Community discussions

MikroTik App
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

v7.7rc is released!

Mon Dec 12, 2022 1:00 pm

RouterOS version 7.7rc1 has been released "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.7rc1 (2022-Dec-08 16:38):

Changes in this release:

*) certificate - improved Let's Encrypt logging and error recovery;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) ike1 - disallow "remote-id" setting for identity;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - properly show leading zeros in MCC and MNC strings;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - fixed assigning of explicit null label for IPv6;
*) ovpn - added support for IPv6 tunneling;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) swos - fixed SwOS configuration changes from RouterOS;
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;

Other changes since v7.6:

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7rc is released!

Mon Dec 12, 2022 1:16 pm

*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
Great news!

But this means we will not see the default behavior to change on devices that did not use a RAM file system till now? So to have consistent behavior (and paths in scripts) on all devices I create a disk of type "tmpfs" with slot "tmpfs" and store my volatile data in "/tmpfs/...".
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Mon Dec 12, 2022 1:27 pm

*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
Finally Playstation Network work?
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 387
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.7rc is released!

Mon Dec 12, 2022 1:31 pm

*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
Great news!

But this means we will not see the default behavior to change on devices that did not use a RAM file system till now? So to have consistent behavior (and paths in scripts) on all devices I create a disk of type "tmpfs" with slot "tmpfs" and store my volatile data in "/tmpfs/...".
defaults does not change. This is optional and needs to be enabled:
https://help.mikrotik.com/docs/display/ ... AMtofolder
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v7.7rc is released!

Mon Dec 12, 2022 1:33 pm

Interested in what this one means - *) firewall - made "dynamic" parameter settable for IPv4 address lists;
 
jrpaz
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Wed Jun 05, 2013 5:54 am

Re: v7.7rc is released!

Mon Dec 12, 2022 1:40 pm

RB4011 & hAP AC3 work great!

The only issue is on the RB4011 wifiwave2 capsman the cap interfaces show as inactive with registrations on them.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.7rc is released!

Mon Dec 12, 2022 2:26 pm

*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
5 years later, but congrats! and thank you!
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7rc is released!

Mon Dec 12, 2022 2:44 pm

Thank you for nice christmas gift, but please no bricking in release candidate :) From the log I can see that youre working on wifiwave2...PLEASE IMPLEMENT LAST MISSING ROAMING STANDARD 802.11v.... IN NEXT RELEASE
 
psannz
Member Candidate
Member Candidate
Posts: 127
Joined: Mon Nov 09, 2015 3:52 pm
Location: Renningen, Germany

Re: v7.7rc is released!

Mon Dec 12, 2022 2:48 pm

Love the adjusted changelog format. A lot easier to understand what changes relate to what beta and/or stable :)
 
huntermic
Member Candidate
Member Candidate
Posts: 111
Joined: Wed Oct 26, 2016 3:42 pm

Re: v7.7rc is released!

Mon Dec 12, 2022 2:50 pm

these changelogs are indeed a lot better
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.7rc is released!

Mon Dec 12, 2022 4:17 pm

*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
Not see the default behavior to change on devices that did not use a RAM file system till now? So to have consistent behavior (and paths in scripts) on all devices I create a disk of type "tmpfs" with slot "tmpfs" and store my volatile data in "/tmpfs/...".
Seem to work in limited testing. I'm okay with their approach: if a script needs a RAMdisk, it can just create one now. Although the idea that the root always a RAMdisk on all devices be more convenient for sure. But I guess this does allow some flexibility and control the max sizes, and set a fixed name for the path (slot=).

I did find that if it's a large file from say /tool/fetch, seems you have to set "tmp-max-size" to control the max file size as I got on "out of space" error when I tried a 700M file without it. But it was willing to fill memory with the file, winbox let you download it, and when you delete it memory, the memory is freed was expected (at least according to /system/resouces)
/disk/add partition-size=800M tmpfs-max-size=800M type=tmpfs slot=myramdisk
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Mon Dec 12, 2022 4:32 pm

7.7rc1 still got dns-forward issue
failure: dns name exists, but no appropriate record
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: v7.7rc is released!

Mon Dec 12, 2022 4:52 pm

*) mpls - fixed assigning of explicit null label for IPv6;

Glad to see the work going into MPLS on IPv6. Being able to build an IPv6 only underlay and deliver v4/v6 services on top of that is the direction overlay networking is headed. I'm encouraged by the amount of IPv6 work that i've seen go into ROSv7.

Keep it up :)
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7rc is released!

Mon Dec 12, 2022 5:30 pm

I did find that if it's a large file from say /tool/fetch, seems you have to set "tmp-max-size" to control the max file size as I got on "out of space" error when I tried a 700M file without it. But it was willing to fill memory with the file, winbox let you download it, and when you delete it memory, the memory is freed was expected (at least according to /system/resouces)
I guess your device has anything up to 1GB of RAM. Without giving "tmp-max-size" you have half of your RAM for the disk.
 
hoeser
just joined
Posts: 17
Joined: Wed Jan 13, 2021 5:45 pm

Re: v7.7rc is released!

Mon Dec 12, 2022 6:30 pm

Hap ax2 (US/North American version) "failed to set country" on this release, wifi radios down. This happens with any Canada or United States selection, or undefining the variable all together.

This 7.7 release chain for the ax2 has been a complete disaster.
 
nemoforum
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Thu Jan 05, 2017 11:08 pm

Re: v7.7rc is released!

Mon Dec 12, 2022 6:53 pm

And where
/interface/wifiwave2/info country-info
is located now?
 
ergohack
just joined
Posts: 5
Joined: Wed Oct 19, 2022 11:28 pm
Location: Nova Scotia, Canada

Re: v7.7rc is released!

Mon Dec 12, 2022 9:13 pm

RB5009 2.5G SFP module support introduced in 7.7beta8 no longer appears to be working. It was working in 7.7beta8 & 7.7beta9. My ISP uses a GPON module that can link at 2.5G. With 7.7beta8 and 7.7beta9, I was able to get my full download bandwidth of ~1280Mbps by plugging the GPON directly into the SFP+ port on my RB5009. With 7.7rc1, it's down to gigabit download speeds using the same hardware configuration.
I've also tried using a 2.5GBase-T SFP module that worked correctly under 7.7beta8 & 7.7beta9, same thing. Speeds are reduced to gigabit despite routeros reporting a 2.5Gbps link.

(second edit)
False alarm. I have no idea what happened here; I tested multiple ways and it was acting exactly the same as before the 2500BaseX addition. It's definitely not as snappy as before, but there's always the chance that it's just my ISP coincidentally added load to my node at the same time that I updated to 7.7rc1.
(edit)
CPU usage with my hardware config is approximately doubled when doing NAT, compared to the previous betas.
Last edited by ergohack on Wed Dec 14, 2022 9:19 pm, edited 1 time in total.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: v7.7rc is released!

Mon Dec 12, 2022 10:34 pm

Another kudo for the great change log, having both incremental for current release and differential since v7.6 is much appreciated.
 
105547111
Member Candidate
Member Candidate
Posts: 135
Joined: Fri Jun 22, 2012 9:46 pm

Re: v7.7rc is released!

Mon Dec 12, 2022 10:57 pm

sstp client can't connect since 7.6. Works fine 7.5 and 6.48.6LT.

I put in a support ticket, supplied supouts, suggestion was disable fastrack did nothing. Simply downgrade back to 7.5 and it works.

sstp1-out initializing
sstp1-out connecting
sstp1-out terminating - closed by remote peer

Only thing is back in 7.6 change log:
*) sstp - added VRF support for client;
 
daaf
just joined
Posts: 11
Joined: Sun Jan 12, 2020 4:39 am

Re: v7.7rc is released!

Tue Dec 13, 2022 5:35 am

I can't set or get the disk name on my hap ac3.
RouterOS version 7.7rc1 has been released "v7 testing" channel!
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.7rc is released!

Tue Dec 13, 2022 7:51 am

What are you trying to do there? Try print before using set. And don't use set numbers, that is used after print, and should be used with number, not name
 
daaf
just joined
Posts: 11
Joined: Sun Jan 12, 2020 4:39 am

Re: v7.7rc is released!

Tue Dec 13, 2022 8:14 am

What I'm trying to say is that the "name" attribute no longer exists in this release, so I can't get it, nor can I set it.
What are you trying to do there? Try print before using set. And don't use set numbers, that is used after print, and should be used with number, not name
You do not have the required permissions to view the files attached to this post.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Tue Dec 13, 2022 9:22 am

kcarhc - If you refer to FWD DNS static entries that forward requests to another server by using the domain name as the server address, not the IP, then the issue will be fixed in the next release. If not, then please send an example to support@mikrotik.com or post it here.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Tue Dec 13, 2022 11:23 am

*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
5 years later, but congrats! and thank you!
Indeed, finally! Thanks a lot, it would have been very useful on our CCRs (in v6) which have later been replaced by CHR so now it doesn't matter anymore...
But I can use it on my home RB4011.
I note the size and free number displays are a bit funny, they have a space every 3 digits. Maybe they could not decide whether to use a , or . ?
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 387
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.7rc is released!

Tue Dec 13, 2022 12:03 pm

I can't set or get the disk name on my hap ac3.
Disks now have slot, as their name. This will be included in Winbox in future releases.

/disk set 0 slot=...
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.7rc is released!

Tue Dec 13, 2022 12:57 pm

MT Please fix:
viewtopic.php?t=182618
"Getting Bridge Port from DHCP Leases in Terminal"

Or at least acknowledge that you see the difference in behavior and are working on a future fix.
 
jrpaz
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Wed Jun 05, 2013 5:54 am

Re: v7.7rc is released!

Tue Dec 13, 2022 1:01 pm

With wifiwave2/capsman has anyone had any success with WPA(1/2/3) enabled?
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Tue Dec 13, 2022 1:37 pm

@strods OK, I will test for forward requests to another server by IP.
 
daaf
just joined
Posts: 11
Joined: Sun Jan 12, 2020 4:39 am

Re: v7.7rc is released!

Tue Dec 13, 2022 1:55 pm

Understood, I have looked for the changes made in the change log but I have not observed any entry about this. I have also reported the problem of global variables in the following post that I mention without getting any response.

viewtopic.php?p=944654#p944663

Disks now have slot, as their name. This will be included in Winbox in future releases.

/disk set 0 slot=...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Tue Dec 13, 2022 2:32 pm

On WinBox 3.37 and RouterOS 7.6 I'm no longer able to repeat the bug on arm64, is a mipsle-only bug?
When I have the time I do some test.
 
User avatar
Ullinator
just joined
Posts: 8
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.7rc is released!

Tue Dec 13, 2022 2:42 pm

*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
I was wondering about the instability on my CRS324-24G-2S+ switches (spontanious reboots several times a day without any obvious reasons), now I know the reason ;-)
Fixed now, thank you, MT :-)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Tue Dec 13, 2022 3:21 pm

@daaf

THE BUG STILL EXIST, BUT (for me) HAPPEN ONLY ON MIPSBE!!! (Winbox 3.37 64 bit)

I am not able to reply it on RB5009 arm64

viewtopic.php?p=944654#p944663

terminal code

[admin@MikroTik] > export
# jan/02/1970 00:28:35 by RouterOS 7.7rc1
# software id = 05P4-9A42
#
# model = RB922UAGS-5HPacD
# serial number = 724606255106
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/system routerboard settings
set init-delay=2s reformat-hold-button-max=2m
/system script
add dont-require-permissions=no name=hello-word owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source=":global helloWorld;\r\n:set helloWorld do={:put \"Hello World.\";}"
[admin@MikroTik] > 
Running the script (no matter if on terminal or on winbox) the run script count increase by 1 and /system script environment report the right value.
But after some minutes and after terminal or winbox is closed, the run script count return to 0 and the environment is cleaned.
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Jun 15, 2015 12:23 pm

Re: v7.7rc is released!

Tue Dec 13, 2022 4:47 pm

Any plans for fix broken VPN4 bgp reflection ?
 
riv
just joined
Posts: 16
Joined: Wed Jun 07, 2006 4:16 am

Re: v7.7rc is released!

Tue Dec 13, 2022 5:54 pm

Any plans for fix broken VPN4 bgp reflection ?
Been waiting for this as well, so many testing releases, with no fix on the VPNV4
 
jackrabbit
just joined
Posts: 11
Joined: Tue Jul 07, 2020 1:28 pm

Re: v7.7rc is released!

Tue Dec 13, 2022 5:58 pm

Any plans for fix broken VPN4 bgp reflection ?
Been waiting for this as well, so many testing releases, with no fix on the VPNV4
Similarly, BGP-signaled VPLS with route reflection still not working. Really hinders our ability to deploy v7. :/
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 120
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.7rc is released!

Tue Dec 13, 2022 6:03 pm

Any plans for fix broken VPN4 bgp reflection ?

Are you experiencing issues with a Routeros v7 Route Reflector? I am testing against a Cisco Route Reflector, and it seems to work properly.
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 120
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.7rc is released!

Tue Dec 13, 2022 6:08 pm



Been waiting for this as well, so many testing releases, with no fix on the VPNV4
Similarly, BGP-signaled VPLS with route reflection still not working. Really hinders our ability to deploy v7. :/

I have successfully tested LDP-signaled/BGP auto-discovery VPLS ("Cisco VPLS") against a RouterOS V6 route reflector. Unlike VPNv4, it does not work against a Cisco route reflector [SUP-83173].
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.7rc is released!

Tue Dec 13, 2022 7:09 pm

Thanks for that. I too have infrequently seen this "forgotten global" problem. I generally attributed to maybe the router got rebooted etc etc, so just reloaded the script functions that I thought should have been there already... Still have a few MIPSBE RB953s in field, and that's exactly where it seems to happen now that I think about.
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.7rc is released!

Tue Dec 13, 2022 7:14 pm

Fix VPN4 BGP please!
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Tue Dec 13, 2022 7:22 pm

@strods please check SUP-100937, SUP-100938 another two dns-forward issue on 7.7rc1 with forward-to=ip
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7rc is released!

Tue Dec 13, 2022 7:28 pm

Hmm, wondering why I have not seen the issue with global variables disappearing... 🤔
I do a lot of scripting, also on mipsbe devices.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Tue Dec 13, 2022 8:46 pm

Just try yourself... ;)
 
ToTheCLI
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Mon Jan 04, 2016 3:54 am

Re: v7.7rc is released!

Tue Dec 13, 2022 10:53 pm

RB5009 2.5G SFP module support introduced in 7.7beta8 no longer appears to be working. It was working in 7.7beta8 & 7.7beta9. My ISP uses a GPON module that can link at 2.5G. With 7.7beta8 and 7.7beta9, I was able to get my full download bandwidth of ~1280Mbps by plugging the GPON directly into the SFP+ port on my RB5009. With 7.7rc1, it's down to gigabit download speeds using the same hardware configuration.
I've also tried using a 2.5GBase-T SFP module that worked correctly under 7.7beta8 & 7.7beta9, same thing. Speeds are reduced to gigabit despite routeros reporting a 2.5Gbps link.

(edit)
CPU usage with my hardware config is approximately doubled when doing NAT, compared to the previous betas.
What is the LAN_SDS mode on the GPON SFP?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7rc is released!

Tue Dec 13, 2022 11:13 pm

Upgraded maplite from 7.6 to 7.7rc1.
Bootloop.

Netinstalled 7.7rc1, all is well now.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7rc is released!

Tue Dec 13, 2022 11:16 pm

Just try yourself... ;)
I did. As said... Can not reproduce.

Does this happen from Winbox only? Working via ssh here...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Tue Dec 13, 2022 11:29 pm

Running the script (no matter if on terminal or on winbox) the run script count increase by 1 and /system script environment report the right value.
But after some minutes and after terminal or winbox is closed, the run script count return to 0 and the environment is cleaned.
I hope you believe me, I'm not the only user notice that and also because I indicated exactly the hardware used and how the device is configured...
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.7rc is released!

Tue Dec 13, 2022 11:42 pm

@rextended
Is this only on 7.7rc(beta)?

