Community discussions

MikroTik App
  4. RouterOS
  5. General

BUG: Regexp Wild DNS Static entry with CNAME not work with v6.48.4

Post Reply
 
ihipop
just joined
Topic Author
Posts: 8
Joined: Tue Oct 05, 2021 6:36 pm

BUG: Regexp Wild DNS Static entry with CNAME not work with v6.48.4

Sat Oct 09, 2021 5:51 am

This works

Code: Select all
/ip dns static
add address=1.1.1.1 regexp="\\.example\\.com
Output:

:put [:resolve aaa.example.com]
1.1.1.1

This not work
Code: Select all
/ip dns static
add cname=one.one.one.one regexp="\\.example\\.com" type=CNAME
Output:
:put [:resolve aaa.example.com]
failure: dns name does not exist
:put [:resolve one.one.one.one]
1.0.0.1


[*] Routeros Version

```
/system routerboard> print
routerboard: yes
board-name: hEX PoE lite
model: RouterBOARD 750UP r2
serial-number: ******
firmware-type: qca9531L
factory-firmware: 3.23
current-firmware: 6.48.4
upgrade-firmware: 6.48.4
```
Top
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: BUG: Regexp Wild DNS Static entry with CNAME not work with v6.48.4

Mon Oct 11, 2021 11:33 am

Adding CNAME to ROS does not work as it should. I have a case with MT where they have confirmed this issue.

What I see is that a CNAME I add does not work at all. Now I use network.local as the suffix for the CNAME Key but a "real" FQDN as value.
This only works if I resolve the value first and get it into the cache.

For example. If I add a CNAME with key test.example.local with value dns.google.com I cannot resolve test.example.local.-
This will not work for me unless I have dns.google.com in cache. So for example if I run nslookup dns.google.com that will put the IP for this value for a short while.
During this time test.example.local will reolve.
The reason is that the DNS resolved will send the CNAME externally to resolve as I saw network.local in my external DNS provider logs, and they should not be there.
I'm not sure this is applicable to you but CNAME does not work as it should and could very well be affecting you.
Top
 
ihipop
just joined
Topic Author
Posts: 8
Joined: Tue Oct 05, 2021 6:36 pm

Re: BUG: Regexp Wild DNS Static entry with CNAME not work with v6.48.4

Tue Oct 12, 2021 7:12 am

Thank you for your kindly reply :) :) ~
But:
Last edited by ihipop on Tue Oct 12, 2021 7:15 am, edited 2 times in total.
Top
 
ihipop
just joined
Topic Author
Posts: 8
Joined: Tue Oct 05, 2021 6:36 pm

Re: BUG: Regexp Wild DNS Static entry with CNAME not work with v6.48.4

Tue Oct 12, 2021 7:13 am

Adding CNAME to ROS does not work as it should. I have a case with MT where they have confirmed this issue.

What I see is that a CNAME I add does not work at all. Now I use network.local as the suffix for the CNAME Key but a "real" FQDN as value.
This only works if I resolve the value first and get it into the cache.

For example. If I add a CNAME with key test.example.local with value dns.google.com I cannot resolve test.example.local.-
This will not work for me unless I have dns.google.com in cache. So for example if I run nslookup dns.google.com that will put the IP for this value for a short while.
During this time test.example.local will reolve.
The reason is that the DNS resolved will send the CNAME externally to resolve as I saw network.local in my external DNS provider logs, and they should not be there.
I'm not sure this is applicable to you but CNAME does not work as it should and could very well be affecting you.

Thank you for your kindly reply :) :) ~
Your case about CNAME is TRUE
But:
  • `one.one.one.one` is a "real" FQDN value
  • I resolve the value first and get it into the cache, but it still not work with Regexp Wild DNS Static entry
  • It works with CNAME DNS Static entry without Regexp
  • It's just a `Regexp Wild DNS Static` + `CNAME` bug

Question:

How I can let mikrotik team to konw my issues? I have another issue to let them know..
Top
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: BUG: Regexp Wild DNS Static entry with CNAME not work with v6.48.4

Tue Oct 12, 2021 11:47 am

I still this the issue apply even for you. In this case you ask for the domain aaa.exmaple.com and that does not exist in public DNS.
Now I cannot be sure but the issue I see is that the question I send for a CNAME is not managed within the device but is sent to the external DNS resolved you have.
Did a little test:

I added the following:
Code: Select all
/ip dns static
add address=1.1.1.1 regexp="\\.cnn\\.com"

This produced the following:
Non-authoritative answer:
Name: turner-tls.map.fastly.net
Addresses: 1.1.1.1
Aliases: www.cnn.com

So in this case I see the answer I was expecting.
Then we remove A record and add this:
Code: Select all
/ip dns static
add cname=one.one.one.one regexp="\\.cnn\\.com" type=CNAME
This produced the following:
Non-authoritative answer:
Name: turner-tls.map.fastly.net
Addresses: 2a04:4e42:14::323
151.101.85.67
Aliases: www.cnn.com

