Community discussions

MikroTik App
 
aplsms
just joined
Topic Author
Posts: 11
Joined: Fri Nov 11, 2016 11:25 pm

Strange DNS behavior with DoH enabled

Sat Nov 20, 2021 7:35 pm

Hello,

I have strange behavior if i enable DoH on my Mikrotik
I have few static hosts in my DNS zone: like router.apl and sonora.apl
If i'm using regular DNS server forwarding with config:
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip dns static
add address=192.168.1.1 name=router.apl
add address=10.10.20.4 name=sonora.apl
i have:
$ host sonora.apl 10.10.20.1
Using domain server:
Name: 10.10.20.1
Address: 10.10.20.1#53
Aliases:

sonora.apl has address 10.10.20.4
if i change it to DoH,
/ip dns
set allow-remote-requests=yes use-doh-server=https://1.1.1.1/dns-query
/ip dns static
add address=192.168.1.1 name=router.apl
add address=10.10.20.4 name=sonora.apl
i have:
$ host sonora.apl 10.10.20.1
Using domain server:
Name: 10.10.20.1
Address: 10.10.20.1#53
Aliases:

sonora.apl has address 10.10.20.4
Host sonora.apl not found: 3(NXDOMAIN)
Host sonora.apl not found: 3(NXDOMAIN)
Why i have NXDOMAIN on second request, if i have correct answer from server and how to remove "NXDOMAIN" if i have correct answer from static?

# nov/20/2021 09:30:29 by RouterOS 6.49.1
# software id = N28H-BXPP
#
# model = RouterBOARD 750G r2


Thank you.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Strange DNS behavior with DoH enabled

Sat Nov 20, 2021 8:57 pm

There's known inconsistency between processing with and without DoH:

viewtopic.php?p=798048#p798048

Don't ask me why they did it like that, it doesn't make sense to me either.

In your case, the command actually sends three queries for A, AAAA and MX. Without DoH, RouterOS processes all of them itself, returns address for A and no data for AAAA and MX. No data is correct state, not an error, there simply isn't any such record in otherwise existing domain. With DoH, RouterOS returns address for A, but asks DoH server about other two. And server returns error, because whole thing doesn't exist, there's no .apl TLD.
 
aplsms
just joined
Topic Author
Posts: 11
Joined: Fri Nov 11, 2016 11:25 pm

Re: Strange DNS behavior with DoH enabled

Sun Nov 21, 2021 7:04 am

Looks like a bug, that nobody want to fix.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Strange DNS behavior with DoH enabled

Sun Nov 21, 2021 9:56 am

Have you send email to support and they reply that they will not fix it?

You can use hairpin rule on your router, then you reach your internal server using public DNS ip.

Who is online

Users browsing this forum: Amijani, Bing [Bot], CoMMyz, PhillipPer, uxertxo and 85 guests