Tested on RB951 7.6 that do have some config. Not able to reproduce error.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Wed Dec 14, 2022 12:19 am

No, also tried on 7.4 and 7.6, but the device is always installed from 0 by netinstall.
Tomorrow I try to find one RB951 to test it,
but the bug appears both on RB911G-5HPnD and on RB922UAGS-5HPacD with RouterOS 7.7rc1 and RouterBOOT 7.7rc1 with WinBox 3.37 64 bit
(powered by PoE 24V from a CRS112-8P-4S-IN), do not appear on RB5009 (arm64).
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7rc is released!

Wed Dec 14, 2022 12:26 am

I can't set or get the disk name on my hap ac3.
Disks now have slot, as their name. This will be included in Winbox in future releases.

/disk set 0 slot=...
This issue brings in problem in starting containers. All I need are to re create and do some minor configurations
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7rc is released!

Wed Dec 14, 2022 12:27 am

It seems the previous issues in beta 8 and 9 of restarting CAPs have been resolved. CAPsMAN and wireless now are stable
 
daaf
just joined
Posts: 11
Joined: Sun Jan 12, 2020 4:39 am

Re: v7.7rc is released!

Wed Dec 14, 2022 4:48 am

Currently I have done the test on a hAP ac3 (arm) and the same thing happens, the global variables disappear from the environment after a few minutes of closing the winbox.

@antonsb @emils
@daaf

THE BUG STILL EXIST, BUT (for me) HAPPEN ONLY ON MIPSBE!!! (Winbox 3.37 64 bit)

I am not able to reply it on RB5009 arm64

viewtopic.php?p=944654#p944663
 
User avatar
junbr0
just joined
Posts: 10
Joined: Sat Jan 09, 2021 10:50 am

Re: v7.7rc is released!

Wed Dec 14, 2022 11:49 am

gosh, please make it more modularized like v6.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Wed Dec 14, 2022 1:04 pm

7.7rc1 lost Dynamic Servers from pppoe-client, when pppoe-client up 1 hours. maybe dns crash. please check SUP-100985
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Wed Dec 14, 2022 1:16 pm

the 7,7rc1 in our case (more then 5M routes) freezes when modify a filter rule.
opened ticket [SUP-100981]
very dangerous case because the router desn't reboot just freeze and need a powercycle.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Wed Dec 14, 2022 1:29 pm

Spero che non era in produzione...
[I hope it wasn't in production...]
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Wed Dec 14, 2022 1:35 pm

Spero che non era in produzione...
[I hope it wasn't in production...]
it was :(
on the lab the issue didn't arise......
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7rc is released!

Wed Dec 14, 2022 1:41 pm

the 7,7rc1 in our case (more then 5M routes) freezes when modify a filter rule.
Firewall filter? or route filters?
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Wed Dec 14, 2022 1:44 pm

the 7,7rc1 in our case (more then 5M routes) freezes when modify a filter rule.
Firewall filter? or route filters?
route filter rule, sorry
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 387
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.7rc is released!

Wed Dec 14, 2022 1:51 pm

Currently I have done the test on a hAP ac3 (arm) and the same thing happens, the global variables disappear from the environment after a few minutes of closing the winbox.
Thanks, we repeated the issue
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 87
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7rc is released!

Wed Dec 14, 2022 2:13 pm

With wifiwave2/capsman has anyone had any success with WPA(1/2/3) enabled?
What seems to be the issue?
Did you follow the example in the wifiwave2 documentation?
You may need to set `/interface/wifiwave2/cap set discovery-interfaces=all` on the cAP as well as add wifi interfaces to a bridge for wireless clients to get DHCP addresses.
Also WPA1 and WPA3 cannot be used simultaneously.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Wed Dec 14, 2022 2:25 pm

[...] the global variables disappear from the environment after a few minutes of closing the winbox [...]
Thanks, we repeated the issue
Oh, this is great!!!!
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 387
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.7rc is released!

Wed Dec 14, 2022 3:17 pm

This issue brings in problem in starting containers. All I need are to re create and do some minor configurations
Please elaborate.
Name(slot) does not change on previously added/formatted disks. On newly done formats slot will assume new name based on physical slot. If name was "disk1", slot will stay "disk1" until you reformat.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Wed Dec 14, 2022 3:44 pm

7.7rc1 lost Dynamic Servers from pppoe-client, when pppoe-client up 1 hours. maybe dns crash. please check SUP-100985
Works OK for me, no change relative to earlier versions. Do you keep the IPv4 connectivity or is the local IP address assigned via PPPoE also lost?
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Jun 15, 2015 12:23 pm

Re: v7.7rc is released!

Wed Dec 14, 2022 4:33 pm

Any plans for fix broken VPN4 bgp reflection ?

Are you experiencing issues with a Routeros v7 Route Reflector? I am testing against a Cisco Route Reflector, and it seems to work properly.
No, i using VPN4 ie l3 vpn (VPRN). inside vrf ROS 7 transmit self nexthop instead of mpls hop. Ie ROS7 just ignore option propagate
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Wed Dec 14, 2022 4:40 pm

7.7rc1 lost Dynamic Servers from pppoe-client, when pppoe-client up 1 hours. maybe dns crash. please check SUP-100985
Works OK for me, no change relative to earlier versions. Do you keep the IPv4 connectivity or is the local IP address assigned via PPPoE also lost?
maybe you need dns-forward domain many times, it will crash the dns, then it will be empty, pppoe-client still online. alreay have the video and submit to the ticket
 
jacobp
just joined
Posts: 1
Joined: Sat Dec 03, 2022 10:15 pm

Re: v7.7rc is released!

Wed Dec 14, 2022 8:35 pm

Hap ax2 (US/North American version) "failed to set country" on this release, wifi radios down. This happens with any Canada or United States selection, or undefining the variable all together.

Same here, was using the United States3 country in 7.7beta6 but now unable to get any United States country configuration to work. Along with the /interface/wifiwave2/info command being removed or moved somewhere I haven't been able to locate yet.
 
marekm
Member
Member
Posts: 379
Joined: Tue Feb 01, 2011 11:27 pm

Re: v7.7rc is released!

Wed Dec 14, 2022 9:25 pm

Upgraded RB5009 from 7.7beta9 to 7.7rc1 using Winbox "Check For Updates" - upgrade itself worked, installed and latest versions reported correctly, but the changelog window (both before and after upgrade) still shows "What's new in 7.7beta9" and the corresponding 7.7beta9 changelog.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Wed Dec 14, 2022 10:22 pm

That is just a mistake on the download site, it does not affect the device itself.
 
murrayis
just joined
Posts: 21
Joined: Tue Sep 29, 2020 11:57 pm

Re: v7.7rc is released!

Thu Dec 15, 2022 12:31 am

Hi Team,

We've noticed in 7.7rc1 that when using ipv6 the dynamic routes do not update with old delegated prefix staying in the list well after they have been changed.

In our test we adjusted the delegated range in our clients Radius Auth from 1::/64 to a::/64 however in the routing table 30 minutes later still showed the old route. Secondly when testing ipv6 address assignment from a pool we noted that if the customer assigned the IP to the wrong interface eg. WAN instead of LAN and then reconfigured the assignment to the correct interface eg. LAN on the PE there remains in the routing table the original direct route and the new route containing the intermediate.

Due to the new route having an intermediate it is not enabled and leaves the old direct and now invalid route active. The only fix we have found is to reboot the PE router as these routes survived a CPE reboot also.

Incorrect PE Routing and Neighbour List showing multiple routes:

Image

After Reboot of PE Only the 1 route:

Image

I could have it totally incorrectly configured also :)
 
jacobp
just joined
Posts: 1
Joined: Sat Dec 03, 2022 10:15 pm

Re: v7.7rc is released!

Thu Dec 15, 2022 6:38 am

Did some more digging into 7.7rc1 and the radio issues on the hAP ax2. Seems it is missing the countries configuration in the radio after updating, I suspect this means it won't accept any country.

Output from 7.6 release and 7.7rc1, note the missing counties field and info country-info output in 7.7rc1:
RouterOS 7.6:
[admin@Greenroom AP] /interface/wifiwave2/radio> print detail
Flags: L - local 
 0 L radio-mac=**:**:**:**:**:** phy-id=0 tx-chains=0,1 rx-chains=0,1 
     bands=5ghz-a:20mhz,5ghz-n:20mhz,20/40mhz,5ghz-ac:20mhz,20/40mhz,20/40/80mhz,5ghz-ax:20mhz,
      20/40mhz,20/40/80mhz 
     ciphers=tkip,ccmp,gcmp,ccmp-256,gcmp-256,cmac,gmac,cmac-256,gmac-256 
     countries=United States3,Canada2 
     5g-channels=5180,5200,5220,5240,5260,5280,5300,5320,5500,5520,5540,5560,5580,5600,5620,5640,5660,
            5680,5700,5720,5745,5765,5785,5805,5825 

 1 L radio-mac=**:**:**:**:**:** phy-id=1 tx-chains=0,1 rx-chains=0,1 
     bands=2ghz-g:20mhz,2ghz-n:20mhz,20/40mhz,2ghz-ax:20mhz,20/40mhz 
     ciphers=tkip,ccmp,gcmp,ccmp-256,gcmp-256,cmac,gmac,cmac-256,gmac-256 
     countries=United States3,Canada2 
     2g-channels=2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 
[admin@Greenroom AP] /interface/wifiwave2/radio>  /interface/wifiwave2/info/ country-info "United States
3"
  2.4ghz: 2412 MHz      20/40mhz        30 dBm  
          2417 MHz      20/40mhz        30 dBm  
          2422 MHz      20/40mhz        30 dBm  
          2427 MHz      20/40mhz        30 dBm  
          2432 MHz      20/40mhz        30 dBm  
          2437 MHz      20/40mhz        30 dBm  
          2442 MHz      20/40mhz        30 dBm  
          2447 MHz      20/40mhz        30 dBm  
          2452 MHz      20/40mhz        30 dBm  
          2457 MHz      20/40mhz        30 dBm  
          2462 MHz      20/40mhz        30 dBm  
          2467 MHz      20/40mhz        30 dBm  
    5ghz: 5180 MHz      20/40/80mhz     30 dBm  
          5200 MHz      20/40/80mhz     30 dBm  
          5220 MHz      20/40/80mhz     30 dBm  
          5240 MHz      20/40/80mhz     30 dBm  
          5745 MHz      20/40/80mhz     30 dBm  
          5765 MHz      20/40/80mhz     30 dBm  
[admin@Greenroom AP] /interface/wifiwave2/radio> 

7.7rc1
[admin@Greenroom AP] > /interface/wifiwave2/radio/ print detail
Flags: L - local 
 0 L radio-mac=**:**:**:**:**:** phy-id=0 tx-chains=0,1 rx-chains=0,1 
     bands=5ghz-a:20mhz,5ghz-n:20mhz,20/40mhz,5ghz-ac:20mhz,20/40mhz,20/40/80mhz,5ghz-ax:20mhz,20/40mhz,20/40/80mhz 
     ciphers=tkip,ccmp,gcmp,ccmp-256,gcmp-256,cmac,gmac,cmac-256,gmac-256 countries=United States3,Canada2 
     5g-channels=5180,5200,5220,5240,5260,5280,5300,5320,5500,5520,5540,5560,5580,5600,5620,5640,5660,5680,5700,5720,5745,
            5765,5785,5805,5825 
     max-vlans=128 max-interfaces=16 max-station-interfaces=3 max-peers=120 interface=Schnell-5GHz 

 1 L radio-mac=**:**:**:**:**:** phy-id=1 tx-chains=0,1 rx-chains=0,1 
     bands=2ghz-g:20mhz,2ghz-n:20mhz,20/40mhz,2ghz-ax:20mhz,20/40mhz 
     ciphers=tkip,ccmp,gcmp,ccmp-256,gcmp-256,cmac,gmac,cmac-256,gmac-256 countries=United States3,Canada2 
     2g-channels=2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462 max-vlans=128 max-interfaces=16 
     max-station-interfaces=3 max-peers=120 interface=Schnell-2.4GHz 
[admin@Greenroom AP] > /interface/wifiwave2/info/ country-info "United States3"
syntax error (line 1 column 26)
[admin@Greenroom AP] > 
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: v7.7rc is released!

Thu Dec 15, 2022 5:43 pm

Hello Dear Mikrotik Team,

ipv6 nat does not work correctly with Simple Queues

We Use ULA addresses inside our network, with SRC-NAT rules to real IPv6 addresses in IPv6 Firewall's Mangle Tab.

But Simple queue for fd00::/8 does not work. UPSTREAM rate is zero, even if packets are marked by Firewall for the queues.

As soon as we add real (external) prefix for simple queue ('s target), it starts counting upstream (Upload rate/bytes)

Could you please fix it.. We do not intend to assign real IPv6 addresses due to PCC based IPv6 Load balancing..

Thanks and regards,
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7rc is released!

Thu Dec 15, 2022 6:08 pm

IPv6 works for me, including ULA, nat, mangle and simple queue. I do use the interface in queue's target, though.

What's your exact rule set and configuration? Is this specific to RouterOS 7.7?
 
kiwi35
just joined
Posts: 1
Joined: Thu Jan 13, 2022 3:23 pm

Re: v7.7rc is released!

Thu Dec 15, 2022 11:29 pm

About :
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
Any information on how to use this ?
I can make a GRE tunnel inside a vrf but cannot got outside. Eg src/dst of the tunnel in VRF External vrf, but not the IP of the tunnel.

Regards
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Dec 16, 2022 11:55 am

Incredible that the forgotten space in the message "route,bgp,error HoldTimer expiredpeername" (between expired and peername) still hasn't been fixed...
 
huntermic
Member Candidate
Member Candidate
Posts: 111
Joined: Wed Oct 26, 2016 3:42 pm

Re: v7.7rc is released!

Fri Dec 16, 2022 12:21 pm

Incredible that the forgotten space in the message "route,bgp,error HoldTimer expiredpeername" (between expired and peername) still hasn't been fixed...
Such a major blocking issue, it is a shame
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Dec 16, 2022 1:47 pm

Such a major blocking issue, it is a shame
It would be better when BFD was made available, but in the meantime these errors do occur.
 
User avatar
buvarbeno
just joined
Posts: 9
Joined: Thu Mar 07, 2019 12:11 pm

Re: v7.7rc is released!

Fri Dec 16, 2022 3:58 pm

It is now working well :D
*) certificate - improved Let's Encrypt logging and error recovery;

Error creating new order :: too many certificates already issued for "mynetname.net"

Before this update I got only: error [err]

Mikrotik should talk with Letsencrypt...
or update the manual, not use with cloud domain name... :)
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.7rc is released!

Fri Dec 16, 2022 6:13 pm

Incredible that the forgotten space in the message "route,bgp,error HoldTimer expiredpeername" (between expired and peername) still hasn't been fixed...
Such a major blocking issue, it is a shame
They keep ignoring the bugs and pretend nothing happen.
people waiting for years to be fixed.
I wonder why they creating CCR for?

thx
 
blingblouw
Member
Member
Posts: 345
Joined: Wed Aug 25, 2010 9:43 am

Re: v7.7rc is released!

Fri Dec 16, 2022 7:12 pm

hapac3, users cant connect, disabled ft and users can reconnect
You do not have the required permissions to view the files attached to this post.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7rc is released!

Sun Dec 18, 2022 2:45 pm


They keep ignoring the bugs and pretend nothing happen.
people waiting for years to be fixed.
I wonder why they creating CCR for?

thx
don't get me wrong, i love mikrotik for what they achieve with their devices and rOS, but it is such a shame/pity BGP, one of THE routing protocols, gets orphaned in v7 :(

i got 3 CCR 2004s laying around and not yet active because of the BGP issues giving me headaches to worry about
(also 3 CCR 2116s but not mainly for BGP but there are a lot of VRFs planned on them...)

please MT - look into BGP in rOS v7 to be more on-par with v6 (and BFD)
 
User avatar
buvarbeno
just joined
Posts: 9
Joined: Thu Mar 07, 2019 12:11 pm

Re: v7.7rc is released!