As you can see I get a response but this is the "real" IP's you get from external resolver. So this indicated the CNAME question www.cnn.com is sent externally and not managed in your device
And just to prove my point here :D I added this:
Code: Select all
/ip dns static
add cname=one.one.one.one regexp="\\.example\\.com" type=CNAME
This gave me this result:
*** UnKnown can't find aaa.example.com: Non-existent domain
Then I went to the logs of my external resolved (NextDNS) and found this in the log:
2021-10-12T08:09:34.389544+00:00,aaa.example.com,A,true,DNS-over-HTTPS
So in this case the question for aaa.example.com is not honored on the DNS resolved in Mikrotik but is instead send to my external resolved asking for an A record.
So I think you have the same issue. MT has confirmed they have found the issue but there are not fix for this in the pipeline yet as far as I know.
Top
 
ihipop
just joined
Topic Author
Posts: 8
Joined: Tue Oct 05, 2021 6:36 pm

Re: BUG: Regexp Wild DNS Static entry with CNAME not work with v6.48.4

Wed Oct 13, 2021 10:11 am

I still this the issue apply even for you. In this case you ask for the domain aaa.exmaple.com and that does not exist in public DNS.
Now I cannot be sure but the issue I see is that the question I send for a CNAME is not managed within the device but is sent to the external DNS resolved you have.
Did a little test:

I added the following:
Code: Select all
/ip dns static
add address=1.1.1.1 regexp="\\.cnn\\.com"

This produced the following:
Non-authoritative answer:
Name: turner-tls.map.fastly.net
Addresses: 1.1.1.1
Aliases: www.cnn.com

So in this case I see the answer I was expecting.
Then we remove A record and add this:
Code: Select all
/ip dns static
add cname=one.one.one.one regexp="\\.cnn\\.com" type=CNAME
This produced the following:
Non-authoritative answer:
Name: turner-tls.map.fastly.net
Addresses: 2a04:4e42:14::323
151.101.85.67
Aliases: www.cnn.com

As you can see I get a response but this is the "real" IP's you get from external resolver. So this indicated the CNAME question www.cnn.com is sent externally and not managed in your device
And just to prove my point here :D I added this:
Code: Select all
/ip dns static
add cname=one.one.one.one regexp="\\.example\\.com" type=CNAME
This gave me this result:
*** UnKnown can't find aaa.example.com: Non-existent domain
Then I went to the logs of my external resolved (NextDNS) and found this in the log:
2021-10-12T08:09:34.389544+00:00,aaa.example.com,A,true,DNS-over-HTTPS
So in this case the question for aaa.example.com is not honored on the DNS resolved in Mikrotik but is instead send to my external resolved asking for an A record.
So I think you have the same issue. MT has confirmed they have found the issue but there are not fix for this in the pipeline yet as far as I know.
Hi bro:

You missed the the cache test part

So .I will explain this
Code: Select all
/ip dns static
add address=1.1.1.1 name=one.one.one.one
add cname=one.one.one.one regexp="\\.example\\.com" type=CNAME
then, manual resolve
Code: Select all
one.one.one.one
and find it in that cache to ensure cache is valid
Code: Select all
/ip dns cache> :put [:resolve one.one.one.one]   
1.1.1.1

/ip dns cache> print where name=one.one.one.one
Flags: S - static 
 #   NAME                                                          TYPE  DATA                                                                                             TTL         
 0 S one.one.one.one                                               A     1.1.1.1                                                                                          1d
then, manual resolve
Code: Select all
 aaa.example.com
Result:
Code: Select all
/ip dns cache> :put [:resolve aaa.example.com]   
failure: dns name does not exist
when I change
Code: Select all
/ip dns static add cname=one.one.one.one regexp="\\.example\\.com" type=CNAME

to
Code: Select all
/ip dns static add cname=one.one.one.one name=aaa.example.com type=CNAME

it works:
Code: Select all
/ip dns static> :put [:resolve aaa.example.com]
1.1.1.1
So,You have said:
So in this case the question for aaa.example.com is not honored on the DNS resolved in Mikrotik
YES!

But you also have said :
For example. If I add a CNAME with key test.example.local with value dns.google.com I cannot resolve test.example.local.-
This will not work for me unless I have dns.google.com in cache

NO! ,This is different issue I have
Code: Select all
one.one.one.one
in dns cache, and it works without Regexp when I have
Code: Select all
one.one.one.one
in dns cache, but not work with Regexp entry

And:
I still interested in how to let mikrotik know my issue :D
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], glushkoo, Google [Bot], HeinoHomm, raiser, woland and 103 guests
  4. RouterOS
  5. General