Hi everyone,
I have some problems
1. Is it to use the same router as a dns server.
2. I have activated the dns and does not seem to cache anything.
I set the primary-dns to my routers ip address 192.xxx.xxx.1
and the secondary-dns to my external dns 217.xxx.xxx.30
/ip dns cache print shows nothing
Please I need this help as soon as posible.
to enable me use this caching feature I enable the hotspot and it was able to cache but that does not seem to have any impact on the browsing. It still goes to the external dns to resolve the IPs. But if you look in /ip dns cache print you will see list of sites.
Am I missing something or I got all wrong.
Any one with solution here?
Paul
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
Primary and secondary DNS servers should both be external to your network.
With your current setup, a client makes a request to your router that it can't answer, so the router goes to the primary server to find out what the answer is; but, it's pointing at itself, and it doesn't know what the answer is...
You get the picture? :)
Regards
Andrew
With your current setup, a client makes a request to your router that it can't answer, so the router goes to the primary server to find out what the answer is; but, it's pointing at itself, and it doesn't know what the answer is...
You get the picture? :)
Regards
Andrew
Does This Mean that there is a specail DNS software on another machine?With your current setup, a client makes a request to your router that it can't answer, so the router goes to the primary server to find out what the answer is; but, it's pointing at itself, and it doesn't know what the answer is...
Did you enable "allow remote requests"?
I did enable it but still nothing happend. Must I Put a static cache?
I have changed the Primary DNS to antoher systems IP Adress on the same Network, 192.16x.xx.3. This system is ruunning XP. I still did not see any activity on the Cache.
Do I need another DNS Cache software?
What I want actually is to improve the speed of browsing for my clients by directing their Primary DNS to a local DNS which will automatically cache at all time etc.
Any other idea on how I can do this with Mikrotik?
my understanding of the dns caching feature of the mikrotik OS is that you must create a list of domains that it will build a cache of. This is a static entry list in that you must manually enter them into the system. It does not work like a DNS server in that it dynamically builds a list of domains. That is where the forwarder comes into play. If you want to make DNS lookups faster, I would recommend placing an actual DNS server at that location on that LAN, or as close to it as possible. You can use Linux or Unix on an inexpensive computer for that. Right now I would just disable the DNS feature on the Mikrotik and set the DNS for your clients to the 2 external DNS servers. That would get you up and running and take some of the pressure off and let you plan your next move. If you are using DHCP this shoudl be fairly easy.
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
The Primary and Secondary servers set in MT define Forwarders. These are used when the DNS server on MT does not have the information the client is looking for. You would normally specify your ISPs DNS servers for both of these. If your ISP has only given you one server address then enter this as the Primary and leave the Secondary blank.
You then specify the MT address for your clients' DNS setting. Clients will query the MT for DNS information, and if the MT does not have this information it will query it's Primary and if that fails then Secondary servers. Once it has the requested information this will be returned to the client and also entered into the cache as a dynamic entry.
You do not have to build a list of domains on the MT.
If you wish the MT to resolve local addresses then these are entered as static entries into the cache.
Regards
Andrew
You then specify the MT address for your clients' DNS setting. Clients will query the MT for DNS information, and if the MT does not have this information it will query it's Primary and if that fails then Secondary servers. Once it has the requested information this will be returned to the client and also entered into the cache as a dynamic entry.
You do not have to build a list of domains on the MT.
If you wish the MT to resolve local addresses then these are entered as static entries into the cache.
Regards
Andrew
I can see some activities in the cache area now, but still it does not seem to improve the speed of browsing.
The idea is to enable my cleinte browse faster, and dns is suppose to do that sence it does cache the sites clients are support to automatically get the information of the sites when they request for it.
What I think is that I have to have a real DNS server in place to achieve this.
so any ideas where or how I can get real dns server, I am currently installing the windows 2003 server to use it as dns, will this help?
Paul
Ideas are meant to be shared 
The idea is to enable my cleinte browse faster, and dns is suppose to do that sence it does cache the sites clients are support to automatically get the information of the sites when they request for it.