Mon Dec 19, 2022 9:16 am

It is now working well :D
*) certificate - improved Let's Encrypt logging and error recovery;

Error creating new order :: too many certificates already issued for "mynetname.net"

Before this update I got only: error [err]

Mikrotik should talk with Letsencrypt...
or update the manual, not use with cloud domain name... :)
Yesterday I tried again and it worked. Router got a LE cert.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7rc is released!

Mon Dec 19, 2022 12:07 pm

What's new in 7.7rc2 (2022-Dec-16 20:23):

*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 138
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.7rc is released!

Mon Dec 19, 2022 12:21 pm

*) ipsec - improved IKE payload processing;
Reported on ticket SUP-100760. In less than a week resolved. Thanks mikrotik!

Regards,
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7rc is released!

Mon Dec 19, 2022 12:27 pm

Hello Mikrotik,

it would be nice to have release candidate for christmas from you :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.7rc is released!

Mon Dec 19, 2022 12:34 pm

rc2 is literally "release candidate 2" :)
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7rc is released!

Mon Dec 19, 2022 12:43 pm

Sorry I meant stable version ☺️ but thank you anyway...where is rc2 ? :)
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7rc is released!

Mon Dec 19, 2022 12:44 pm

You COULD try download page, maybe ?

https://mikrotik.com/download
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7rc is released!

Mon Dec 19, 2022 12:51 pm

Sorry I meant stable version

If MT thinks that 7.7 might still have some minor issues (and I'm sure they are working hard on fixing them), then why should they rush out a "stable" version? Christmas or not. If they decide to rush stable 7.7 out and then something pops out, there will be quite a few angry users and MT surely doesn't want even more angry users (there are quite a few of them already due to BGP/BFD/... issues).
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7rc is released!

Mon Dec 19, 2022 1:00 pm

Dont be so serious...I was just joking.... :) when we have already RC2 I belieave there will be a present from Mikrotik for christmas :)
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: v7.7rc is released!

Mon Dec 19, 2022 1:08 pm

7.7RC2 looks like has issue with container on x86, autoboot not working, and container permission issue please check the ticket no: SUP-101353, thanks
Last edited by parham on Mon Dec 19, 2022 3:45 pm, edited 1 time in total.
 
User avatar
pekr
Member Candidate
Member Candidate
Posts: 169
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Re: v7.7rc is released!

Mon Dec 19, 2022 3:01 pm

Is there any ETA on wifiwave2 repeater mode? Would like to replace hAP AC2s with hAP AX2s :-)
Last edited by pekr on Mon Dec 19, 2022 4:03 pm, edited 1 time in total.
 
riv
just joined
Posts: 16
Joined: Wed Jun 07, 2006 4:16 am

Re: v7.7rc is released!

Mon Dec 19, 2022 3:06 pm

still no progress on VPNV4 and BFD :-(
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Mon Dec 19, 2022 3:08 pm

Dont be so serious...I was just joking.... :) when we have already RC2 I belieave there will be a present from Mikrotik for christmas :)
There is need to joke anymore about the terrible v7 release schedule...
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7rc is released!

Mon Dec 19, 2022 3:11 pm

if you are unhappy you can buy diffrent brand :) hihi
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.7rc is released!

Mon Dec 19, 2022 3:34 pm

still no progress on VPNV4 and BFD :-(
BGP cosmetic progress only
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Mon Dec 19, 2022 3:50 pm

What's new in 7.7rc2 (2022-Dec-16 20:23):

*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;
did you fix or reproduced the issue about routing filter rule that freeze the arm64 platform when there are a lot of rutes (~5M).

thanks
Ros
 
evbocharov
newbie
Posts: 26
Joined: Tue May 25, 2021 11:06 pm

Re: v7.7rc is released!

Mon Dec 19, 2022 5:56 pm

7.7 rc1-rc2
Anybody show screen dns-settings with default config from rb4011. Thank you so much
 
jacobp
just joined
Posts: 1
Joined: Sat Dec 03, 2022 10:15 pm

Re: v7.7rc is released!

Mon Dec 19, 2022 8:14 pm

Did some more digging into 7.7rc1 and the radio issues on the hAP ax2. Seems it is missing the countries configuration in the radio after updating, I suspect this means it won't accept any country.

The 7.7rc2 release has fixed my issue with the hAP ax2 radios.

With the countries field now populated, the wifi radios start up and devices associate just fine. Thanks to the Mikrotik team for getting that taken care of!
 
chiem
newbie
Posts: 41
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.7rc is released!

Mon Dec 19, 2022 10:15 pm

In v7.6, I could use static dns regex entries to modify AAAA results to ::ffff to block ipv6 for certain hostnames. This doesn't work now--it returns ::ffff and nothing else. How do I get the same behavior in v7.7rc2?

Static CNAME entries also don't seem to be working in some cases, for example:
$ ssh router /ip/dns/static/export | grep youtube
add cname=www.youtube.com name=youtube type=CNAME
$ dig youtube @router

; <<>> DiG 9.18.9 <<>> youtube @router
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63586
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;youtube.                       IN      A

;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(router) (UDP)
;; WHEN: Mon Dec 19 12:24:33 PST 2022
;; MSG SIZE  rcvd: 25
But if I look specifically for the cname type, it'll work:
$ dig youtube cname @router

; <<>> DiG 9.18.9 <<>> youtube cname @router
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65395
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;youtube.                       IN      CNAME

;; ANSWER SECTION:
youtube.                86400   IN      CNAME   www.youtube.com.

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(router) (UDP)
;; WHEN: Mon Dec 19 12:26:16 PST 2022
;; MSG SIZE  rcvd: 54
Not sure that's proper behavior since:
$ ping youtube
ping: Unknown host
$ ping youtube.
ping: Unknown host
Also, upstream CNAME results seem to override static CNAME results.
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7rc is released!

Tue Dec 20, 2022 12:20 am

Hi,

why I can not choose CANADA2? Why is there only CANADA?
 
wifi442
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Tue Jan 12, 2010 11:01 pm

Re: v7.7rc is released!

Tue Dec 20, 2022 3:52 am

Are there any plans to allow ZeroTier instances to use a different VRF?

It would be nice for connections with multiple WANS and OSPF

Keep up the good work guys!
Last edited by wifi442 on Wed Dec 28, 2022 6:52 pm, edited 1 time in total.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Tue Dec 20, 2022 9:06 pm

Thanks for the working on 7.7rc2, both "dns-forward" and "dns-to-address-list" working well.

here is new issue on 7.7rc2, please check on.
SUP-101478, CHR dead after reboot, it show BUG: soft lockup - CPU stuck, loop in auto reboot.
SUP-101479, regex match issue
SUP-101481, IP-Cloud DDNS not working
SUP-101483, remove ipv6 address, after reboot it restore back.
 
Rfulton
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Aug 08, 2017 2:17 am

Re: v7.7rc is released!

Wed Dec 21, 2022 1:38 pm

if you are unhappy you can buy diffrent brand :) hihi
>don't like society? make your own!

Why does society tolerate people like this?
 
easyswiss
just joined
Posts: 13
Joined: Tue Mar 08, 2016 9:49 pm

Re: v7.7rc is released!

Wed Dec 21, 2022 10:34 pm

Please fix as-override in RouterOS 7 a very important function in larger networks.
https://help.mikrotik.com/docs/display/ ... mplateMenu

We bought this year a lot of CCR2216 that do not support RouterOS 6.49.x.
Without as-override we have the wrong origin in a lot of our routes like private and public ASN's from VRRP routers behind our network.
This leads to wrong RPKI and IRR and also broken routes.
 
prmfeddema
newbie
Posts: 29
Joined: Sun Aug 23, 2020 1:53 pm

Re: v7.7rc is released!

Thu Dec 22, 2022 12:56 am

Still having issues with generic BiDi sfp and Delta fiber netherlands (SUP-100127). These SFP BiDi adapters are simply not working - multiple users are reporting the same problem.
SFP BiDi adapter is a generic FS.COM one and is also EEE compliant - hence the issues seems to be completely on the RB5009 side.
SFP adapter works fine in a Mikrotik HexS - so i can rule out an issue with on the SFP / Provide side.

Please fix this as soon as possible.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7rc is released!

Thu Dec 22, 2022 1:50 pm

What's new in 7.7rc3 (2022-Dec-21 17:12):

*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Thu Dec 22, 2022 1:58 pm

*) bgp - fixed connection establishment using link-local addresses;
Please, some details?
On v7 IPv6 BGP with link-local works...
Thanks...
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7rc is released!

Thu Dec 22, 2022 4:30 pm

multihop is no longer required for ebgp with link-local addresses
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7rc is released!

Thu Dec 22, 2022 4:40 pm

multihop is no longer required for ebgp with link-local addresses
Thanks!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Thu Dec 22, 2022 6:55 pm

multihop is no longer required for ebgp with link-local addresses
Ok it seems that the issue with BGP peers not being in the same IPv4 subnet in the route table also has been fixed, but maybe it was fixed long ago (I only re-tested it now).
Case: you have a L2TP/IPsec connection with a remote router, that has e.g. a /24 pool from which you get a single fixed address.
When BGP was configured on v7 between this address and the address of the remote (a fixed address in the /24) it would not work without multihop. But now it does.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Fri Dec 23, 2022 3:23 am

*) dns - improved resolved static entry addition to address list;
please check SUP-91476
 
prawira
Trainer
Trainer
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Re: v7.7rc is released!

Fri Dec 23, 2022 6:07 am

User-Manager....
create users with shared-users=2, when the third user login than it will kill one the existing connection of the same username. the dead connection will reconnect and kill another existing connection, and so on.
tiket SUP-98398

also, i did not see the bugfix for limited login for the-dude SUP-92244
 
chiem
newbie
Posts: 41
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 6:21 am

In v7.6, I could use static dns regex entries to modify AAAA results to ::ffff to block ipv6 for certain hostnames. This doesn't work now--it returns ::ffff and nothing else. How do I get the same behavior in v7.7rc2?
Can someone from Mikrotik comment on this? I've complained about this lost functionality since the betas and haven't seen any responses. If you're going to remove a functionality that users depend upon, can you provide an alternative?
Last edited by chiem on Fri Dec 23, 2022 6:55 am, edited 1 time in total.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Fri Dec 23, 2022 6:49 am

chiem - Can you please provide a simple static DNS entry example (from export) that has been broken ni v7.7?
 
chiem
newbie
Posts: 41
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 7:10 am

chiem - Can you please provide a simple static DNS entry example (from export) that has been broken ni v7.7?
Exactly as I've mentioned, but here's an example in v7.6:

netflix.com returns both A and AAAA records:
$ dig netflix.com a

; <<>> DiG 9.18.9 <<>> netflix.com a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29919
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;netflix.com.                   IN      A

;; ANSWER SECTION:
netflix.com.            34      IN      A       44.242.60.85
netflix.com.            34      IN      A       44.234.232.238
netflix.com.            34      IN      A       44.237.234.25

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP)
;; WHEN: Thu Dec 22 20:57:12 PST 2022
;; MSG SIZE  rcvd: 77

$ dig netflix.com aaaa

; <<>> DiG 9.18.9 <<>> netflix.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46742
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;netflix.com.                   IN      AAAA

;; ANSWER SECTION:
netflix.com.            5       IN      AAAA    2600:1f14:62a:de82:822d:a423:9e4c:da8d
netflix.com.            5       IN      AAAA    2600:1f14:62a:de81:b848:82ee:2416:447e
netflix.com.            5       IN      AAAA    2600:1f14:62a:de80:69a8:7b12:8e5f:855d

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP)
;; WHEN: Thu Dec 22 20:57:13 PST 2022
;; MSG SIZE  rcvd: 113
Since both A and AAAA records are available, the OS prefers ipv6:
$ ping netflix.com
PING6(56=40+8+8 bytes) 2001:559:8632:0:e467:b6ff:fec4:4341 --> 2600:1f14:62a:de81:b848:82ee:2416:447e
^C
--- netflix.com ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
I can add a regex static dns match to modify just the AAAA result to block it:
$ ssh router /ip/dns/static/export | grep netflix
add address=::ffff regexp="^netflix\\.com\$" type=AAAA
Now:
$ dig netflix.com a

; <<>> DiG 9.18.9 <<>> netflix.com a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26660
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;netflix.com.                   IN      A

;; ANSWER SECTION:
netflix.com.            49      IN      A       44.242.60.85
netflix.com.            49      IN      A       44.234.232.238
netflix.com.            49      IN      A       44.237.234.25

;; Query time: 6 msec
;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP)
;; WHEN: Thu Dec 22 21:05:28 PST 2022
;; MSG SIZE  rcvd: 77

$ dig netflix.com aaaa
; <<>> DiG 9.18.9 <<>> netflix.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31711
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;netflix.com.                   IN      AAAA

;; ANSWER SECTION:
netflix.com.            86400   IN      AAAA    ::ffff

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP)
;; WHEN: Thu Dec 22 21:05:30 PST 2022
;; MSG SIZE  rcvd: 57

$ ping netflix.com
PING netflix.com (44.237.234.25): 56 data bytes
^C
--- netflix.com ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
IPv6 is effectively disabled for that address. This doesn't work in v7.7.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Fri Dec 23, 2022 8:05 am

Up until v7.7, there was a difference between static DNS and static DNS regex entries. Once you had, for example, static A DNS entry, the cache also did take care of AAAA records and if there were no entries for that, then AAAA was not resolved. Regex did not do that. If you add A static record, you reply with it to A requests, but AAAA requests are handled through the upstream DNS server. We did change this behavior in order to unify the behavior between simple static and regex entries. Now once you add an A or AAAA entry, both A and AAAA records are handled by static entries. We will discuss this internally once more and will decide how to proceed. Either leave it as is or change the behavior.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7rc is released!

Fri Dec 23, 2022 11:15 am

When BGP was configured on v7 between this address and the address of the remote (a fixed address in the /24) it would not work without multihop. But now it does.
That was fixed a long time ago.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 11:21 am

When BGP was configured on v7 between this address and the address of the remote (a fixed address in the /24) it would not work without multihop. But now it does.
That was fixed a long time ago.
Ok... as I wrote, I now re-tested it because I saw a change item that might be relevant to it. When I first used a v7 beta it was one of the (many) problems
I encountered when migrating the BGP config... some of them have been fixed in the meantime, others have not.
 
arainbow
newbie
Posts: 36
Joined: Sat Sep 15, 2012 12:05 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 11:31 am

In 7.7rc3:
[admin@MikroTik] /ip/ipsec/proposal> add name=chacha auth-algorithms=sha512,
sha256,sha1 enc-algorithms=chacha20poly1305
failure: AEAD already provides authentication

[admin@MikroTik] /ip/ipsec/proposal> add name=gcm auth-algorithms=sha512,sha
256,sha1 enc-algorithms=aes-128-gcm,aes-192-gcm,aes-256-gcm
failure: AEAD already provides authentication
[admin@MikroTik] /ip/ipsec/proposal>
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7rc is released!

Fri Dec 23, 2022 11:35 am

if you are using GCM only then set auth-algorithms=""
 
xmasin
just joined
Posts: 5
Joined: Wed Apr 25, 2018 4:02 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 2:03 pm

What about MPLS BGP VPNv4? I'm still not able to get it works. It seems, that BGP (and any TCP based communication) doesn't work if destination address is using MPLS transport. Tested on ROS 7.7rc3 in virtual enviroment witch CHR.
 
riv
just joined
Posts: 16
Joined: Wed Jun 07, 2006 4:16 am

Re: v7.7rc is released!

