dns requests to Mikrotik fail if udp on linux

petree77 · Sat Sep 29, 2018 3:53 am

I'm running into a weird issue. My whole home network is based around mikrotik. The main edge router is a rb3011 its acts as the edge of the network and runs dhcp-server, dhcp-client and dns among other things. There's no hotspot on it, but it is the capsman server for the house.

The weirdness I'm seeing is under linux:

dig cnn.com @192.168.1.254

; <<>> DiG 9.9.9-P1 <<>> cnn.com @192.168.1.254
;; global options: +cmd
;; connection timed out; no servers could be reached

This is the result 9 times out of 10, the other time it works reliably.

However, this command works under OSX without issue.

If I do a TCP only query in linux it always works:

dig +tcp cnn.com @192.168.1.254

; <<>> DiG 9.9.9-P1 <<>> +tcp cnn.com @192.168.1.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11046
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cnn.com.                       IN      A

;; ANSWER SECTION:
cnn.com.                26      IN      A       151.101.193.67
cnn.com.                26      IN      A       151.101.1.67
cnn.com.                26      IN      A       151.101.129.67
cnn.com.                26      IN      A       151.101.65.67

;; Query time: 0 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Fri Sep 28 19:51:23 CDT 2018
;; MSG SIZE  rcvd: 89

I should also note that while I'm using cnn.com in my examples, any lookup exhibits this same behavior under linux. I have multiple linux boxes and they're all exhibiting the issue, so its not a config issue with a single machine.

Sob · Sat Sep 29, 2018 4:16 pm

If it would be me, I'd start with packet sniffer at both PC and router. It often reveals something interesting.

petree77 · Sat Sep 29, 2018 8:12 pm

Looking at a packet trace from one of the linux machines, I see the outgoing DNS request and no replies 90% of the time.

Looking at a packet trace on the routerboard I see the requests coming in, and no reply going out, again 90% of the time. When the packet trace shows a reply I get the reply back on the linux machine.

TCP DNS requests are always answered.

Sob · Sat Sep 29, 2018 9:34 pm

Next step is to check what RouterOS does when it receives the query. Does the answer already exist in cache? Does it send the query upstream? Does it receive reply in timely fashion?

pe1chl · Sat Sep 29, 2018 10:22 pm

It works fine for me on Linux. There probably is more to it than you mention, so please post your configuration.

R1CH · Mon Oct 01, 2018 3:33 pm

I have an open ticket (#2016082522001037) about bad DNS behavior with the RB850Gx2, apparently with multi core some UDP packets are simply dropped. Perhaps it applies to the RB3011 also. This is a problem since the Linux resolver likes to send two queries at once, one for IPv4 and one for IPv6.

Try adding

options single-request

to your /etc/resolv.conf and see if it fixes the issue.

              single-request (since glibc 2.10)
                     Sets RES_SNGLKUP in _res.options.  By default, glibc
                     performs IPv4 and IPv6 lookups in parallel since
                     version 2.9.  Some appliance DNS servers cannot handle
                     these queries properly and make the requests time out.
                     This option disables the behavior and makes glibc
                     perform the IPv6 and IPv4 requests sequentially (at the
                     cost of some slowdown of the resolving process).

dns requests to Mikrotik fail if udp on linux

dns requests to Mikrotik fail if udp on linux

Re: dns requests to Mikrotik fail if udp on linux

Re: dns requests to Mikrotik fail if udp on linux

Re: dns requests to Mikrotik fail if udp on linux

Re: dns requests to Mikrotik fail if udp on linux

Re: dns requests to Mikrotik fail if udp on linux