*p2sp.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*dbank.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*xunlei.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*88cdn.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*delivery.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*drive.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*drv.* type=FWD
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10 stable]DO NOT UPDATE!!!

Sun Jun 18, 2023 11:33 am

A great example how a "screaming" title irritates forum users. Such threads should be deleted at sight.
A thread title should reflect the problem. Forum users could decide by themselves what to do with this information.
Bravo. +1

Especially when the problem is leaving the DNS open to the world and constantly clearing the DNS cache...
All things that those with common sense would never do...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [7.10 stable]DO NOT UPDATE!!!

Sun Jun 18, 2023 11:50 am

when all static settings with regexp were disabled, the problem remains. It may not be the problem of setting regexp or address-list values.
So, why post only the static settings?
Please post full configuration.
 
User avatar
krafg
Forum Guru
Forum Guru
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: [7.10 stable]DO NOT UPDATE!!!

Mon Jun 19, 2023 2:22 am

I see that some people have troubles with DNS and VPN's, but it is not a enought reason to not update to latest version of ROS for all users. In my case both things I manage on a Raspberry Pi and for it I not have troubles for now.

Regards.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: [7.10 stable]DO NOT UPDATE!!!

Wed Jun 21, 2023 4:26 pm

@jasonchen0917

I think I have found the cause of the problem; the issue lies in dns-to-address-list.
Use the code below and it won’t crash anymore:
/ip dns static set [find where address-list!=""] address-list=""
Because by comparing the logs of RouterOS 7.9/7.9.2 and 7.10,
I found that the RouterOS upgrade did not make too many DNS changes,
I believe MikroTik would reflect additions and changes in the logs.
And 7.10 added the endpoint-independent-nat feature.
This is definitely a major overhaul of the firewall.
And the only connection between DNS and the firewall is dns-to-address-list.
So, I tried turning off dns-to-address-list here, only retaining forward-to.
As a result, up to now, the crash issue has not occurred again.

@mrz
So, I am sure the issue is with dns-to-address-list.
I have already tested and confirmed this on CCR2004/RB5009/RB4011/CHR and other devices.
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 267
Joined: Mon Apr 27, 2020 10:14 am

Re: [7.10 stable] DNS Crash

Thu Jun 22, 2023 10:52 am

Changed the title of the topic. Please make informative titles rather than clickbait.
 
jasonchen0917
just joined
Posts: 2
Joined: Sat Jun 17, 2023 2:50 am

Re: [7.10 stable]DO NOT UPDATE!!!

Sat Jun 24, 2023 1:23 pm

It worked, and thanks for help. I will remains in 7.9.2 since address-list was important for my firewall rules.
The processing of dns static rules were slightly different between 7.9 and 7.10.
Address-list rules in 7.10 stable automatically added query names in comments, the addresses were added as static rules, and no timeout was set. In 7.9 series, the addresses were added as dynamic rules, had a timeout value set, and no comments. Maybe the changes caused the problem?
Hoping to get fixed.
@jasonchen0917

I think I have found the cause of the problem; the issue lies in dns-to-address-list.
Use the code below and it won’t crash anymore:
/ip dns static set [find where address-list!=""] address-list=""
Because by comparing the logs of RouterOS 7.9/7.9.2 and 7.10,
I found that the RouterOS upgrade did not make too many DNS changes,
I believe MikroTik would reflect additions and changes in the logs.
And 7.10 added the endpoint-independent-nat feature.
This is definitely a major overhaul of the firewall.
And the only connection between DNS and the firewall is dns-to-address-list.
So, I tried turning off dns-to-address-list here, only retaining forward-to.
As a result, up to now, the crash issue has not occurred again.

@mrz
So, I am sure the issue is with dns-to-address-list.
I have already tested and confirmed this on CCR2004/RB5009/RB4011/CHR and other devices.
 
pukka
just joined
Posts: 20
Joined: Sun Jun 26, 2011 4:05 pm

Re: [7.10 stable] DNS Crash

Mon Oct 16, 2023 6:55 pm

We have had 2 routers exibit the same problems over the last month. they are running 7.10.
1 has been upgraded to 7.11.2 other 7.12rc1

Its taken about 2 weeks to showup

Who is online

Users browsing this forum: No registered users and 26 guests