Fri Dec 23, 2022 4:05 pm

Please fix as-override in RouterOS 7 a very important function in larger networks.
https://help.mikrotik.com/docs/display/ ... mplateMenu

We bought this year a lot of CCR2216 that do not support RouterOS 6.49.x.
Without as-override we have the wrong origin in a lot of our routes like private and public ASN's from VRRP routers behind our network.
This leads to wrong RPKI and IRR and also broken routes.
What so ironic is, they launch CCR2216 as RouterOS7 only model, as a powerful BGP router, but they don't develop the BGP feature in ROS7 fast enough.
Most BGP updates are cosmetical update, and the important stuffs on BGP ( such as VPNV4, as-override, etc ), got left behind.
Also not forget to mention BFD, which is widely used in core network deployment
 
kiwi35
just joined
Posts: 1
Joined: Thu Jan 13, 2022 3:23 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 4:50 pm

On 7.7rc3 on CRS305, seems the VRRP state is always RM (both sides). It doesn't seems to see the 2 sides and both of VRRP says "hey I am the master"...

Do someone has succeed to deploy VRRP on ROS 7.7rc ?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 6:44 pm

Now once you add an A or AAAA entry, both A and AAAA records are handled by static entries. We will discuss this internally once more and will decide how to proceed.
Unless you use DoH:
/ip dns
set allow-remote-requests=yes use-doh-server=https://1.1.1.1/dns-query
/ip dns static
add name=forum.mikrotik.com address=1.2.3.4 ttl=1m
# dig -t A forum.mikrotik.com @192.168.80.184
...
;; ANSWER SECTION:
forum.mikrotik.com.     60      IN      A       1.2.3.4
...
# dig -t AAAA forum.mikrotik.com @192.168.80.184
...
;; ANSWER SECTION:
forum.mikrotik.com.     153     IN      AAAA    2a02:610:7501:3000::239
...
It's "wrong", because as you wrote, once you add static record of any type, the server will handle records of all types for that name. And if you don't define any other, it will mask/block the real ones from upstream. The thing is, this behaviour is not necessarily wrong, in fact, it could be quite useful, like the mentioned blocking of just AAAA records (breaks my heart of IPv6 fan, but ok). Also for this purpose, rather than returning wrong address, it would be better to have option to pretend that record of that types doesn't exist, e.g.:
/ip dns static add name=<name> type=AAAA no-data=yes
I'm sure you know what should happen, if you want to win some bonus points, you need to come up with a way to support both behaviours. :)
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Fri Dec 23, 2022 6:48 pm

Please fix as-override in RouterOS 7 a very important function in larger networks.
https://help.mikrotik.com/docs/display/ ... mplateMenu

We bought this year a lot of CCR2216 that do not support RouterOS 6.49.x.
Without as-override we have the wrong origin in a lot of our routes like private and public ASN's from VRRP routers behind our network.
This leads to wrong RPKI and IRR and also broken routes.
What so ironic is, they launch CCR2216 as RouterOS7 only model, as a powerful BGP router, but they don't develop the BGP feature in ROS7 fast enough.
Most BGP updates are cosmetical update, and the important stuffs on BGP ( such as VPNV4, as-override, etc ), got left behind.
Also not forget to mention BFD, which is widely used in core network deployment
they replied me that as-override will never happen because it break bgp specs.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 7:01 pm

if you want to win some bonus points, you need to come up with a way to support both behaviours. :)
It would now probably be better to abandon the RouterOS DNS resolver development, reduce it back to a pure resolver as required in a home router, and promote the use of a docker container for advanced DNS...
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.7rc is released!

Fri Dec 23, 2022 8:09 pm

It would now probably be better to abandon the RouterOS DNS resolver development, reduce it back to a pure resolver as required in a home router, and promote the use of a docker container for advanced DNS...
Well you'd lose DNS being script-able. And BIND likely works as container today. It's the in-between use case the just "use my ISPs" and learning zone files where better built-in DNS be useful – glad MT looking at.

But perhaps if they just extended their "FWD" fake record to allow a catch-all (and perhaps DoH there too, and/or set IPv4/IPv6/both as well) – then if you left main DNS servers blank, the "DNS FWD 'static' rules" always apply.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 8:19 pm

What I mean is that the specifications of DNS are quite weird, things should work quite differently from what you think they should, and the whole world has worked around those weird specs to get it working the way they want. By coding a new DNS resolver/server they encounter all these issues, at the moment every release breaks something. It clearly is not the thing the focus should be on right now, and working DNS resolvers/servers already exist.
Now that we have containers, it may be time to leave some things in the dust (like SMB server, proxy, hotspot, and apparently also DNS resolver) and focus on routing again.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.7rc is released!

Fri Dec 23, 2022 8:49 pm

Container don't work on all platforms... And pretty sure they'll get DNS stable again, it is the testing build...

As a regular reader here...I've never understand, now for year+, your repeated BFD support haven't been implemented - since it works in V6. I don't use it, so I don't complain – but know what it does+usefulness. That one puzzles me. But kinda separate from minor extensions to their DNS stuff.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: v7.7rc is released!

Fri Dec 23, 2022 10:52 pm

Now that we have containers, it may be time to leave some things in the dust (like SMB server, proxy, hotspot, and apparently also DNS resolver) and focus on routing again.
I'd rather if they didn't. It's my fear of containers, that they could serve as excuse for MikroTik to not implement some things that would otherwise make sense to have in RouterOS. And I'm glad that so far (and hopefully forever) it doesn't happen. Containers should be for rare special things. That's not the case with these (if differs slightly for each).

Specifically for DNS resolver, what they are trying so far with it is perfectly within a scope of what I expect from advanced router. It just needs more internal testing, more thought given to what might be breaking change for some, perhaps ask users in advance about required use cases, etc.
 
Alter1000
just joined
Posts: 1
Joined: Fri Oct 29, 2021 4:20 pm

Re: v7.7rc is released!

Sat Dec 24, 2022 12:38 am

OSPF with simple auth fails after upgrade from 7.5 to 7.7rc3 with "wrong checksum from xx.xx.xx.xx"
"Fixed" by changing auth to MD5 on both sides.
I've seen this reported for 7.6, but seems to be still a problem.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Sat Dec 24, 2022 10:50 am

Specifically for DNS resolver, what they are trying so far with it is perfectly within a scope of what I expect from advanced router. It just needs more internal testing, more thought given to what might be breaking change for some, perhaps ask users in advance about required use cases, etc.
The problem I have with tinkering with the DNS resolver is that this is a crucial part of functionality for many users, and for the sake of implementing some infrequently used new features they break the basic functionality for users of cloud services every time.

Maybe in addition to the suggestion I made to revert back to a basic DNS resolver, it would be good to have an optional package that implements an advanced DNS resolver/server that users who want that functionality can install. That would be more integrated than a container, but less invasive that tinkering with the resolver all the time.

Containers as they are implemented now are a little heavier than what I had in mind. It is clear that an optional package requires less resources from the router, and at the same time is better integrated with the configuration and scripting interface.
 
DeviceLocksmith
just joined
Posts: 24
Joined: Sat Jan 15, 2022 8:21 am

Re: v7.7rc is released!

Mon Dec 26, 2022 3:06 am

There's no change Mikrotik will be able to maintain fully functional RFC-compliant DNS resolver. Dnsmasq, Knot and BIND contribute a lot more resources into DNS development and still suffer bugs and vulnerabilities. DNS is something that's best left to specialized software.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Mon Dec 26, 2022 11:41 am

It surprises me as well that they did not simply integrate an existing opensource resolver... maybe the focus was mainly on backward config compatibility and the effort required was underestimated (as it was with the new routing engine)...
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.7rc is released!

Mon Dec 26, 2022 4:02 pm

There's no change Mikrotik will be able to maintain fully functional RFC-compliant DNS resolver.
I don't think Mikrotik is pitching their DNS feature as a BIND alternative or looking to be one. Nor could they, DNS assumes the server has some domain that's be delegated from "above" (or top-level domain)... so without a FQDN, you're already off the track.

Yet a DNS server is a a feature on nearly all home routers, and most have similar odd schemes to deal with hosts. Why? Because there is a need to do resolution locally on a small network without a lot IT infrastructure. Like most things in Mikrotik, just don't use the feature – a "real" DNS does makes sense in a lot of case.

And, I doubt DNS resolution is going to be forever broken because some features were added to "/ip dns static". I'd be more worried if they were going to replace their DNS with something new...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Mon Dec 26, 2022 5:36 pm

Well, I have installed 7.7rc3 and you know what, DNS resolution for e.g. the Viaplay app again has been broken. Like it was in an earlier release (and then fixed).
I don't think it is going to work out well this way, they need to do a complete replacement with a known-working solution, or abandon it completely and revert to what we had before (which at least did not randomly break).
Local DNS services are going the way of the dodo anyway. More and more devices and applications do not use DHCP assigned DNS resolvers anymore, but rather query internet DNS resolvers like 8.8.8.8 directly even when you don't configure them. So local DNS names are not working anymore, you need to register them in global DNS.

Edit: see the 7.6beta10 discussion ( viewtopic.php?p=960024#p960024 ) for exactly the same issue, that has been solved in the next beta but now it has returned.
Opening the app results in at least 50 entries in the DNS cache, with short TTL for many of them, so it is really difficult to find what is exactly going wrong. But setting 8.8.8.8 as the advertised DNS server in DHCP network instead of the router, and restarting the TV, fixes it. So it must be a bug in the MikroTik resolver.
Last edited by pe1chl on Tue Dec 27, 2022 11:16 am, edited 1 time in total.
 
Florian
Member Candidate
Member Candidate
Posts: 117
Joined: Sun Mar 13, 2016 9:45 am
Location: France

Re: v7.7rc is released!

Mon Dec 26, 2022 8:39 pm

The vast majority of apps are still using the OS dns servers. The few who doesn't, I redirect them to my own server. Now, If some apps are doing doh, well, we're screwed...
 
DaviV
just joined
Posts: 10
Joined: Thu Apr 26, 2018 1:33 pm

Re: v7.7rc is released!

Tue Dec 27, 2022 12:41 am

....
Now that we have containers, it may be time to leave some things in the dust (like SMB server, proxy, hotspot, and apparently also DNS resolver) and focus on routing again.

We have 1k+ CCRs 1009/1036 in production just for hotspot.
 
DeviceLocksmith
just joined
Posts: 24
Joined: Sat Jan 15, 2022 8:21 am

Re: v7.7rc is released!

Tue Dec 27, 2022 10:47 pm


Yet a DNS server is a a feature on nearly all home routers, and most have similar odd schemes to deal with hosts. Why? Because there is a need to do resolution locally on a small network without a lot IT infrastructure. Like most things in Mikrotik, just don't use the feature – a "real" DNS does makes sense in a lot of case.
Home router vendors don't attempt to develop DNS resolvers. Most use Dnsmasq, a very mature open source DNS resolver.
Homegrown DNS implementations are destined to fail because of too many edge cases.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.7rc is released!

Wed Dec 28, 2022 12:41 am

Well they didn't use BIRD/etc for BGP...

So just saying Mikrotik isn't just repacked OpenWRT – these features are actually somewhat integrated with a common interface. I do share your concern that their DNS would not be ideal for more "enterprise" things.

But I suspect many, many users already are using their "regex" features. And the new "address-list=" that's caused all the stir here is something someone requested (and not me, but it is a kinda nifty way to feed DNS queries into the firewall list dynamically).
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.7rc is released!

Wed Dec 28, 2022 3:05 am

I wonder. The new generation has more RAM, and more storage. At what point will be more easy, and cost effective, to just ship one BIND version? I know, i know. Huge. Extremely feature rich. Bloated. But...

I just looked up. My OpenSuse desktop says it needs about 790KiB to install BIND9. i know, I know. Dependencies and whatnot. Well, we already have a full Linux system with RoS. OpenWRT says it needs less than 200Kib to BIND.

So. Quite doable, i think. 300KiB (I'm being generous) of storage and... 4 MiB of RAM? It would be a problem for 64miB devices. It would be tight for 16MiB storage devices.

But... We are usually seeing more than 128 MiB of RAM, and 1GiB storage looks like the "new normal". Looks like a full fledged BIND isn't impossible.
 
DeviceLocksmith
just joined
Posts: 24
Joined: Sat Jan 15, 2022 8:21 am

Re: v7.7rc is released!

Wed Dec 28, 2022 5:06 am

New CCRs have NVMe storage slot and plenty of RAM. You could run any DNS resolver of your choice.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.7rc is released!

Wed Dec 28, 2022 7:45 am

790KiB to install BIND9 [...]. Looks like a full fledged BIND isn't impossible.
FWIW, possible as Alpine-based container, an image with BIND as recursive resolver is 28Mb.
FROM alpine:3.12.0
RUN apk add --no-cache bind
RUN cp /etc/bind/named.conf.recursive /etc/bind/named.conf
EXPOSE 53
CMD ["named", "-c", "/etc/bind/named.conf", "-g", "-u", "named"]
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Wed Dec 28, 2022 11:05 am

I do share your concern that their DNS would not be ideal for more "enterprise" things.
It is worse: it is not ideal for typical home usage, where a router is between the home network and internet, and advertises its own address as a resolver for the local devices.
When one of the devices is an Android TV, and the user subscribes to Viaplay, they will not be able to play their streams.
They will probably loudly complain to Viaplay (often the victims of claims about their streaming service not working properly...), but in reality the MikroTik DNS resolver is to blame.
And it probably is because of the implementation where a cached item is returned on every query for a name (that is in the cache), independently of the query type.
It is the kind of optimization (key the cache only on name and search it for any query) that surely will cleanup the code, but it is NOT the proper thing to do.
And e.g. bind9 does not do it. When you query a name with type ANY you get the data that happens to be in the cache, but when you query another type (A, AAAA, CNAME, TXT, MX etc) it will make a new query to the upstream when that type is not in the cache.

As this issue is critical, I have also made a support ticket (in case the developer is not reading the forum): [SUP-101970]: DNS resolver again broken in v7.7rc3
 
User avatar
sirbryan
Member
Member
Posts: 303
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.7rc is released!

Wed Dec 28, 2022 10:06 pm

FWIW, possible as Alpine-based container, an image with BIND as recursive resolver is 28Mb.
FROM alpine:3.12.0
RUN apk add --no-cache bind
RUN cp /etc/bind/named.conf.recursive /etc/bind/named.conf
EXPOSE 53
CMD ["named", "-c", "/etc/bind/named.conf", "-g", "-u", "named"]
Or, OpenWRT with DNSMasq and a GUI is only 11MB.

viewtopic.php?t=191889#p974492
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.7rc is released!

Thu Dec 29, 2022 3:10 am

Dear Mikrotik.
It's almost 2023 , when our CCR2xxx can run proper BGP (VPN4) in v7?
i've made the tickets for the issue [SUP-3085], problem reported since 2018
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Thu Dec 29, 2022 10:48 am

here is new issue on 7.7rc3, please check on.
SUP-102087, dns cache not working well
 
ivicask
Member
Member
Posts: 422
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.7rc is released!

Thu Dec 29, 2022 11:47 am

I also just realized dns cache is somehow broken on rc3 I can't connect to many servers with dyndns names, resolved IP adress keeps. changing or they are duplicated entries for same host in cache, I reverted to 7.6 for now all fine..
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Fri Dec 30, 2022 8:00 am

We have received several reports about issues with the DNS cache in v7.7rc but so far none of them have had some precise examples. Please, if someone can reproduce the problem with the DNS cache, then provide step-by-step instructions on how you manage to see the problem. At the moment we are not aware of any reproductive issues. Please note that we are not denying an issue - simply we are not being able to reproduce such a problem at the moment and unfortunately, so far we have not managed to guess how to reproduce it. We are looking for a "/ip dns export" configuration which we can apply and then trigger the issue from a remote device by using this router as a DNS cache.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Dec 30, 2022 11:12 am

It does not require any specific DNS config to reproduce the issue, just a standard:
/ip dns
set allow-remote-requests=yes
What you need is a client that does the proper lookups, and the DNS servers to provide the proper responses, to make it fail.
For example, I can certainly reproduce it by using the Viaplay app on my Android TVs (I have two, different makes) and then selecting a stream or recording to play.
It will not play. There will be the usual "something went wrong" with "try again" and "cancel" options, and no trying again will make it work.
I have studied the window of "DNS cache" while doing this, but there are at least 50 records shown as a result of the queries and nothing that stands out as wrong. But the TTL values are low and the entries are disappearing quickly, it is almost impossible to see what it is trying to do.
However, when I change the DHCP network settings to provide 8.8.8.8 as the DNS resolver instead of the MikroTik address, and restart the TV, everything works perfectly.
Now of course you can only reproduce that when you have a Viaplay subscription, which you likely do not have.
Maybe it helps to know that exactly the same problem occurred during the 7.6beta testing, see that topic. It was resolved before 7.6 was released. But now it is back.
I have offered to do a packet sniff of the DNS traffic for both cases (failing and working) but I cannot do that now, will be sunday or later.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Fri Dec 30, 2022 11:42 am

[SUP-100981]: HW-OFFLOAD 7.7rc1-rc3 on ccr2216 freezed the router
enabing hw-offload, with 1k routes in hw-ofload, bridge, vlans, bonding
with 20gbps after 3 hours of operation the router freeze, autospuout generated and supout taken after powercycle.

still a long way.... but it is the future, 20gbps of traffic forward with just 10% cpus usage
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.7rc is released!

