Page 1 of 1
DNS Setup
Posted: Sat May 07, 2011 4:56 pm
by inertia
Hello,
I need to setup DNS on my mikrotik (RB1100). The interface between mikrotik and my pc is :
Mikrotik : 192.168.0.113/30
PC : 192.168.0.114/30
I want to setup my mikrotik such that mikrotik resolves the DNS and keep the entry in the cache from future use. I want to use open dns 208.67.220.220.
I have tried doing the following :
IP -> DNS -> Setting
Server : 208.67.220.220 and Allow Remote Requests.
Then when in my pc, i put the address 192.168.0.113 for dns server then dns is not resolving.
What am i doing wrong or what else needs to be done for this to work.
Thanks
Re: DNS Setup
Posted: Sat May 07, 2011 6:16 pm
by pasaka
@inertia setting up dns service on mikrotik is a pretty straight forward configuration, from what I understood there should not be a problem with your configuration, what I suspect there might be a problem with other setting.
1. can you ping 208.67.220.220 from mikrotik..?
2. does your internet connection is properly set up..? test by doing ping to 8.8.8.8 (google dns), check your IP Route setting, make sure there's a route to 0.0.0.0/0 via the default gateway
3. have you forgot to masquerade/src-nat your local network 192.168.0.113/30 so that private ip address can be resolved to your public ip address
good luck..
Re: DNS Setup
Posted: Sat May 14, 2011 11:42 am
by dadoremix
i have strange problem also with DNS from last 3-4 days
i use Mikrotik routerboard 493 mikrotik version 5.2
and all is good, but now not..
my problem is.. SLOW opening web page, when i resolve DNS VIA mikrotik os, and when is DIRECT on modem.. speed is good
Download is good 4 Mbit via mikrotik or direct, that is not problem, but only in DNS
i try restore backup from last mount.. nothing ???
PC is on MS windows 7 x64
only if i downgrade back to 4.x routeros ? but i dont understand.. all is working just fine, and now i have these problem, and i am nothing modified is mikrotik v5.2.
Re: DNS Setup
Posted: Wed May 18, 2011 6:42 pm
by Athan
i have strange problem also with DNS from last 3-4 days
i use Mikrotik routerboard 493 mikrotik version 5.2
and all is good, but now not..
my problem is.. SLOW opening web page, when i resolve DNS VIA mikrotik os, and when is DIRECT on modem.. speed is good
I too have noticed this problem with v5.2 (and 5.1) and my 493G. Whenever DNS resolve is handled by RouterOS own DNS the target website loading time increases a lot. It doesn't occur always though. Sometimes everything works fine but after a while lag reappears; Sometimes it even timeouts before resolving DNS request. Configuring clients to directly use ISP DNS fix this delay issue thus I assume RouterOS cause it.
Re: DNS Setup
Posted: Thu May 19, 2011 12:37 am
by ditonet
I've also noticed similar problem with DNS (ROS 5.2).
IMHO problem is with DNS cache, when it contains hundreds of records.
Try to increase cache size and decrease max. TTL, my current settings are:
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h cache-size=8192KiB max-udp-packet-size=8192 servers=208.67.222.222,208.67.220.220
With these settings everything works good, no problems with DNS at all, when previously customers complained that DNS doesn't work properly.
HTH,
Re: DNS Setup
Posted: Thu May 19, 2011 1:52 am
by Athan
Try to increase cache size and decrease max. TTL, my current settings are:
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h cache-size=8192KiB max-udp-packet-size=8192 servers=208.67.222.222,208.67.220.220
With these settings everything works good, no problems with DNS at all, when previously customers complained that DNS doesn't work properly.
Nice catch ditonet. This workaround might help, but I still think it's very serious issue thus we have to open a case.
Any comment from MT people?
Re: DNS Setup
Posted: Thu May 19, 2011 10:18 am
by ditonet
I don't want to revert back my DNS settings on production routers.
Maybe someone with affected router is able to generate supout.rif and send to MT support.
Regards,
Re: DNS Setup
Posted: Thu May 19, 2011 12:40 pm
by janisk
also, if possible, you could try to time how fast resolve happens and weather there is difference - entry is in the cache or not. Is there difference if you do that through IPv6 or IPv4?
doing digs against test-bed RB800 router
first resolution:
$ time dig cnn.com @mt
[boring part of dns info ommited]
real 0m0.127s
user 0m0.000s
sys 0m0.000s
already cached
$ time dig cnn.com @mt
real 0m0.008s
user 0m0.000s
sys 0m0.000s
entry count on the router:
> ip dns cache print count-only
1255
so what router it is you are running
Re: DNS Setup
Posted: Thu May 19, 2011 1:26 pm
by ditonet
@janisk
There was a problem with RB450G/ROS 5.2, complete DNS lock-up, no response to requests from LAN.
Cache was over 800 records and unfortunately there was no time to make some diagnostics.
Router was accessible and was restarted to let people work.
I've changed DNS settings to keep cache as small as possible and now it works good.
