Community discussions

MikroTik App
 
davorin
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Sun Mar 03, 2019 6:23 pm

No DNS resolving anymore

Fri Jun 17, 2022 3:09 pm

Good afternoon

Recently upgraded to 6.49.6 as I thought this would address the IPv6 problems with my ISP...but it was the ISP who has issues with it and stopped announcing...

But now all DNS queries to the router are not answered anymore...though I see in the Quick tab setting that it has the upstream DNS servers configured..and those are working with dig @...
Also when doing an update check it tells me that it can't resolve the DNS name of the update server.

In the DNS settings tab I also see the working upstream servers...
Only fixed DNS entries are answered now.

Any hints where else I could look?


thanks in advance
richard
 
davorin
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Sun Mar 03, 2019 6:23 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 11:54 am

Good morning (o;

No one any idea why DNS doesn't work anymore?
 
erlinden
Forum Guru
Forum Guru
Posts: 1921
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: No DNS resolving anymore

Tue Jun 21, 2022 11:58 am

Please share your config (/export file=anynameyoulike), make sure to remove any personal information.
Besides, please also post an ipconfig /all (assuming you use Windows).
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 12:16 pm

Also when doing an update check it tells me that it can't resolve the DNS name of the update server.
I have seen that happen on routers running for a long time, and fixed with a reboot. No idea what is really going on there, maybe a bug.
 
davorin
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Sun Mar 03, 2019 6:23 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 12:32 pm

Nope..restart didn't help...

Have to dig out my other RB 750G g3 and see if it behaves the same way.....should have a WAN IP spare here (o;
You do not have the required permissions to view the files attached to this post.
 
jaxed8
Member Candidate
Member Candidate
Posts: 195
Joined: Tue Jul 27, 2021 8:25 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 1:11 pm

On /ip dhcp-server network you need to use your router address as a DNS server. like:
/ip dhcp-server network add address=10.0.0.0/16 dns-server=10.0.0.1 domain=example.net gateway=10.0.0.1 netmask=16

If still not working, try this:
/ip dns set allow-remote-requests=yes cache-max-ttl=1m servers=1.1.1.1

And If still not working, try this one:
/ip dns set allow-remote-requests=yes servers=1.1.1.1
/ip dns static add address=10.0.0.1 disabled=yes name=router.lan
 
davorin
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Sun Mar 03, 2019 6:23 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 1:25 pm

No joy with those settings...and I had the 10.0.0.1 as DNS server before in the DHCP server network....

What makes me wonder is that on console it lists the upstream DNS servers:
[admin@gw] > /ip dns print
                      servers: x.x.24.158,x.x.17.60
              dynamic-servers: 10.1.20.11
               use-doh-server: 
              verify-doh-cert: no
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 2048KiB
                cache-max-ttl: 1m
                   cache-used: 35KiB
...but it won't resolve anything as well in the console....even with the upstream DNS configured in the DHCP server network setting.
[admin@gw] > /ping google.com
invalid value for argument address:
    invalid value of mac-address, mac address required
    invalid value for argument ipv6-address
    while resolving ip-address: could not get answer from dns server
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 1:49 pm

That 10.1 dynamic server is strange. Does your ISP use CGNAT (i.e. do you get an address in the 10, 172.16 or 192.168 range from them)?
 
davorin
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Sun Mar 03, 2019 6:23 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 1:56 pm

Ah no...that dynamic DNS is from my employer which is pushed as soon the IPsec is established...

But really odd.....the same setup worked before with resolving DNS on the RB750....
Now when I disable the IPsec remote peer DNS resolving works now....
[admin@gw] > /ping google.com
  SEQ HOST                                     SIZE TTL TIME  STATUS                                 
    0 172.217.168.46                             56 116 13ms 
    1 172.217.168.46                             56 116 14ms 
So something has made it stop working with RouterOS 6.49.6.

Also what was/is always annoying that when an IPsec connection is reestablished all current IP connections to the Internet are dropped.

Can I disable pushed DNS from an IPsec peer?


Well I intend to get a second WAN link with static v4/v6 from another ISP as backup and IPsec connections only....
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 3:57 pm

Your employer pushes a default route or IPsec profile with 0.0.0.0/0 destination? That is very annoying indeed.
 
davorin
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Sun Mar 03, 2019 6:23 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 4:00 pm

Nope..just loads 10.1.x/24 prefixes and DNS....
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 4:44 pm

But does that DNS service offer recursive lookups of Internet DNS names? Or only local names on the company network?
When you lookup upgrade.mikrotik.com via the 10.1.20.11 network it should work and return the usual IP addresses (159.148.147.204 and 159.148.172.226).
When that doesn't work, you will have problems. DNS does not work in a "when this server returns an error, try another one" fashion!
ALL servers in the list should work for ALL of the names (both internal and external).
 
davorin
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Sun Mar 03, 2019 6:23 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 4:48 pm

It does offer recursive lookup as it is our company internal DNS for all devices...
; <<>> DiG 9.10.6 <<>> @10.1.20.11 upgrade.mikrotik.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43291
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;upgrade.mikrotik.com.		IN	A

;; ANSWER SECTION:
upgrade.mikrotik.com.	811	IN	CNAME	download.mikrotik.com.
download.mikrotik.com.	861	IN	A	159.148.172.226
download.mikrotik.com.	861	IN	A	159.148.147.204
Problem is that even RB750 itself can't lookup DNS anymore when DNS is pushed via IPsec...which wasn't the case before...


Okay..that helped to get rid of the company DNS pushing:

viewtopic.php?t=164936

[admin@gw] > /ip ipsec mode-config set use-responder-dns=no company
[admin@gw] > /ping google.com
  SEQ HOST                                     SIZE TTL TIME  STATUS                              
    0 142.250.203.110                            56 116 14ms 
    1 142.250.203.110                            56 116 16ms 
    sent=2 received=2 packet-loss=0% min-rtt=14ms avg-rtt=15ms max-rtt=16ms 

me@Mac-mini~ % dig @10.0.0.1 upgrade.mikrotik.com
; <<>> DiG 9.10.6 <<>> @10.0.0.1 upgrade.mikrotik.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22822
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;upgrade.mikrotik.com.		IN	A

;; ANSWER SECTION:
upgrade.mikrotik.com.	40	IN	CNAME	download.mikrotik.com.
download.mikrotik.com.	40	IN	A	159.148.172.226
download.mikrotik.com.	40	IN	A	159.148.147.204
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: No DNS resolving anymore

Tue Jun 21, 2022 5:09 pm

But does the router have a valid address that can access the company network? It needs that to perform queries by itself. Maybe only your company PC has a valid address and not the router?
Anyway, it is impossible to debug such things remotely, so I'll leave you to it.

Who is online

Users browsing this forum: Greyhard, yosmithy and 38 guests