Fri Dec 30, 2022 6:31 pm

I wonder. The new generation has more RAM, and more storage. At what point will be more easy, and cost effective, to just ship one BIND version? I know, i know. Huge. Extremely feature rich. Bloated. But...

I just looked up. My OpenSuse desktop says it needs about 790KiB to install BIND9. i know, I know. Dependencies and whatnot. Well, we already have a full Linux system with RoS. OpenWRT says it needs less than 200Kib to BIND.

So. Quite doable, i think. 300KiB (I'm being generous) of storage and... 4 MiB of RAM? It would be a problem for 64miB devices. It would be tight for 16MiB storage devices.

But... We are usually seeing more than 128 MiB of RAM, and 1GiB storage looks like the "new normal". Looks like a full fledged BIND isn't impossible.
I'd prefer Unbound over BIND, especially as it has supplanted BIND in both Freebsd and OpenBSD:
https://en.m.wikipedia.org/wiki/Unbound_(DNS_server)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.7rc is released!

Fri Dec 30, 2022 7:50 pm

I'd prefer Unbound over BIND, especially as it has supplanted BIND in both Freebsd and OpenBSD:
https://en.m.wikipedia.org/wiki/Unbound_(DNS_server)
There is actually arm & "distroless" version of Unbound DNS: https://hub.docker.com/r/klutchell/unbound
Unbound DNS here weighs in at just 6Mb (no linux, just dns + libc)

Pick your poison re DNS :)
 
snowzach
just joined
Posts: 2
Joined: Wed Jan 19, 2022 3:55 pm

Re: v7.7rc is released!

Fri Dec 30, 2022 9:21 pm

I really don't have any specific examples for dns failures, I have a handful of static cnames, A's and a fwd for a couple of regex subdomain. I am using dual stack ipv6. The one thing I have noticed especially is the "reddit is fun" Android app is basically unusable with errors. Everything else mostly works with random failures and a reload fixes it. I am using 8.8.8.8 and 1.1.1.1 for my upstream dns and remote requests allowed. Reddit is fun errors nearly constantly and reliably. Whatever it is doing appears to be particularly sensitive to the issue.
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: v7.7rc is released!

Sat Dec 31, 2022 12:07 pm

After upgrading to 7.7rc3, I had a case of:
- WYZE cameras repeatedly flapping DHCP (assigned & reassigned looping at much shorter timeframes than configured lease time). the problem went away when I assigned manual dns override (code 6) to the DHCP options for those wyze cameras.
- Playstation 4 having connection issues with the router as DNS server, which were also resolved when assigning a custom DNS server

I tried to clear DNS cache, disable all static dns entries, flush dns & dhcp lease on remote devices (rebooted them) but problem persisted. In both cases it started working normally when using direct DNS rather than router's resolver. The custom DNS server (for code 6) is the same one configured as the router's upstream server (1.1.1.1 in my case)

So I agree that there's some issue with DNS server in the current development build, as it seems to cause some issues with some vendors equipment when acting as an inline forwarder (between the client and a remote dns server, which seems to work when used directly). unfortunately I haven't done further debugging so am unable to pinpoint the exact cause, just sharing another "me too" experience about suspected issues with the onboard DNS server, for the record.. In the meanwhile I will just configure my DHCP server to hand out a different DNS address
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Sat Dec 31, 2022 12:36 pm

What you observe likely is that the cameras try to re-init the entire network stack (or do a complete reboot) when they are unable to perform a DNS lookup.
This is typical behavior in todays plug-and-play equipment. E.g. when you provide a WiFi network without DHCP or even without Internet, most devices will say "connection to WiFi failed" even when that connection works perfectly, only it does not provide the expected internet connectivity.
So indeed I guess it is the result of the new DNS resolver bug. It would be interesting to see what lookups it does when the previous RouterOS version is in place.
I hope to be able to make a DNS packet sniffer trace soon (to compare behavior with external resolver and with RouterOS resolver).
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7rc is released!

Sun Jan 01, 2023 10:34 pm

v7.6 and also v7.7rc3 are messing up with Hotspot/Cookies timeouts on reboot. On different boxes, a simply reboot, no changes whatsoever more than a simple reboot, seems to "reset" cookies timeouts to the user default, which in the box I took the attached screenshots is set to 14 days. Some cookies were also incorrectly expired, please note cookies count dropped from 21 to 16. From the 1st screenshot, you can see there's no cookie even close to expire. The closest ones to expire were still 4 days to expire before reboot. So no "expired during tests" situation.

I could reproduce this behavior on different MK boxes, all of them running v7.6, and the one running on my company which I can run beta stuff, and it's actually running v7.7rc3

Support ticket already filled as SUP-102839

v7.7rc3 *before* reboot, please note timeouts and cookies count
cookies1.jpg
.
.
System/Reboot, cookies count dropped from 21 to 16, and all timeouts were reset to user-default settings. And this is Jan 1st, there's no one there, it's not a "users logged in to the network" situation, there's no login at all, timeouts were reset during reboot
cookies2.jpg
You do not have the required permissions to view the files attached to this post.
 
Edified
newbie
Posts: 37
Joined: Thu Sep 16, 2010 9:02 am

Re: v7.7rc is released!

Mon Jan 02, 2023 9:31 pm

Any news on fixing SFP DDM / SFP details on "hEX S" RB760iGS?
It worked in V6 but stopped working in V7 with many reports.
Can someone at Mikrotik acknowledge or confirm the issue?
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7rc is released!

Tue Jan 03, 2023 2:57 pm

v7.6 and also v7.7rc3 are messing up with Hotspot/Cookies timeouts on reboot. .......

Support ticket already filled as SUP-102839
.
Problem was reproduced and acknowledged by Mikrotik Support Team.
 
JoaoS
just joined
Posts: 9
Joined: Thu May 14, 2020 9:18 pm

Re: v7.7rc is released!

Tue Jan 03, 2023 4:53 pm

Hey guys.

I didn't want to use this space here, but my anxiety won't let me. :)

Does anyone know if there will ever be support for VTI in MT?
It's getting boring to work with cloud providers without VTI support.

I have to work with politics, which is not satisfactory. BGP support saves a ton of work with these clouds..
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v7.7rc is released!

Wed Jan 04, 2023 12:28 am

I'd love to see VTI implemented on RouterOS, but I kinda lost hope. I'd even gladly swap Wireguard for VTI.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7rc is released!

Wed Jan 04, 2023 3:37 am

I think we are likely to see VTI at some point because it should be possible with the new kernel. Obviously though the priority must be on getting things working in RouterOS v7 that were working fine in v6, like BFD, MPLS QoS, etc.
 
kib0rg
just joined
Posts: 1
Joined: Sat May 27, 2017 5:47 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 6:53 am

SFP with copper pigtail XS+DA0001 fails every few hours between CCR1036-8G-2S+ and CRS354-48P-4S+2Q+RM. Tried disable auto negotiation, disabling-enabling port in CCR with no luck. Only reboot. Will downgrade to 7.2.X.

I also have CRS326-24S+2Q+ in second SFP of CCR - works fine.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 10:12 am

Any news on fixing SFP DDM / SFP details on "hEX S" RB760iGS?
It worked in V6 but stopped working in V7 with many reports.
Can someone at Mikrotik acknowledge or confirm the issue?

looks like they solved it

This is an automated message. Our bug tracker reports, that your issue has been fixed. This means that in the upcoming days, we plan to release a RouterOS update with this fix. Make sure to upgrade to the next release when it comes out soon. To be sure this specific fix is included, read the changelog when the next version comes out. If your issue is not mentioned, it might mean it will be in the next release.
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Jun 15, 2015 12:23 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 12:15 pm

I'd love to see VTI implemented on RouterOS, but I kinda lost hope. I'd even gladly swap Wireguard for VTI.
I think it will be somewhere at 2033. :) They cannot fix yet standard functionality like VPRN already more than year. And it block upgrades.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 12:23 pm

I can understand the frustration, but on the other hand I cannot understand why Cisco had to invent the new nonstandard VTI protocol for something that was already covered (and implemented by them!) before as IPIP over IPsec transport mode (or GRE over IPsec transport mode). I have configured Cisco routers back in the day using that, and it worked, it offered a virtual interface, and you could run routing protocols over it.
They even had NHRP to assist you in managing the endpoints in a larger network. So why VTI? Only as a vendor lock-in?
Of course now many manufacturers have yielded and support VTI, and MikroTik can do nothing but follow. No idea what is the problem now, before (v6) it was the Linux kernel that was too old, now they have a more recent Linux kernel and still no progress.

But of course I still would prefer that they finish v7 feature parity with v6. I still cannot upgrade lots of routers due to BGP/BFD issues. That is more important than implementing new features.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7rc is released!

Wed Jan 04, 2023 1:15 pm

What's new in 7.7rc4 (2023-Jan-03 13:13):

*) bgp - fixed BGP advertisement PCAP saver;
*) console - updated copyright notice;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) ospf - fixed simple authentication checksum calculation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) timezone - updated timezone information from "tzdata2022g" release;
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7rc is released!

Wed Jan 04, 2023 1:31 pm

What's new in 7.7rc4 (2023-Jan-03 13:13):

*) bgp - fixed BGP advertisement PCAP saver;
is there something to read about this in detail?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 1:33 pm

The DNS cache bug that was introduced in 7.7rc3 (I think) has not been fixed. Viaplay still does not play.
I have done a trace. What I observe is that the TV does a AAAA query for auth.split.io which does not have AAAA records.
In that case the MikroTik answers with a completely empty section (0 Answer RR, 0 Authority RR, 0 Additional RR) while all other resolvers that I try (bind, google, my ISP) in that case answer with 1 Authority RR: the SOA for auth.split.io.
The same happens for other names like content.viaplay.com.
Apparently that breaks the client software, I see no other apparent errors.
 
mmc
newbie
Posts: 41
Joined: Wed Dec 29, 2004 1:44 am

Re: v7.7rc is released!

Wed Jan 04, 2023 3:20 pm

What's new in 7.7rc4 (2023-Jan-03 13:13):

*) bgp - fixed BGP advertisement PCAP saver;
is there something to read about this in detail?
viewtopic.php?t=180185#p920879
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 4:50 pm

Hi,
I am not entirely sure if I just have some amnesia or doing some sleepwalking, but I have apparently lost some of my config items after upgrading from 7.7rc3 to 7.7rc4.
I had a config export script and a GRE tunnel config, which both have worked yesterday. Today those were missing from the config.

Actually I might just have unwillingly set safe mode, then somehow managed not to unset it before leaving my PC, but I'm not so sure.

Has something similar happened to anyone else?

Thanks!

Ps. HW is rb5009
Update2: restoring the missing parts was easy, thanks to the vanished backup script, which has stored the config including itself...
 
User avatar
edielson_atm
Trainer
Trainer
Posts: 30
Joined: Tue May 29, 2007 5:23 am
Location: Brasilia - Brasil
Contact:

Re: v7.7rc is released!

Wed Jan 04, 2023 5:14 pm

Captura de Tela 2023-01-04 às 12.07.43.png

I have this scenario, I establish iBGP between MK-01 and MK-03, when activating MPLS in the three Routers the iBGP session drops, when deactivating MPLS the session is established immediately

Captura de Tela 2023-01-04 às 12.11.16.png
and the MPLS settings are very simple
Captura de Tela 2023-01-04 às 12.12.54.png
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 5:22 pm

Hi,
I am not entirely sure if I just have some amnesia or doing some sleepwalking, but I have apparently lost some of my config items after upgrading from 7.7rc3 to 7.7rc4.
I had a config export script and a GRE tunnel config, which both have worked yesterday. Today those were missing from the config.

Actually I might just have unwillingly set safe mode, then somehow managed not to unset it before leaving my PC, but I'm not so sure.

Has something similar happened to anyone else?
Yes! I had that before, but long ago. It happened when my router was upgraded from v6 to v7, then after every reboot (including upgrade requiring a reboot) some things would be lost.
I fixed that by exporting the config (remember show-sensitive option), installing the router using netinstall with no config, then connecting via MAC address and uploading and importing the config again.
At that time it was also required to re-arrange the config export a bit because the sequence was wrong in the ipv6 section, but that has been fixed I think.
After that operation, I have not seen it again. I think the upgrade procedure causes subtle corruption of the underlying config database. Import (not backup restore!) seems to fix it.
Maybe it is sufficient to just to "reset configuration without defaults", I don't know. I did the netinstall.
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 5:50 pm

@pe1chl: thanks for sharing this, this is really useful to know!
As my device got shipped with ROS 7.0.5 I did not do a netinstall yet.
But I will give it a try. Given the many bugs resolved since that release, there could have been some issues regarding the config...
It's not a flash chip related issue either: <150k total sector writes and 0 bad blocks reported.
BR
W
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7rc is released!

Wed Jan 04, 2023 6:35 pm

thank you very much
 
Sit75
just joined
Posts: 12
Joined: Thu Mar 11, 2021 9:43 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 7:11 pm

We have received several reports about issues with the DNS cache in v7.7rc but so far none of them have had some precise examples. Please, if someone can reproduce the problem with the DNS cache, then provide step-by-step instructions on how you manage to see the problem. At the moment we are not aware of any reproductive issues. Please note that we are not denying an issue - simply we are not being able to reproduce such a problem at the moment and unfortunately, so far we have not managed to guess how to reproduce it. We are looking for a "/ip dns export" configuration which we can apply and then trigger the issue from a remote device by using this router as a DNS cache.

Regarding mentioned DNS issue. I have tried DNS Benchmark application https://www.grc.com/dns/benchmark.htm and cache is filled by quite unusual amount of broken records 0.0.0.0. See printscreen. It might help. This case is quite reproductible. I have tried the latest test version 7.7RC4 on hAP ac^2 256MB RAM.
You do not have the required permissions to view the files attached to this post.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v7.7rc is released!

Wed Jan 04, 2023 7:38 pm

... I cannot understand why Cisco had to invent the new nonstandard VTI protocol for something that was already covered (and implemented by them!) before as IPIP over IPsec transport mode (or GRE over IPsec transport mode).
The main reason was a few extra byte of MTU, I guess.
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 8:15 pm

I fixed that by exporting the config (remember show-sensitive option), installing the router using netinstall with no config, then connecting via MAC address and uploading and importing the config again.export terse show-sensitive
At that time it was also required to re-arrange the config export a bit because the sequence was wrong in the ipv6 section, but that has been fixed I think.
After that operation, I have not seen it again. I think the upgrade procedure causes subtle corruption of the underlying config database. Import (not backup restore!) seems to fix it.
Maybe it is sufficient to just to "reset configuration without defaults", I don't know. I did the netinstall.
Hi! I have done just that: netinstalled my rb5009 with a fresh 7.7rc4 from a 7.7rc4, then I imported back my config, which was exported by "export terse show-sensitive".
I have my Internet uplink connected over port "e3inet" (Ethernet3), which is part of a bridge named br-inet.
I had no connection to the internet until I figured out, that I get a DHCP lease from my provider, but the e3inet interface was put not in VRF main but int VRF vrf1.
After removing vrf1, all is working well again.

