Page 1 of 1
DoH server connection error, idle time out connecting
Posted: Wed Jun 10, 2020 1:15 pm
by hendra
sometimes "DoH server connection error, idle time out - connecting" after a few hour so i cant connect internet for 1-3 seconds. how to solve this thanks
Re: DoH server connection error, idle time out connecting
Posted: Wed Jun 10, 2020 2:28 pm
by Pea
Probaly problem with your connection, but likely these short time errors you will not notice for normal use.
You can also do DoH verification:
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=””
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
Re: DoH server connection error, idle time out connecting
Posted: Wed Jun 10, 2020 9:17 pm
by hendra
how long we can use this certifcate ?
Re: DoH server connection error, idle time out connecting
Posted: Wed Jun 10, 2020 9:29 pm
by eworm
It expires nov/10/2031 02:00:00, that's more than 595 weeks from now.
Re: DoH server connection error, idle time out connecting
Posted: Wed Jun 10, 2020 11:55 pm
by hendra
how about this error
dns,error DoH server connection error: remote disconnected while in HTTP exchange
any solution ?
Re: DoH server connection error, idle time out connecting
Posted: Wed Jun 10, 2020 11:57 pm
by hendra
It expires nov/10/2031 02:00:00, that's more than 595 weeks from now.
thank you sir
Re: DoH server connection error, idle time out connecting
Posted: Fri Nov 13, 2020 10:43 pm
by benoitm974
After trying to setup DOH on 6.47 (stable) and testing firlware on hex, using opendns, clouflare and google dns i always experience the same behavior. (settings up proper static DNS for the doh server, then ensuring SSL root cert is added)
Setup works very well for 45 minutes to 1h30 and then no more resolution is done. I can reboot the hex and it works again, but after 45 min to 1h30 again it don't work again.
Log show server time out, while I can access it via IP adress... flushing the DNS cache doesn't help.
Benoit
Re: DoH server connection error, idle time out connecting
Posted: Mon Dec 14, 2020 11:25 am
by dbarcot
I'm experiencing same issue here and there and found post it may be due to low value of "max-concurrent-tcp-sessions". I just did rise to default 20 and will see if it helps
Re: DoH server connection error, idle time out connecting
Posted: Wed Jan 06, 2021 5:06 am
by benoitm974
Hi is there any update from Mikrotik on this stability issue with DOH ? I have the same here either using opendns cloudflare or Google DOH server, after around 1h queries timeout, restarting the router works but again 1h later same issue...
Re: DoH server connection error, idle time out connecting
Posted: Tue Feb 16, 2021 10:23 am
by Note
Same issue here. Not any fix yet?
DoH server connection error, idle time out connecting...........
Re: DoH server connection error, idle time out connecting
Posted: Sat Feb 27, 2021 5:34 pm
by homemark22
same here 15 line error log how it can be solve?
Re: DoH server connection error, idle time out connecting
Posted: Thu Mar 11, 2021 6:35 pm
by kato1
I've recently tried DoH feature and this error message appears from time to time depending on load.
If you enable logs for dns you can see something like that:
612 Mar/11/2021 18:18:42 memory dns, error DoH server connection error: Idle timeout - connecting
613 Mar/11/2021 18:18:
42 memory dns done query: #16331 dns server failure
...
520 Mar/11/2021 18:18:
37 memory dns query from 10.10.100.32: #16331
www.google.com. A
Just part of the queries fails. It stay so in any configuration: with google or cloudflare, with or w/o "Verify DoH Certificate", w/ and w/o static records for DoH servers etc.
After removing DoH server error logs disappear.
my fw is 6.48.1
Re: DoH server connection error, idle time out connecting
Posted: Mon Jun 21, 2021 7:41 pm
by greenchigo
Same issue. HEX S stable 6.48.3, or longterm 6.47.10. Reboot router resolve issue for a time about few hours, maybe less winbox stuck on "Logining...". Only reboot with power cycle can resolve.
RouterOS developers, please pay attention to this bug (stable and longterm branches). It's kind of memory leak or something.
In log a lot of:
DoH server connection error: SSL: handshake timed out (6)
DoH server connection error: resolving error
l2tp connections with ipsec stop working and can't reconnect without reboot with messages in log:
initiator can't find identity for peer:
Re: DoH server connection error, idle time out connecting
Posted: Sun Aug 01, 2021 5:52 pm
by RoutoRooter
I can confirm the bug on my HAP AC, with or without certificate verification. The bug is also present in 6.49beta54 and 7.1beta6. It doesn't appear it's being addressed.
Re: DoH server connection error, idle time out connecting
Posted: Wed Aug 04, 2021 11:15 pm
by RoutoRooter
Just filled out a bug report.
Re: DoH server connection error, idle time out connecting
Posted: Wed Sep 01, 2021 1:45 am
by RoutoRooter
Figured out the problem. The “Syn Flood” rules in the firewall are picking up DoH as a flood attack and blocking all packets from whoever your DoH provider is. Disable the “syn” firewall rules and DoH will work.
Re: DoH server connection error, idle time out connecting
Posted: Sun Sep 12, 2021 9:26 pm
by iamsyaqib
Figured out the problem. The “Syn Flood” rules in the firewall are picking up DoH as a flood attack and blocking all packets from whoever your DoH provider is. Disable the “syn” firewall rules and DoH will work.
Hey, how do you disable the syn flood rule ? Do you create a new firewall rule or just simply disable an existing one, I didn't find anything that says "Syn"...
Re: DoH server connection error, idle time out connecting
Posted: Tue Sep 28, 2021 11:16 pm
by eworm
There is a general ip setting:
/ip settings set tcp-syncookies=yes|no
No idea if that is what RoutoRooter referred...
Re: DoH server connection error, idle time out connecting
Posted: Wed Oct 27, 2021 12:36 pm
by Cyberurmel
Hi,
is i have the issue too...i set this to yes and will see if this has an impact. But not really shure if this is a risk for the own system?
What do you mean?
thanks
Regards
Cyb
Re: DoH server connection error, idle time out connecting
Posted: Wed Oct 27, 2021 3:08 pm
by jaxed8
Figured out the problem. The “Syn Flood” rules in the firewall are picking up DoH as a flood attack and blocking all packets from whoever your DoH provider is. Disable the “syn” firewall rules and DoH will work.
In my router settings
/ip settings set tcp-syncookies=no is disable but still i got the same issue.
"DoH server connection error: SSL: handshake timed out (6)"