What I think is that I have to have a real DNS server in place to achieve this.
so any ideas where or how I can get real dns server, I am currently installing the windows 2003 server to use it as dns, will this help?
Paul
Ideas are meant to be shared 
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
Unless your ISPs DNS servers are really slow to respond then I doubt you'd notice any difference in browsing speed by using a local DNS cache whether it's running on MT or Windows 2003 server (or any other OS for that matter).
The main advantage to running a local DNS server (again, MT or Windows) is that clients can look up local addresses which your ISP isn't going to know about.
Regards
Andrew
The main advantage to running a local DNS server (again, MT or Windows) is that clients can look up local addresses which your ISP isn't going to know about.
Regards
Andrew
Most probably you are using satellite link? So you want to avoid 700-2000ms ping/reply from dns server?
You should setup providers primary and secondary dns servers.
Turn on Allow remote requests and then put this in dst-nat
dst-address=:53 protocol=udp action=nat to-dst-address=192.xxx.x.x (your Router/Gateway IP)
which should intercept all DNS requests from your clients and force them to use MT's DNS cache.
This was working for me when i was using satellite
Cheers...
P.S. Is it possible from you to send me some suya spice?
You should setup providers primary and secondary dns servers.
Turn on Allow remote requests and then put this in dst-nat
dst-address=:53 protocol=udp action=nat to-dst-address=192.xxx.x.x (your Router/Gateway IP)
which should intercept all DNS requests from your clients and force them to use MT's DNS cache.
This was working for me when i was using satellite
Cheers...
P.S. Is it possible from you to send me some suya spice?
Last edited by djape on Fri Apr 22, 2005 11:22 pm, edited 1 time in total.
- Turn on Allow remote requests and then put this in dst-nat
dst-address=:53 protocol=udp action=nat to-dst-address=192.xxx.x.x (your Router/Gateway IP)
Thanks Djape for the insite but here is what I have done so far.
I have turned on the "allow remote request". set the Primary Dns to my ISP DNS which are Primary DNS=217.194.158.6; Secondary DNS=217.194.158.30. Cache size is 8048
My client are using my MT router IP adress as their dns which is 192.168.50.1.
Now I have been observing the the cache area for some time now. I notice that when I have much clients on, the cache list increases and when they are less it also goes down. I have restart my MT to check if the cache list will still be available but what I found was not all the site that was listed in the cache when it was on.
I have less timeout on my gateway now and the queue is working fine. Some of the clients reported that the speed has improved a little.
But will it get better than that or is there any thing I need to do.
Hey please, I need help with blocking all the IP address that I am not using. I want to only allow the IPs that are in use and rest should not be accessible unless I permit it.
Thanks again for all the help.
Paul
About the SUYA, just tell me how to send it and you will get it.
I am not sure about your DNS-cache problem, but it shouldn't be present in 2.8 versions of MT. I remember this problem on 2.7 versions.
It will fill dns cache and then the cache would disapear not even reaching 1MB.
"Hey please, I need help with blocking all the IP address that I am not using. I want to only allow the IPs that are in use and rest should not be accessible unless I permit it. "
Use static ARP, bound IP address to mac-address for each user, than turn on ARP=reply-only on your ap-bridge interface.
This means that only users that have exact mac an ip address can use your network.
Something like this:
ip arp >
add address=192.168.1.100 mac-address=00:0D:88:xx:xx:00 interface=Loc
al (or the name you are using)
add address=192.168.1.101 mac-address=00:0D:88:xx:xx:x1 interface=Loc
al
...etc...
So, even if you add new user on your access list, you MUST add his ip and mac-address to arp.
Thx for SUYA, but my father is in Abuja right now, so he will bring some soon BTW, I was working in Abuja for more than 2 years...
Cheers...
It will fill dns cache and then the cache would disapear not even reaching 1MB.
"Hey please, I need help with blocking all the IP address that I am not using. I want to only allow the IPs that are in use and rest should not be accessible unless I permit it. "
Use static ARP, bound IP address to mac-address for each user, than turn on ARP=reply-only on your ap-bridge interface.
This means that only users that have exact mac an ip address can use your network.