Seemingly rc3/rc4 has issues with config management: I never intended to use multiple VRFs on this router. I'm pretty sure I did not configure it, but the following line appeared in my router config exports:
/ip vrf add interfaces=*B name=vrf1
My first plaintext export on this router was from two days ago, it already contained this line from above. I am pretty sure I did not have the VRF configured, as I would not have be able to reach the Internet.
Unfortunately I don´t have older backups, so I don´t know when this issue appeared, but the router was online since at least with ROS7.5.
The problems first appeared today after installing 7.7rc4 (disappearing parts of config), then after netinstalling rc4 & reconfig from export (VRF got imported).
Not sure if opening a ticket and a SupOut will bring anything useful as the config got corrupted way before the reinstall.

BR
W
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 8:18 pm

... I cannot understand why Cisco had to invent the new nonstandard VTI protocol for something that was already covered (and implemented by them!) before as IPIP over IPsec transport mode (or GRE over IPsec transport mode).
The main reason was a few extra byte of MTU, I guess.
Also: reduced complexity & a bit better performance. Btw. almost every other vendor followed.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Wed Jan 04, 2023 9:14 pm

IPIP over IPsec transport has the same overhead as IPsec in tunnel mode!
The only thing I can imagine is that IPsec does often not run in transport mode because that cannot handle NAT, and an automatic fallback to tunnel mode is made.
In that case the overhead of IPIP/IPsec will be more, yes. But between routers directly on the internet without NAT, there is no difference.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7rc is released!

Wed Jan 04, 2023 11:15 pm

We have received several reports about issues with the DNS cache in v7.7rc but so far none of them have had some precise examples. Please, if someone can reproduce the problem with the DNS cache, then provide step-by-step instructions on how you manage to see the problem. At the moment we are not aware of any reproductive issues. Please note that we are not denying an issue - simply we are not being able to reproduce such a problem at the moment and unfortunately, so far we have not managed to guess how to reproduce it. We are looking for a "/ip dns export" configuration which we can apply and then trigger the issue from a remote device by using this router as a DNS cache.

Regarding mentioned DNS issue. I have tried DNS Benchmark application https://www.grc.com/dns/benchmark.htm and cache is filled by quite unusual amount of broken records 0.0.0.0. See printscreen. It might help. This case is quite reproductible. I have tried the latest test version 7.7RC4 on hAP ac^2 256MB RAM.
this happens in v7.6 (stable) too it seems:
Screenshot_2023-01-04_22-13-21.png
You do not have the required permissions to view the files attached to this post.
 
gcsuri
newbie
Posts: 35
Joined: Wed Sep 03, 2008 10:20 am

Re: v7.7rc is released!

Thu Jan 05, 2023 11:02 am

Hi,

after "/system reset-configuration skip-backup=yes no-defaults=yes" an entry remained in the BGP/Templates section with I* status (in winbox).
/export doesn't show anything...

regards, gcsuri
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Thu Jan 05, 2023 11:55 am

Regarding mentioned DNS issue. I have tried DNS Benchmark application https://www.grc.com/dns/benchmark.htm and cache is filled by quite unusual amount of broken records 0.0.0.0. See printscreen. It might help. This case is quite reproductible. I have tried the latest test version 7.7RC4 on hAP ac^2 256MB RAM.
Does it indicate any error in the retrieved results? Or is that tool not checking results carefully?
Maybe I should look for a tool that excercises a DNS resolver and points out any things it is doing wrong.
That would make it easier to pinpoint the error in a Support Ticket. Now I have submitted a trace when a TV App fails to work, but it is diffucult to find what is exactly causing the failure (I do see errors but they are not 100% reproducible and frankly are a bit unlikely to cause a failure).
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Thu Jan 05, 2023 12:48 pm

We managed to figure out what are those "0.0.0.0" entries in DNS cache. First of all - 0.0.0.0 is not an IP address. That is just a WinBox visual interpretation of "empty" value. These entries in cache that does not have a type, data and flags are "unknown type entries". For example, RRSIG entries. You can easily see them in cache if you test it with - "host -t RRSIG google 10.155.114.1". They are harmless entries and to not affect DNS cache work with valid entries.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Thu Jan 05, 2023 2:02 pm

Do you already have any idea what is causing the problems with the DNS resolver in the last two releases?
It is quite obvious that it does not work, but it is much harder to see what is actually going wrong.
I made SUP-101970 and sent a trace file but for me it is also unclear what makes it fail (except what I noted about Authority section).
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Thu Jan 05, 2023 2:17 pm

pe1chi - Your ticket was replied to at the same time when my previous post was made. At the moment there are no known and reproduced DNS problems for us (which would be introduced in v7.7). We do now that your ViaPlay service is not working as expected since 7.7rc3, but so far there is no information on how to reproduce such problem. If we try to use ViaPlay, then we do not see such an error and we have not received any other reports about such problem from anyone else. We of course want to figure out what is the issue here.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Thu Jan 05, 2023 2:51 pm

That is funny, in viewtopic.php?p=974747#p974747 you wrote that there were several reports about DNS issues and now you write you have not received a report from anyone else.
Look, I can work around it by setting another resolver than the MikroTik, but I expect a lot of confusion when this goes into release and people install it and complain about their Viaplay (or other cloud service, see the other reports) to them. They already have a bad reputation about "always problems when you want to watch your sports event", and adding external factors like a DNS resolver will not help that.
I don't know if the Viaplay app is the same in all countries.
What other info do you require to solve this? A trace of a run of the app with working DNS resolver?
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Thu Jan 05, 2023 3:24 pm

Yes, that post was written before v7.7rc4 where we fixed that problem that I was referring to. I do recommend that we try to debug this problem through the support ticket first and then post the results in forum when there will be some actual information (verified facts) about the problem.
 
User avatar
msilcher
just joined
Posts: 7
Joined: Mon Mar 09, 2009 9:39 pm
Location: Argentina

Re: v7.7rc is released!

Thu Jan 05, 2023 3:34 pm

Hoping to see v7.7 as stable release soon!
Last edited by BartoszP on Sat Jan 07, 2023 12:07 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart. lines of quote, 1 line of post.
 
evbocharov
newbie
Posts: 26
Joined: Tue May 25, 2021 11:06 pm

Re: v7.7rc is released!

Thu Jan 05, 2023 3:52 pm

pe1chi - Your ticket was replied to at the same time when my previous post was made. At the moment there are no known and reproduced DNS problems for us (which would be introduced in v7.7). We do now that your ViaPlay service is not working as expected since 7.7rc3, but so far there is no information on how to reproduce such problem. If we try to use ViaPlay, then we do not see such an error and we have not received any other reports about such problem from anyone else. We of course want to figure out what is the issue here.
7.7 rc3 confirm problems with dns
we use 5 cap ac
dns setting is def. after some days cant open a domains from dns cache list. Downgrading all devices to 7.6
 
Sit75
just joined
Posts: 12
Joined: Thu Mar 11, 2021 9:43 pm

Re: v7.7rc is released!

Thu Jan 05, 2023 6:36 pm

We managed to figure out what are those "0.0.0.0" entries in DNS cache. First of all - 0.0.0.0 is not an IP address. That is just a WinBox visual interpretation of "empty" value. These entries in cache that does not have a type, data and flags are "unknown type entries". For example, RRSIG entries. You can easily see them in cache if you test it with - "host -t RRSIG google 10.155.114.1". They are harmless entries and to not affect DNS cache work with valid entries.

Thank you for clarification. I thought 0.0.0.0 is real address.
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: v7.7rc is released!

Fri Jan 06, 2023 12:38 am

What other info do you require to solve this? A trace of a run of the app with working DNS resolver?

While the actual RouterOS developers would be in a better position to answer that than me, given that you cannot provide a reproducing test case, I'd expect a solid second-best to be:

  1. With 7.7rc3, capture port 53 (both TCP and UDP) on the router's WAN interface with Torch, from just after starting this ViaPlay app until the point the failure is visible in the app.
  2. Ditto under 7.6.

Diffing those two pcap files should make the problem plain given that the DNS protocol is one of the simplest still in use.

I'm assuming this ViaPlay thing doesn't use DoH or similar, because if it did, why would a change in the MT resolver have any effect?

If this doesn't lead to a solution, then I suggest that MT provide someone having this problem a bisected series of test releases. If there were 8 commits to the DNS server code in RouterOS between 7.6 (which worked, as I understand it) and the first testing version of 7.7 that showed the problem, provide them with a version of ROS with the 4th intermediate change. If that shows the problem, too, send them the 2nd change; else, send them the 6th. Then, depending on the results of the second test, send either the 3rd, 5th, or 7th. Knowing which change caused the problem is often all it takes to realize why it is causing the problem.

In this manner, the location of any single change in a sequence can be found using only log₂(n) tests, where n is the number of versions involved. (Thus, 3 tests maximum for this 8-change example.)
 
kev445
just joined
Posts: 12
Joined: Tue Mar 01, 2011 12:57 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 11:20 am

That is funny, in viewtopic.php?p=974747#p974747 you wrote that there were several reports about DNS issues and now you write you have not received a report from anyone else.
Look, I can work around it by setting another resolver than the MikroTik, but I expect a lot of confusion when this goes into release and people install it and complain about their Viaplay (or other cloud service, see the other reports) to them. They already have a bad reputation about "always problems when you want to watch your sports event", and adding external factors like a DNS resolver will not help that.
I don't know if the Viaplay app is the same in all countries.
What other info do you require to solve this? A trace of a run of the app with working DNS resolver?
I'm running 7.7rc4 and I'm not experiencing issues with DNS. I've even signed up for a trial of Viaplay to see if I can recreate the issue, however it works great via the browser and IOS app.
I don't have any static entries in my config and I'm using a combination of IPv4 and IPv6 DNS resolvers.

One question I do have, do you have IPv6 on your network? The default Mikrotik config will share your ISP's IPv6 via neighbour discovery... Could this be the cause?
 
lomayani
just joined
Posts: 19
Joined: Sat Jun 17, 2017 7:21 am

Re: v7.7rc is released!

Fri Jan 06, 2023 11:21 am

With 7.7rc3 and 7.7rc4 some sites dont work. It is dns related issue. If we use router as dns cache some streaming sites stop working. downgrading to 7.6 resolve the issue
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 11:37 am

I'm running 7.7rc4 and I'm not experiencing issues with DNS. I've even signed up for a trial of Viaplay to see if I can recreate the issue, however it works great via the browser and IOS app.
I see the issue on my Android TV devices with the Viaplay app on them.
It manyfests itself as a much longer startup time of the app (shows spinning circle for a minute before it moves on to the viewer selection), then once it displays the home page often one or more of the featured titles will show as grey instead of a still. But when navigating around them, they show the preview (trailer) OK on the home page.
However, once I select an item to play, it stalls and displays "something went wrong" with "try again" and "cancel" buttons (these are translations from local language).
I don't have any static entries in my config and I'm using a combination of IPv4 and IPv6 DNS resolvers.
My only static entry is "add name=use-application-dns.net type=NXDOMAIN". I have configured the resolver both on IPv4 and IPv6 and annouced it to the network.
One question I do have, do you have IPv6 on your network? The default Mikrotik config will share your ISP's IPv6 via neighbour discovery... Could this be the cause?
I do have IPv6 and the TV uses IPv6 to do its lookups, the next DNS server at the provider is also IPv6. I never considered that to be a factor.
As MikroTik is repeatedly asking me to do a bisect to find the version where it exactly broke (I do not know if it worked in rc2, I am sure it worked before), and I am not prepared to downgrade my router just for this, I will now install another old device with v7 and try to replicate it with a minimal config where that sits between the TV and the main router (but does not use the DNS resolver of the main router, of course). Then I can upgrade along all the versions to see where it breaks.
But first I will try with the rc4 version (to make sure it breaks) and check if IPv4/IPv6 makes any difference.
I observe a problem when the TV asks for AAAA records on the viaplay service, which does not have any, and of course it could well be that it never asks for those records when it does not have IPv6 connectivity at all! To test that, I can also disable IPv6 on the TV network.

Edit: I tested that, and without IPv6 the issue is not reproducible.
 
kev445
just joined
Posts: 12
Joined: Tue Mar 01, 2011 12:57 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 12:35 pm

Pe1chl I feel we’re heading in the right direction.

Also I missed a crucial word in my reply, I meant to say the default behaviour is to share your providers IPv6 DNS (as opposed to the Mikrotik).

If it isn’t the above, could it possible be the way the Mikrotik DNS is responding to null AAAA queries?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 12:39 pm

I have configured IPv6 like this:
/ipv6 nd
add dns=xxxx:xxxx:xxxx:2::1 interface=vlan-20-iot other-configuration=yes
where that address is the local address of my MikroTik on that network.
So the TV uses that as a resolver.
The trace shows that the TV indeed uses that resolver address, not the ISP resolver (but the MikroTik uses that).
What I observe is that the ISP resolver replies with no Answer records but an Authority record (SOA), and then the MikroTik sends that to the TV without Authority record.
I never see the MikroTik reply with an SOA record. It replies with NS records in the Authority section, or nothing.
 
kev445
just joined
Posts: 12
Joined: Tue Mar 01, 2011 12:57 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 1:08 pm

What happens when you set the DNS on the TV to just your ISP's (you've mentioned already that you've had success with Googles)?
This is obviously with IPv6 enabled again.

We're trying to work out if the culprit is the Mikrotik or your ISPs DNS.
Last edited by BartoszP on Sat Jan 07, 2023 12:06 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 1:50 pm

Actually I have seen in the trace that the ISP reply is the same as the Google reply. So it probably does not change anything. I can test it later tonight.
 
kev445
just joined
Posts: 12
Joined: Tue Mar 01, 2011 12:57 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 1:58 pm

If that’s the case, the Mikrotik really shouldn’t be altering the reply as it passes through. Hopefully Mikrotik can use this to help resolve the problem.
Last edited by BartoszP on Sat Jan 07, 2023 12:06 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 2:05 pm

I have added notes to my SUP ticket already that refer to that. It looks like RouterOS does not pass on SOA records in the Authority section of the reply from the ISP to the client, only NS records.
The reply surely is altered. Probably the reply from the ISP is stored in the cache, and then a lookup of the cache is done to compose the reply to the client.
E.g. when I first do an A record lookup the ISP replies with NS records in the authority section and they are passed on and cached. When I then do an AAAA query, the ISP answers with a SOA in the Authority section but the MikroTik answers with the NS records cached from the earlier A query in the Authority section.
It may be the result of move towards "cleaner coding" but it certainly isn't right.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 2:24 pm

It seems to me that the problem is similar to the one solved a few months ago where MT's DHCP server returned options in option-ID order and some DHCP clients refused leases because they somehow expected options in a particular pseudo-random order.

Similarly here: if a client queries recursive DNS server for a particular DNS record (and client has all right to assume server is recursive) and DNS server doesn't return requested record (e.g. because it doesn't exist), then why should client barf if it doesn't receive SOA record?
I can observe similarly different behaviour (between MT's DNS server and proper BIND9 server) when records are actually successfully returned: MT's DNS server only returns requested records while BIND9 returns also authority section with listed root servers. This difference doesn't seem to bother Viaplay app?

Note that I did not actually wireshark the communication, I only observed output of linux CLI tool dig. And lack of SOA records in MT's negative reply is there already in ROS v6.49.6.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 3:12 pm

Yes I am not sure that this difference in the Authority section is the thing that breaks the TV APP, but it is the only obvious difference I have seen between working and not-working.
It could still be that there is another subtle difference somewhere in the flags.
It seems the contents of the authority section is not consistent anyways, the MikroTik resolver returns root NS servers that it regularly obtains by . query, while bind9 (correctly) returns the NS servers for the particular domain. THAT does not seem to bother the TV APP.
 
DeviceLocksmith
just joined
Posts: 24
Joined: Sat Jan 15, 2022 8:21 am

Re: v7.7rc is released!

