MikroTik

I have a Mikrotik OS installed on a Pentium III 1GHz, with 512MB RAM. It serves an Internet Cafe of 30 workstations for Webproxy (Web-cache) local DNS proxy cache, firewall etc... The problem I have is that, very often, browsers in the Cafe get a Squid message of its inablity to resolve dns for many websites, including http://mail.yahoo.com. When this happens, I run nslookup on any Windows workstation and query some sites, like the yahoo mail url above, get a response (with its ip addresses) and all will be fine, but most times, I receive a time-out message and only a reboot will restore things to proper order. MT is supposed to run unattended. Has any encountered the same problem? Any workarounds, solutions, fixes etc would be highly appreciated. I use Router OS version 2.8.21

CHeck you IP DNS Cache Size. It may be running out of space. You can increase it's size (See User Manual). Also, you may need to reduce the TTL for the IP DNS also, the default is 7days. If your Cache runs out of space, Then the system has to do a lot of work to gain it back.

You might also, write a script the clears the DNS cache every so often.

Well tonnie,

this happend very often if you use transparent proxy over satellite internet.
Try setting you station to use proxy direct, and disable transparent proxy...

Cheers...

I ran into the same problem a couple nights ago. The web-proxy has lost the ability to talk to the DNS resolver, and times out on every site. No new sites are being stored in the DNS cache. I'm running it as a regular proxy, and had to go change the web browsers on a bunch of systems to get them surfing again.

It had been working fine for months with no problems. I'm running 2.8.24 on a 1ghz P3 with 512mb RAM and a 40gb drive. I sent a supout file to MT support. They opened a trouble ticket, but I havn't heard anything else from them. I downloaded and put the 2.8.26 package files on the router to see if it will help. Now, I just need some quiet time to reboot the router and do the upgrade...

This is one of the more frustrating features of MT/OS. I use the MT web proxy and DNS cache but never fully trust them because of problems of this type. I am putting in a separate box (not MT) for DNS cache and we'll see if that fixes it.

I have seen this problem also. We're currently just avoiding the DNS caching.

I updated my router to 2.8.26 and it didn't solve the problem. So, I restored the last backup file (from Feb 27), and rebooted the router. It has fixed the problem. I'm not sure what the config differences were. I'll have to go through it and try to spot any changes. This configuration is talking to the DNS servers using their private IP's, not the public IP's they are NAT'ed to. I'm not sure if that makes a difference.

Well tonnie,

this happend very often if you use transparent proxy over satellite internet.
Try setting you station to use proxy direct, and disable transparent proxy...

Cheers...

Thanks djape for your very insightful observations. I do use transparent proxy, and I have a satellite Internet link (Gilat C-Band). Using transparent proxy is very convinient since I get to force everyone to use the cache, and since I can implement some url and file-type (.exe, .pif, etc) filtering. Let's hope MT will investigate the issue and fix it. I'll probably have to keep rebooting it as a temporal solution for now.

I wonder what Cameron Earnshaw is using for his DNS cache, perhaps I could try it too.

Thanks markon, but my cache size is 8192kB, and that rarely fills up (722kB currently). Is clearing the cache not defeating the goal of caching in the first place? In any case, I'd love to have a cache-clearing script, if you have one.

Thanks to everyone else and Cheers!!!

The answer is yes and no. You must remember, that ISP's who are running DNS units for public Numbers, update their dns servers quite often, but at the same time set their TTL to 10 or 20 days. After 10 years of running Internet Access systems, I have found that you should flush your CACHE every 5 to 7 days. This includes the *#*&#* DNS Cache in Windows 2000, and 2003 servers.

Otherwise, many of the CACHE DNS servers will only refresh their DNS record CACHE after the origonal TTL is expired. A smarter CACHE DNS server should check on the off times all the TTL's and Sequence Record numbers that are CACHED.