Something like this:
ip arp >
add address=192.168.1.100 mac-address=00:0D:88:xx:xx:00 interface=Loc
al (or the name you are using)
add address=192.168.1.101 mac-address=00:0D:88:xx:xx:x1 interface=Loc
al
...etc...
So, even if you add new user on your access list, you MUST add his ip and mac-address to arp.
Thx for SUYA, but my father is in Abuja right now, so he will bring some soon
BTW, I was working in Abuja for more than 2 years...Cheers...
Hi djape,
Thanks for all the help so far. Can you give me a guide on how you did your cash?
Let me ask you, can the dns cash improve browsing? If it does, do I then need another system configured as dns.
Please can you give me a clue on how to go on from here, I am can of lost around here.
After introducing the bandwidth management, some of my clients complaind of slow browsing, then I thought it would help if I introduce the DNS cache, which I believed would improve their browsing speed, at least open the web pages faster since they are cached in a local drive. But this is not the case here.
Or did I get it all wrong?
Paul
I Just need to get through with this and face another challenge.
Thanks for all the help so far. Can you give me a guide on how you did your cash?
Let me ask you, can the dns cash improve browsing? If it does, do I then need another system configured as dns.
Please can you give me a clue on how to go on from here, I am can of lost around here.
After introducing the bandwidth management, some of my clients complaind of slow browsing, then I thought it would help if I introduce the DNS cache, which I believed would improve their browsing speed, at least open the web pages faster since they are cached in a local drive. But this is not the case here.
Or did I get it all wrong?
Paul
I Just need to get through with this and face another challenge.
I think you're talking about Web Proxy, not DNS cache?After introducing the bandwidth management, some of my clients complaind of slow browsing, then I thought it would help if I introduce the DNS cache, which I believed would improve their browsing speed, at least open the web pages faster since they are cached in a local drive. But this is not the case here.
Or did I get it all wrong?
You're going to cache web pages into your MT, right?
Regards,
Suwanto
Yes your are right its a miss up.
I have introduced the Web Proxy its running and there are cache activity but it seems it does not help the speed.
Anyway I have only one PC hookup to it as I am currently testing it before I put it back. The hist is about 85 and cache-size is 9680 KB.
I am running a transparent proxy.
Is there anything I need to do to speed it up guys?
I have introduced the Web Proxy its running and there are cache activity but it seems it does not help the speed.
Anyway I have only one PC hookup to it as I am currently testing it before I put it back. The hist is about 85 and cache-size is 9680 KB.
I am running a transparent proxy.
Is there anything I need to do to speed it up guys?
Is there anything I need to do to speed it up guys?
First of all, on satellite link you will have trouble with transparent proxy! Try forcing your customers to use proxy directly! Tell them that it's in their interest.
Second, DNS cache can highly reduce your reply regarding web browsing over high latency link.
Third, try to log on MT demo ruter and do what they did with virus rule.
Now, try to use Red (Random Early Drop) queue on interface that is connected to satellite router!
Limiting user below 128kbit/s will make browsing a nightmare. So give all users at least 128kbit/s (for each).
Also, try reducing tcp established connection from 3days to 1 day.
This is it.
To be honest there is nothing it could help you. Basicaly, sharing satellite link is not a good idea.
Reason is TCP congestion over satellite link and limited number of established tcp connections (usually around 100) which is far from enough for more multiply users
Cheers...
-
-
Hugh Hartman
Frequent Visitor
- Posts: 92
- Joined:
- Location: Fort Kent, Maine
In following this thread, I could use a little clarification, if someone doesn't mind explaining..
I'm trying to understand DNS server vs DNS Cache.
Am I correct that a Local "DNS server" will reslove addresses if the primary/secondary DNS server of the upstream provider is down?
And DNS cache on MT will not resolve addresses, unless already saved in the MT when the primary/secondary DNS server of the upstream provider is down?
I'm trying to understand DNS server vs DNS Cache.
Am I correct that a Local "DNS server" will reslove addresses if the primary/secondary DNS server of the upstream provider is down?
And DNS cache on MT will not resolve addresses, unless already saved in the MT when the primary/secondary DNS server of the upstream provider is down?