Fri Jan 06, 2023 10:10 pm


Similarly here: if a client queries recursive DNS server for a particular DNS record (and client has all right to assume server is recursive) and DNS server doesn't return requested record (e.g. because it doesn't exist), then why should client barf if it doesn't receive SOA record?
I can observe similarly different behaviour (between MT's DNS server and proper BIND9 server) when records are actually successfully returned: MT's DNS server only returns requested records while BIND9 returns also authority section with listed root servers. This difference doesn't seem to bother Viaplay app?
When the record does not exist, the DNS server for the zone which has the authority for the zone must respone with NXDOMAIN response, which has AA (authority) flag and is eligible to be cached for the duration of 'negative TTL' which comes from the lowest of value in SOA record returned with NXDOMAIN answer and it's TTL.
So contrary to what you are saying, SOA responses are critical parts of NXDOMAIN (no such domain) responses per RFC.

For NOERROR responses (which mean that the record does exist, not necessarily of the type that was requested) the AUTHORITY section is not mandatory.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Fri Jan 06, 2023 10:28 pm

Actually I have seen in the trace that the ISP reply is the same as the Google reply. So it probably does not change anything. I can test it later tonight.
If that’s the case, the Mikrotik really shouldn’t be altering the reply as it passes through. Hopefully Mikrotik can use this to help resolve the problem.
I have put the ISP DNS as the DNS in the IPv6 ND configuration (instead of the MikroTik address), and restarted the TV.
Now the TV makes the queries to the ISP DNS directly, bypassing the MikroTik, and all works OK.
When I remove IPv6 completely from the network, directing the TV to the MikroTik but only in IPv4, it also works correctly.
It only fails when the TV does IPv6 queries via the MikroTik resolver. The service mostly has no IPv6 support, most DNS queries for AAAA records (in the correctly working situation) return either nothing or a CNAME, which then points to a name that has no AAAA records.
Still there apparently is something that bothers the TV (Viaplay APP). For now, the only thing I can see as different is that the MikroTik returns:
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        auth.split.io: type AAAA, class IN
            Name: auth.split.io
            [Name Length: 13]
            [Label Count: 3]
            Type: AAAA (IPv6 Address) (28)
            Class: IN (0x0001)
and the ISP DNS resolver returns:
    Questions: 1
    Answer RRs: 0
    Authority RRs: 1
    Additional RRs: 0
    Queries
        auth.split.io: type AAAA, class IN
            Name: auth.split.io
            [Name Length: 13]
            [Label Count: 3]
            Type: AAAA (IPv6 Address) (28)
            Class: IN (0x0001)
    Authoritative nameservers
        split.io: type SOA, class IN, mname ns-877.awsdns-45.net
            Name: split.io
            Type: SOA (Start Of a zone of Authority) (6)
            Class: IN (0x0001)
            Time to live: 416 (6 minutes, 56 seconds)
            Data length: 72
            Primary name server: ns-877.awsdns-45.net
            Responsible authority's mailbox: awsdns-hostmaster.amazon.com
            Serial Number: 1
            Refresh Interval: 7200 (2 hours)
            Retry Interval: 900 (15 minutes)
            Expire limit: 1209600 (14 days)
            Minimum TTL: 86400 (1 day)
But maybe it is not the cause of the problem, I don't know...
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Sat Jan 07, 2023 7:06 am

This issue has been around for a long time and has been discovered since RouterOS v7 supported IPv6 NAT.
But I can't reproduce it every time. The issue is that when a client requests an AAAA record, RouterOS will randomly return NO_ERROR instead of Non-existent domain.
RouterOS will give clients "0.0.0.0" or "::" entries AAAA record to clients DNS cache, like RouterOS got "0.0.0.0" entries upsteam dns server that @strods said.
so clients will use :: to access server, will failed.
since a v7 release that I submit ticket it fix this, it less happen, but still have this issue and more randomly.
Last edited by BartoszP on Sat Jan 07, 2023 12:05 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
User avatar
CTassisF
newbie
Posts: 35
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: v7.7rc is released!

Sat Jan 07, 2023 7:16 am

I'm not sure if this is related to any of the DNS issues reported above, but in 7.7rc4 I started getting intermittent "resolving error" while importing container images.

If I try again it will eventually work.

 05:06:53 container,info,debug importing remote image: zabbix/zabbix-proxy-sqlite3, tag: alpine-6.0-latest
 05:06:53 system,info item added by cesar
 05:06:53 container,info,debug unexpected response from container registry: resolving error
 05:06:53 container,info,debug was unable to import, container 4a07240c-862b-4861-a16a-68605478ad54
 05:07:11 container,info,debug removing files, container 4a07240c-862b-4861-a16a-68605478ad54
 05:07:11 system,info item removed by cesar
 05:07:15 container,info,debug importing remote image: zabbix/zabbix-proxy-sqlite3, tag: alpine-6.0-latest
 05:07:15 system,info item added by cesar
 05:07:18 container,info,debug getting layer sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4
 05:07:19 container,info,debug layer sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4 downloaded
 05:07:19 container,info,debug getting layer sha256:8412d3537cddbbbb5c1fcaa344f3844385abc15e316ff133a1f8dc5bbe3b8c9e
 05:07:20 container,info,debug layer sha256:8412d3537cddbbbb5c1fcaa344f3844385abc15e316ff133a1f8dc5bbe3b8c9e downloaded
 05:07:20 container,info,debug getting layer sha256:b690d3b3edd47413b51c84a19f197b3c40fadd377dd47590de52cb050cf4467b
 05:07:21 container,info,debug layer sha256:b690d3b3edd47413b51c84a19f197b3c40fadd377dd47590de52cb050cf4467b downloaded
 05:07:21 container,info,debug getting layer sha256:e3ccac81ac2e45b899651f6527cce71f4f02177b7bf7e9781e984b586ead63c4
 05:07:22 container,info,debug layer sha256:e3ccac81ac2e45b899651f6527cce71f4f02177b7bf7e9781e984b586ead63c4 downloaded
 05:07:22 container,info,debug getting layer sha256:bf066b812416ea2a698f96c84fc47598a9aab03bbc710a4e959ba2f1e06b22b1
 05:07:23 container,info,debug layer sha256:bf066b812416ea2a698f96c84fc47598a9aab03bbc710a4e959ba2f1e06b22b1 downloaded
 05:07:23 container,info,debug getting layer sha256:96f71e664b34d405db7d7989a86904cdf3c922962c12eee695ecaaf50506ea46
 05:07:25 container,info,debug layer sha256:96f71e664b34d405db7d7989a86904cdf3c922962c12eee695ecaaf50506ea46 downloaded
 05:07:28 container,info,debug getting layer sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1
 05:07:31 container,info,debug layer sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 downloaded
 05:07:31 container,info,debug getting layer sha256:e88bc30177987201958bf875419072c8392b98f59a71bbdee5ee19996704c32d
 05:07:32 container,info,debug layer sha256:e88bc30177987201958bf875419072c8392b98f59a71bbdee5ee19996704c32d downloaded
 05:07:32 container,info,debug import successful, container 6854c06d-c61c-4b53-9ae5-c1fe0d4a2045
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Sat Jan 07, 2023 10:49 am

when will you support Mellanox ConnectX-6 cards for x86 platform?
thanks
 
infabo
Long time Member
Long time Member
Posts: 617
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.7rc is released!

Sat Jan 07, 2023 10:54 am

*) quickset - update DNS server IP address when changing router's IP address;
Finally fixed. I first observed this issue like over 2 years ago. Like mentioned here viewtopic.php?p=851445#p851445
To be honest - I should have filed a support ticket instead.

Still leaves me behind completely confused. Mikrotik needed about 2 years to discover this quickset bug and fix it. Meanwhile Mikrotik promotes Quickset in many YouTube videos, as an easy and safe way to configure a device - without the need for network engineer experience. But bugs like these, leave people behind with an unusable device.
And secondly, why did they not notice so long? To be honest, serious advice, QuickSet needs some automated testing. I don't know how Mikrotik's ROS build process looks like. But I highly recommend to write functional/integration tests for Quickset. As Quickset alters so many settings/configs like a blackbox, automated testing would be very crucial.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Sat Jan 07, 2023 11:09 am

This issue has been around for a long time and has been discovered since RouterOS v7 supported IPv6 NAT.
But I can't reproduce it every time. The issue is that when a client requests an AAAA record, RouterOS will randomly return NO_ERROR instead of Non-existent domain.
RouterOS will give clients "0.0.0.0" or "::" entries AAAA record to clients DNS cache, like RouterOS got "0.0.0.0" entries upsteam dns server that @strods said.
so clients will use :: to access server, will failed.
since a v7 release that I submit ticket it fix this, it less happen, but still have this issue and more randomly.
Well, but that is actually the correct and expected reply!
When you ask for AAAA records for a domain that exists but does not have AAAA records, the correct reply is NOERROR and 0 Answers.
And that is what it actually gives. However, when such a query is sent to a "normal" resolver, it also returns an Authority record, an SOA record.
RouterOS receives that from the upstream and puts it in the cache, but it does not return it to the client on the LAN. It returns either 0 Authority records, or it returns a list of root NS records.
Again, I do not know if that is the actual problem, but at least it is a difference between what MikroTik does, and what my ISP, my own bind9 resolver on my Linux machine, Google (8.8.8.8) and Cloudflare (1.1.1.1) all do! They return NOERROR, 0 Answer records, and 1 Authrority record: the SOA record.
The NXDOMAIN error should only be returned when the domain does not exist at all.
 
Grickos
newbie
Posts: 35
Joined: Thu Aug 06, 2015 2:57 am
Location: Croatia

Re: v7.7rc is released!

Sat Jan 07, 2023 11:55 am

There is definitely a problem with DNS.
Upgraded from rc2 to rc4 and IPTV streams normally but info and EPG are struggling. Luckily, I saw the DNS problem on this forum and saved a few hours of troubleshooting. Direct resolver 1.1.1.1 everything works normally again.
(Sorry for the bad English, it's Google's fault.)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Sat Jan 07, 2023 12:12 pm

There is definitely a problem with DNS.
Do you have IPv6? Does the situation change when you temporarily disable IPv6 on the internal network?
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Sat Jan 07, 2023 2:49 pm

We have tested "dig -t AAAA auth.split.io" type requests and can confirm, that replies have "Authority RRs: 0". However, that is the exact same behaviour in v7.6 and v7.7rc. Can anyone confirm that the services which are not working properly with 7.7rc are indeed working with v7.6? Does DNS cache in that particular case indeed do return "Authority RRs: 1" in such scenario which would make us believe that services like ViaPlay do not work because of this AAAA reply?
 
Grickos
newbie
Posts: 35
Joined: Thu Aug 06, 2015 2:57 am
Location: Croatia

Re: v7.7rc is released!

Sat Jan 07, 2023 4:16 pm

There is definitely a problem with DNS.
Do you have IPv6? Does the situation change when you temporarily disable IPv6 on the internal network?
I don't have IPv6. IPv6 is disabled.
I did a Flush Cache and it seemed to work for a short time.
Then I turned on the direct resolver and that's it. I will try to restore DNS to Mikrotik and see.
Maybe it was a coincidence, so I will try to reproduce the error again. (IPTV is Telemach, Cro)
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.7rc is released!

Sat Jan 07, 2023 4:26 pm

We have tested "dig -t AAAA auth.split.io" type requests and can confirm, that replies have "Authority RRs: 0". However, that is the exact same behaviour in v7.6 and v7.7rc. Can anyone confirm that the services which are not working properly with 7.7rc are indeed working with v7.6? Does DNS cache in that particular case indeed do return "Authority RRs: 1" in such scenario which would make us believe that services like ViaPlay do not work because of this AAAA reply?
FWIW I have had intermittent issues with streaming services from at least 7.6 (which I am currently running), as well as issues with Apple HomePods. I do have IPv6 internet. I am on an extended trip so cannot validate it’s the same issue/disable IPv6/change DNS issued by DHCP to be an upstream server vs the MikroTik device, but it sounds suspiciously familiar re: symptoms, to include periodic name resolution issues on page loads which I couldn’t explain. I am sorry I can not 100% validate, but this sure does sound like the right track to follow. Hopefully someone else running IPv6 on 7.6 + using the MikroTik resolver can validate.
Last edited by ormandj on Sat Jan 07, 2023 11:19 pm, edited 1 time in total.
 
Grickos
newbie
Posts: 35
Joined: Thu Aug 06, 2015 2:57 am
Location: Croatia

Re: v7.7rc is released!

Sat Jan 07, 2023 9:33 pm

Now I tried to switch DNS to mikrotik again. Problems loading Menu and info channels. In the end, it looks like everything is working, but it's struggling, it's slow. I noticed that HBO can't start at all. I tried 2-3 times. Only when I return to direct DNS does it work (Mikrotik DHCP server dns 1.1.1.1) everything works normally and HBO starts regularly. Between tests reboot IPTV BOx. Honestly, I wouldn't have thought that DNS was causing such problems. But apparently it's causing problems, I have no idea what.
I didn't notice any problems on 7.6 and v7.7rc2. Maybe there were some, but after a while IPTV still loads all the data, so I didn't notice.
(Sorry for my english)
 
fs0c13ty
just joined
Posts: 18
Joined: Fri Jun 09, 2017 8:33 am

Re: v7.7rc is released!

Sun Jan 08, 2023 6:23 am

there is bug in routeros cli. when you entering license in command line, when pasting 2 lines of key then pressing ctrl+c and ctrl+d after that, it will goes to infinite loop and never gets out.
you have to unplug the router or restart virtual machine.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Sun Jan 08, 2023 12:47 pm

I am searching for a tool that can be used to test and validate a DNS resolver. Something that you start, specify a resolver address, it does queries and it checks if the results are OK. Is anyone aware of such a thing?
I downloaded "unbound", a modern resolver, and it includes an elaborate testing tool. However, as far as I have been able to determine, it cannot test a competing resolver.
(it starts unbound with a configuration file that is included in each test, and it appears that it is directly linked to the unbound library rather than sending UDP packets)

Aside from that, it would probably be better when MikroTik abandoned their own code and started using "unbound". It looks like a lot of development effort went into that. And of course it supports DNSSEC.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.7rc is released!

Sun Jan 08, 2023 3:17 pm

Maybe DNSBench can help, I don't remeber if it also displays errors
 
Alter1000
just joined
Posts: 1
Joined: Fri Oct 29, 2021 4:20 pm

Re: v7.7rc is released!

Sun Jan 08, 2023 11:18 pm

Just to add another DNS related bit: with 7.7rc4 I have intermittent problems with Amazon Echo Show 8. Other echos (dot and echo plus) work fine.
The problem is alexa randomly stops working, saying something like "I can't connect".
Some times it fails soon after boot, other times works fine after boot but loose connection some time (hours) later.

If I switch to ISP router DNS evertything works fine (as it did with 7.5).
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.7rc is released!

Mon Jan 09, 2023 6:48 am

This is exactly what Siri does. Often 1-10 minutes later it will work fine again. I hadn’t chalked it and the steaming issues/random dns issues when loading remote resources to an update since it’s so intermittent.
Last edited by BartoszP on Mon Jan 09, 2023 8:38 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
User avatar
stmx38
Long time Member
Long time Member
Posts: 617
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: v7.7rc is released!

Mon Jan 09, 2023 9:04 am

Maybe we can try to use a simple bash script, but the main question is how to build the list of the hosts.

external=1.1.1.1
while read host; do
  if [ ! -z "$host" ]; then
    local_reply=$(dig $host +short | sort)
    external_reply=$(dig @$external $host +short | sort)
    diff <(echo $local_reply) <(echo $external_reply)
    if [[ $? -ne 0 ]]; then
      echo "`date` - different - $host"
      echo "local reply: $local_reply"
      echo "external reply: $external_reply"
      echo
    else
      echo "`date` - same - $host"
    fi
  fi
done <dns.names

I just created dns.names file from /ip/dns/cache print output. If we have a suspicious replies in the cache, we can try to perform a test.
Also, we may consider to adopt the script to show the error only in case of an empty reply.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Mon Jan 09, 2023 9:59 am

intra-vlan traffic hw-offloaded is not shown in vlan traffic statistics.
This is not a good thing for monitoring purpose!!!!!!

