Community discussions

MikroTik App
  4. RouterOS
  5. General

Could not resolve dns name  [SOLVED]

Post Reply
 
Datanav
just joined
Topic Author
Posts: 24
Joined: Mon Jul 15, 2019 8:06 pm
Location: Nairobi, Kenya
Contact:
Contact Datanav

Could not resolve dns name

Fri Jan 06, 2023 8:26 am

Trying to update(check for updates) but am facing the error "Could not resolve dns name".

Just to add on, i cannot even perform "ping" from the device.

Below is my config:
Code: Select all
# jan/05/2023 21:22:14 by RouterOS 6.49.6
# software id = MXWL-FJNR
#
# model = 951Ui-2HnD
/interface bridge
add comment="Port 4 for Network Debug" name="Debug Port"
add comment="To be used for Gitongas Network" name="Gitonga's Network"
add admin-mac=D4:CA:6D:C6:6B:F4 auto-mac=no comment="Main Network" name=\
    bridge
/interface ethernet
set [ find default-name=ether5 ] disabled=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name="Main LAN LIST"
add name="Main Wifi LIST"
add name="Gitonga's LAN LIST"
add name="Debug Port List"
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
    unicast-ciphers=tkip,aes-ccm
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=\
    dynamic-keys name="Main WIFI Password" supplicant-identity=DataNav \
    unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=kenya disabled=no \
    distance=indoors frequency=auto installation=indoor mode=ap-bridge \
    security-profile="Main WIFI Password" ssid="Love Life" wireless-protocol=\
    802.11 wps-mode=disabled
/ip pool
add name="Main LAN Network DHCP" ranges=192.168.10.10-192.168.10.50
add name=dhcp ranges=192.168.11.2-192.168.11.4
add name=vpn ranges=192.168.89.2-192.168.89.255
add name="Main Wifi DHCP Pool" ranges=192.168.12.2-192.168.12.50
/ip dhcp-server
add address-pool="Main LAN Network DHCP" disabled=no interface=bridge \
    lease-time=1d name="Main LAN Network"
add address-pool=dhcp disabled=no interface="Gitonga's Network" lease-time=1d \
    name="Gitonga's DHCP Server"
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue simple
add burst-limit=4M/4M burst-threshold=1M/1M burst-time=20s/20s max-limit=\
    4M/4M name="Gitonga's Queue" target="Gitonga's Network"
add burst-limit=6M/6M burst-threshold=1M/1M burst-time=20s/20s disabled=yes \
    max-limit=6M/6M name="WIFI Queue" target=bridge
/interface bridge port
add bridge="Gitonga's Network" comment="Gitonga's Network" interface=ether2
add bridge=bridge comment="Garden WIFI Network" interface=ether3
add bridge="Debug Port" comment="Port 4 For Debug" interface=ether4
add bridge=bridge interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=all
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add comment="Main Lan List" interface=bridge list="Main LAN LIST"
add comment=defconf interface=ether1 list=WAN
add comment="Gitongas Lan List" interface="Gitonga's Network" list=\
    "Gitonga's LAN LIST"
add comment="Debug Port List" interface="Debug Port" list="Debug Port List"
add interface="Gitonga's Network" list="Debug Port List"
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.10.1/24 comment="Main LAN Network" interface=bridge \
    network=192.168.10.0
add address=192.168.11.1/24 comment="Gitonga's Network" interface=\
    "Gitonga's Network" network=192.168.11.0
add address=192.168.13.1/24 comment="Debug Port4" interface="Debug Port" \
    network=192.168.13.0
add address=192.168.1.6/24 interface=ether1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 comment="Main Network" dns-server=\
    192.168.10.1,8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.11.0/24 comment="Gitonga's Network" dns-server=\
    192.168.11.1,8.8.8.8,8.8.4.4 gateway=192.168.11.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.11.1 comment=defconf name=router.lan
/ip firewall filter
add action=drop chain=forward disabled=yes dst-address-list=TikTok \
    src-address=192.168.10.0/24
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
    protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list="!Main LAN LIST"
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    4w2d chain=prerouting content=.tiktok.com src-address=192.168.10.0/24
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    4w2d chain=prerouting content=.tiktokv.com src-address=192.168.10.0/24
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    4w2d chain=prerouting content=.tiktokcdn.com src-address=192.168.10.0/24
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    4w2d chain=prerouting content=.byteoversea.com src-address=\
    192.168.10.0/24
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    4w2d chain=prerouting content=.ibyteimg.com src-address=192.168.10.0/24
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    4w2d chain=prerouting content=.ibytedtos.com src-address=192.168.10.0/24
add action=add-dst-to-address-list address-list=TikTok address-list-timeout=\
    4w2d chain=prerouting content=.myqcloud.com src-address=192.168.10.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
    192.168.89.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 gateway=192.168.1.1
/ppp secret
add name=vpn
/system clock
set time-zone-name=Africa/Nairobi
/system clock manual
set time-zone=+03:00
/system identity
set name=Kmbugua
/system note
set note="Yoo My Guy, you are my Guy!" show-at-login=no
/system ntp client
set enabled=yes mode=broadcast primary-ntp=169.239.132.102 secondary-ntp=\
    162.159.200.123
/system ntp server
set broadcast=yes enabled=yes
/tool mac-server
set allowed-interface-list="Main LAN LIST"
/tool mac-server mac-winbox
set allowed-interface-list="Main LAN LIST"
Top
 
bonbonjavier
just joined
Posts: 1
Joined: Thu May 14, 2020 7:31 pm

Re: Could not resolve dns name

Fri Jan 06, 2023 8:40 am

Experiencing the same issue on a dual ISP setup. Up on this,.
Top
 
erlinden
Forum Guru
Forum Guru
Posts: 2771
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Could not resolve dns name

Fri Jan 06, 2023 10:52 am

Do you have Internet access at all on the MikroTik?
Does a ping 8.8.8.8 give a response?
Top
 
Datanav
just joined
Topic Author
Posts: 24
Joined: Mon Jul 15, 2019 8:06 pm
Location: Nairobi, Kenya
Contact:
Contact Datanav

Re: Could not resolve dns name

Fri Jan 06, 2023 1:20 pm

Do you have Internet access at all on the MikroTik?
Does a ping 8.8.8.8 give a response?
Yes, i can browse and ping easily from PC connected to the mikrotik but cannot ping inside mikrotik itself.
Image
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7199
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: Could not resolve dns name  [SOLVED]

Fri Jan 06, 2023 1:29 pm

Because you are dropping it in input chain. Add rules to accept ICMP and any other protocol to make it work or add rule to accept established connections.
Top
 
Datanav
just joined
Topic Author
Posts: 24
Joined: Mon Jul 15, 2019 8:06 pm
Location: Nairobi, Kenya
Contact:
Contact Datanav

Re: Could not resolve dns name

Fri Jan 06, 2023 1:52 pm

Because you are dropping it in input chain. Add rules to accept ICMP and any other protocol to make it work or add rule to accept established connections.
Mind sharing the exact rule that am missing/ or that i need to add?

Update:
Found the rule that i need to add. For anyone else with the same issue add the below rule to your firewall filters:
Code: Select all
/ip firewall filter
add action=accept chain=input comment="default configuration" connection-state=established,related
Top
Post Reply
  4. RouterOS
  5. General