Is it possible to have it fixed?
 
johnsonX
just joined
Posts: 2
Joined: Tue Apr 19, 2022 11:58 am

Re: v7.7rc is released!

Mon Jan 09, 2023 11:03 am

Hope to support add zerotier moons in routeros.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Mon Jan 09, 2023 11:13 am

Maybe we can try to use a simple bash script, but the main question is how to build the list of the hosts.
It is probably no good to try to build test cases ourselves. That is why I was looking at the "unbound" test code as it appears to have many test cases and it has probably arisen from the many quirks that they have hit when developing "unbound".
When we could just run those tests against an arbitrary resolver (only via the network to a specified IP) it would be great. We could test the MikroTik resolver and maybe find a snag that they have also encountered during development.

But frankly, I think it would be better when MikroTik just used unbound. It can do everything that their resolver can do (maybe sometimes in a bit of a different way, e.g. it handles forwarding cleanly using "forward zones" instead of those ugly regexps), plus it can do things that are on the wishlist, like DNSSEC.
The only problem could be that the default binary is 1MB in size and it may not fit in the smips routers. But they are EOL for v7 anyway.
 
markonen
just joined
Posts: 23
Joined: Tue Aug 11, 2020 4:28 pm

Re: v7.7rc is released!

Mon Jan 09, 2023 11:45 am

Even the brand new 100G switch CRS504 has just 16MB of storage so that limitation is not going away any time soon. This is a decision MikroTik has made and the price is them having to build everything from scratch because the standard approaches will not fit.
Last edited by BartoszP on Mon Jan 09, 2023 11:58 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Mon Jan 09, 2023 12:23 pm

Even the brand new 100G switch CRS504 has just 16MB of storage so that limitation is not going away any time soon.
16MB is bad but the SMIPS devices are much worse, as they do not have enough RAM either so the new version has to fit in the flash alongside the old one during update.
Still, a 16MB flash device with an ARM CPU will not be a joy forever either. E.g. a hAP ac2 has only 1.4MB of space left in the flash on a v7.7rc install.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.7rc is released!

Mon Jan 09, 2023 12:55 pm

Even the brand new 100G switch CRS504 has just 16MB of storage so that limitation is not going away any time soon. This is a decision MikroTik has made and the price is them having to build everything from scratch because the standard approaches will not fit.
Yes, this decision I can't understand. No need to 1GB storage (although it's nice to have it), but 128MB should be the bare minimum to everything.
 
gtj0
just joined
Posts: 15
Joined: Wed Sep 23, 2020 8:08 pm

Re: v7.7rc is released!

Mon Jan 09, 2023 8:56 pm

I think I can add more info on the DNS...

1. I've had issues streaming content with Amazon FireTV and GoogleTV when they have IPv6 address for some time. Since 6.48 at least.
2. The issue is present on 6.48.1 (just tested today) and 7.7beta6.
3. I have 8.8.8.8 and 2001:4860:4860::8888 as my upstream resolvers.
4. Disabling IPv6 on the LAN solves the issue.
5. Sending 2001:4860:4860::8888 instead of the MTs address as the DNS server in my LAN RAs solves the issues.
6. As mentioned in previous posts, the only difference I see in responses between external resolvers and the MT is the lack of SOA record.
7. As mentioned in previous posts, I DO see the SOA records in the cache.
8. Now, get this... Using DoH (https://dns.google/dns-query) as the upstream resolver ALSO SOLVES THE ISSUE. I see the SOA record when querying the MT.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Mon Jan 09, 2023 9:20 pm

Yes, this decision I can't understand. No need to 1GB storage (although it's nice to have it), but 128MB should be the bare minimum to everything.
I think one of the reasons is that the interface technology for those flash chips changes at the 16MB mark. To have more, you either need to have a 16MB chip (to boot) plus some extra chip for more storage, or you would need to use different technology SoC that allows larger boot flash chips and probably costs more. Also, having two chips may mean that you need so many lines dedicated to interfacing the memory that you may not have enough left for other control purposes.
Still, going with that 16MB flash on so many devices certainly paints them in a corner.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.7rc is released!

Mon Jan 09, 2023 9:27 pm

It MAY costs more, but I don't think so. Why? Because of what we saw with the hAP AC3: it went from 16MB to 1GB - but it no longer can take 300k writes/cell, since it uses a different kind of flash. But it comes with 128MB - almost 10x more.

Yes, the SOC documentation states that it uses no more than 16MB SLC, but TLC can go up... 1GiB. If I'm not mistaken. I'm all for it, just uses wear leveling and call it a day.

And even if costs more: we are talking about 1GB, not 1TB. What would it be? US$ 2 more?
Last edited by BartoszP on Mon Jan 09, 2023 10:13 pm, edited 1 time in total.
Reason: What for the whole previos post is quoted?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Mon Jan 09, 2023 9:45 pm

In the MIPSBE days (2011, 750, 750r2 etc) even the cheap devices came with 128MB. But it was a different SoC. I did not read all datasheets (they may not even all be available) but apparently something changed when MMIPS was introduced, and it remained when ARM became the norm.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7rc is released!

Tue Jan 10, 2023 12:29 am

Even the brand new 100G switch CRS504 has just 16MB of storage so that limitation is not going away any time soon. This is a decision MikroTik has made and the price is them having to build everything from scratch because the standard approaches will not fit.
Yes, this decision I can't understand. No need to 1GB storage (although it's nice to have it), but 128MB should be the bare minimum to everything.
totally agree here! 16MB is way too less flash.

had problems in updating procedures because of that. had to do some resets and netinstalls for, TBH, no good reason if there were say 64MB at least of flash to have room for the update-npk
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Tue Jan 10, 2023 12:52 am

The update-npk is not stored in the flash except on SMIPS routers (toys).
 
Pl07R3K
just joined
Posts: 14
Joined: Fri Feb 11, 2022 4:15 pm

Re: v7.7rc is released!

Tue Jan 10, 2023 2:29 am

The bridge HW offloading does not work on hap ax3 and there is also no Host tab in the Switch menu, although according to the Switch Chip Features table the Port Switch and the Host Table should work on IPQ-PPE.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v7.7rc is released!

Tue Jan 10, 2023 8:51 am

Please solve this problem viewtopic.php?t=188600
With 7.7rc4 - no improvement
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7rc is released!

Tue Jan 10, 2023 9:20 am

TBH, no good reason if there were say 64MB at least of flash to have room for the update-npk
Unless RAM disk for downloading upgrade npk files becomes a norm on all devices, minimum usable flash size is 128MB on devices with ac/ax radios (i.e. all wifi devices). I guess 64MB would be enough for wired-only devices (many people would not be happy about that, running containers seems to be the next fashion).

On my Audience (128MB flash, 256MB RAM) running v7.6 and wifiwave2 driver, flash usage is 53MB. 7.2rc4 npk size is 27MB (13MB for base package and 14MB for wifiwave2 package). I haven't manually downloaded any newer version, but I expect file sizes to be similar (if not larger) in recent versions. RAM utilization is lurking around 160MB, so it would be possible to fit upgrade packages in RAM disk.
I did try to partition flash disk to two 64MB partitions. It was running fine, but upgrades obviously failed due to lack of flash space on 64MB partition.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7rc is released!

Tue Jan 10, 2023 1:44 pm

The update-npk is not stored in the flash except on SMIPS routers (toys).
how come? where else is it stored then and applied at reboot?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7rc is released!

Tue Jan 10, 2023 3:38 pm

The update-npk is not stored in the flash except on SMIPS routers (toys).
how come? where else is it stored then and applied at reboot?
It is stored in the RAMdisk which is available in all devices that have 16MB flash and 128MB or more of RAM (and from very recently can now also be enabled on devices with more flash, THANKS!).
So that includes almost all new devices. The SMIPS routers (hAP lite and hAP mini) do not even have enough RAM for a RAMdisk, so they can store it only in flash.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.7rc is released!

Tue Jan 10, 2023 3:42 pm


It is stored in the RAMdisk which is available in all devices that have 16MB flash and 128MB or more of RAM (and from very recently can now also be enabled on devices with more flash, THANKS!).
So that includes almost all new devices. The SMIPS routers (hAP lite and hAP mini) do not even have enough RAM for a RAMdisk, so they can store it only in flash.
thanks a lot for the clarification. always appreciate such insights
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.7rc is released!

Tue Jan 10, 2023 8:09 pm

It wasn't the whole post, @bartoz, only the relevant part. Before cutting out something, do pay attention.
 
Alex
Member Candidate
Member Candidate
Posts: 214
Joined: Thu Sep 30, 2004 11:07 am

Re: v7.7rc is released!

Tue Jan 10, 2023 10:33 pm

any chance to have dhcp snooping option 82 remote id and circuit id customization? we are using option 82 for client authorization on switch ports
we need remoteid=bridge/systemmac and circuitid=port number in hex
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7rc is released!

Wed Jan 11, 2023 8:50 am

please check
SUP-104088, dns AAAA issue
 
mkamenjak
newbie
Posts: 41
Joined: Tue Jul 13, 2021 12:49 pm

Re: v7.7rc is released!

Wed Jan 11, 2023 9:24 am

I am waiting for SUP-99383. The fix supposedly is in v7.7 and I am not questioning that. However I can't test that as I am not putting an 'RC' on a production router.
No need to hurry Mikrotik, I will wait patiently. Although my device maybe wont and the issue will reappear :)

However I am curious, v7.7 has been in testing for ~3 months now, Yet some other releases have whizzed trough testing in 3 weeks. And those longer development cycles happen every so often. Is that something Mikrotik does intentionally to stabilize routeros, or are some releases just that troubled?
 
Rox169
Member
Member
Posts: 433
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7rc is released!

Wed Jan 11, 2023 10:11 am

I agree with taking time and releasing really stable versions.

It use to be crazy...no matter what kind issue was included in stable version or how many HW will be bricked but every month new "stable" version....
 
mkamenjak
newbie
Posts: 41
Joined: Tue Jul 13, 2021 12:49 pm

Re: v7.7rc is released!

Wed Jan 11, 2023 10:58 am

I agree with taking time and releasing really stable versions.

It use to be crazy...no matter what kind issue was included in stable version or how many HW will be bricked but every month new "stable" version....
I don't think they changed anything. As far as I remember working with Mikrotik, some versions just had slower development. Something like every 4th 6.x/7.x was slow to release. Or sometimes it even took them months to release a 6.x.y hotfix.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Wed Jan 11, 2023 3:30 pm

What's new in 7.7rc5 (2023-Jan-11 13:20):

*) dns - fixed CNAME reading from the cache (introduced in v7.7rc3);
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - fixed R11e-LTE6 port mapping;

Please keep this forum topic strictly related to this particular RouterOS release.
 
jovaf32128
just joined
Posts: 24
Joined: Sun Apr 26, 2020 9:22 pm

Re: v7.7rc is released!

Wed Jan 11, 2023 3:45 pm

7.7rc5 (2023-Jan-11 13:20):
hap ac3 updated ok
 
Shadowman94
just joined
Posts: 1
Joined: Thu Mar 07, 2019 2:25 am

Re: v7.7rc is released!

Wed Jan 11, 2023 3:50 pm

Hello everyone, with that new rc's on RB4011iGS+5HacQ2HnD, CPU Frequecy is not reported, also CPU Frequency settings is missing again. ( but its present in 7.7beta6 ).
 
Sit75
just joined
Posts: 12
Joined: Thu Mar 11, 2021 9:43 pm

Re: v7.7rc is released!

Wed Jan 11, 2023 11:54 pm

I have tried RC5 on hAP ac^2 256MB and works fine. Regarding DNS definitely better performance, but very rarely (really very rarely) there is strange high cache DNS latency on directly connected (wire or wireless) device. Checked by DNS Check. I have curious question, is DNS process priority and run really securerd and reliable? Or can be interrupted by any other load or other processes? On the other hand, router was under low load (up to 10%).
 
User avatar
ghostinthenet
newbie
Posts: 31
Joined: Sun Apr 04, 2021 1:36 pm
Location: Niagara-on-the-Lake, Canada
Contact:

Re: v7.7rc is released!

Thu Jan 12, 2023 12:03 am

Attempting to load an ED25519 public key into my CHR per the following change announcement:

*) ssh - added support for Ed25519 key exchange;

I'm importing the key with the usual command, but still getting the same error I always used to get.

/user/ssh-keys/import public-key-file=id_ed25519.pub user=admin
unable to load key file (wrong format or bad passphrase)!

The key type in the public key file is "ssh-ed25519" so I'm wondering if RouterOS is expecting something different.

Thoughts?
 
User avatar
CTassisF
newbie
Posts: 35
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: v7.7rc is released!

Thu Jan 12, 2023 12:36 am

The key type in the public key file is "ssh-ed25519" so I'm wondering if RouterOS is expecting something different.

RouterOS added ed25519 support for *key exchange*. This can be set using KexAlgorithms option in OpenSSH.

The key you can generate using ssh-keygen and you use to log in is a different thing.
 
User avatar
ghostinthenet
newbie
Posts: 31
Joined: Sun Apr 04, 2021 1:36 pm
Location: Niagara-on-the-Lake, Canada
Contact:

Re: v7.7rc is released!

Thu Jan 12, 2023 1:01 am

The key you can generate using ssh-keygen and you use to log in is a different thing.

Got it. That makes sense. Thanks. If they’ve added it to key exchange, it may not be unreasonable to be optimistic about it being added to key authentication soon.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.7rc is released!

Thu Jan 12, 2023 4:27 am

when we will get stable v. of 7.7?
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7rc is released!

Thu Jan 12, 2023 5:56 am

I got a missing 5GHz A/N/AC wireless available under CAPSMan after updating to V7.7rc5.

It restored when I reverted back to rc4.

All APs (ac2) do not install wave2 nor I install wave2 into the CAPSMan router.
 
ilmars
just joined
Posts: 4
Joined: Thu Jun 21, 2018 11:19 pm

Re: v7.7rc is released!

Thu Jan 12, 2023 8:54 am

Still with RouterOS 7.7rc5, given that one connects serial console cable directly to switch (have tested only with several CRS354) some kind of strange named error is always being shown:
insmod: /lib/modules/5.6.3/drivers/char/music_dog.ko failed: 22 Invalid argument
Can anyone else repeat it?
 
User avatar
kosyot
newbie
Posts: 36
Joined: Wed Jan 16, 2019 1:28 pm
Contact:

Re: v7.7rc is released!

Thu Jan 12, 2023 11:46 am

/routing/route/print count-only
working only without any where clause, otherwise returning always 0

@Winbox Routing/BGP/Sessions - "Prefix Count" always 0 /no release till now that work.../
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Thu Jan 12, 2023 12:12 pm

/routing/route/print count-only
working only without any where clause, otherwise returning always 0

@Winbox Routing/BGP/Sessions - "Prefix Count" always 0 /no release till now that work.../
it is a known bug, fixed but the fix not yet added to 7.7branch
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7rc is released!

Thu Jan 12, 2023 12:17 pm

on 7.7rc4 and 7.7rc5 we still have issue about pppoeservers:
- in rare condition the simple queue about pppoe-client inteface became unknow and not canceled on client disconnection (seems related to a massive clients disconnection);
- more frequentòy the pppoe-client dynamic interface of just authenticated customer it is not running, so the clients is authenticated but not able to usethe connection

both issues are present on several x86 platform and documentated with a lot of supouts through [SUP-97493].
this is a critical fix needed to have a stable pppoe concetrator based on v7.

regards
Ros
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7rc is released!

Thu Jan 12, 2023 2:39 pm

Version 7.7 has been released:
viewtopic.php?t=192427

Who is online

Users browsing this forum: Amazon [Bot], haedertowfeq, JohnTRIVOLTA, TeWe and 18 guests