HTH,
Re: DNS Setup
Posted: Mon Mar 04, 2013 9:48 am
by Zapnologica
I am also having the same problem, But mostly with static dns names.
I have added 2 static dns names so that i don't have to type the ip address of my web server, and when using the mikrotik it takes up to 2-5 seconds to resolve the dns name.
I have reverted to just updating the host file on my OS.
Running RB751G-2HnD with RoS 5.23
Cache Size: 2048
Cache Used: 178
I only have 4 static entries on the dns, so this cant be due to large volumes.
Re: DNS Setup
Posted: Sat Mar 16, 2013 10:45 am
by NonesZA
i have strange problem also with DNS from last 3-4 days
i use Mikrotik routerboard 493 mikrotik version 5.2
and all is good, but now not..
my problem is.. SLOW opening web page, when i resolve DNS VIA mikrotik os, and when is DIRECT on modem.. speed is good
Download is good 4 Mbit via mikrotik or direct, that is not problem, but only in DNS
i try restore backup from last mount.. nothing ???
PC is on MS windows 7 x64
only if i downgrade back to 4.x routeros ? but i dont understand.. all is working just fine, and now i have these problem, and i am nothing modified is mikrotik v5.2.
I have the exact same problem:
http://forum.mikrotik.com/viewtopic.php?f=2&t=70408
PC's, Mac and Tablets all have issues with DNS and very slow opening of webpages.
I have tried ROS 5.X and 6RC11 and both give issues.
Does anyone else have any insights?
Im going to try the cache size and ttl fix now.
Re: DNS Setup
Posted: Tue Apr 23, 2013 3:06 pm
by tropicalguy
I have a similar problem with DNS delay and routeros 5.23.
I need a few static addresses for an internal web server.
After a few minutes (not exacly sure how many, maybe 10+) when I ping one of the static names the first ICMP reply gets no response (presumably timedout). The following few pings work fine. Also several minutes later it all works fine. Then after the time internet (10min) the same happens the first ICMP ping fails.
This causes a problem with a web app we're building as the browser prompts to refresh thinking the name cannot be resolved.
I've tried changing the cache size and the TTL but neither seems to help.
I would ditch the routerOS DNS for a Linux host albeit the hotspot DNS names are published so using raw addresses would be a step back. (i.e. people would need to login to the hotspot for the DNS traffic to get through).
Anyone got a fix for routerOS or workarounds?
Thanks
Re: DNS Setup
Posted: Tue Apr 23, 2013 3:29 pm
by felted67
Well, after using 6.0rc1x3/14 I found out, that the "fixed" openDNS-Servers are now placed in the right place.
I used before 5.24 - there the "dynamic server"-field was empty, although I got dynamic dns-servers from my
ISP.
Now with version 6.0rc13/14 the dynamic-field is populated with the right values and the openDNS-servers are on top - as they should....
Greetz......Detlef
Re: DNS Setup
Posted: Tue Nov 05, 2013 6:22 pm
by orcinus
I have added 2 static dns names so that i don't have to type the ip address of my web server, and when using the mikrotik it takes up to 2-5 seconds to resolve the dns name.
Running across the exact same issue on v6.4.
2 static rules, one of them is regexp based (but switching to just the non-regexp one doesn't change things much).
Sometimes it works fine, sometimes it takes 4-5 seconds for resolution.
Curiously, for partial matches to the regexp static rule, Chrome reports the DNS entries in its cache as expired *the moment they get resolved*. As if TTL was 0. The TTL for the static rules on the router are set to 1d.
Edit: Scratch that, i've just had it happen with static rules disabled.
Edit2: If, however, i simply don't use Router OS DNS at all, things behave normally and resolution is fast. So something is definitely bonkers with Mikrotik's DNS.
Re: DNS Setup
Posted: Sun Nov 10, 2013 10:58 am
by nurmia
woa great info.i am finding this. i also set up DNS.
Re: DNS Setup
Posted: Thu Mar 27, 2014 8:04 am
by masseselsev
Any progress on the issue?
Seriously, it's not a joke, 6.11 and still this slooooow DNS bug...
Re: DNS Setup
Posted: Thu Mar 27, 2014 3:49 pm
by maxfava
We are observing the same since 6.10
Re: DNS Setup
Posted: Wed May 28, 2014 9:47 pm
by lexbrugman
Same here with 3 RB450G's (running v6.11, 6.12 and v6.13). When the cache holds a lot of records (hundreds), it starts to fail resolving random names. After a while it will work again, or after manually flushing the cache. Using the dns server directly (bypassing the routers) it works fine.
> ip dns export
# may/28/2014 20:47:37 by RouterOS 6.11
#
/ip dns
set allow-remote-requests=yes cache-size=32768KiB servers=10.0.0.1,10.0.0.2,10.2.0.1,10.1.0.1
Re: DNS Setup
Posted: Mon Jun 02, 2014 10:33 am
by maxfava
For us was a ddos attack to dns ports to our customers that having public ip and redirect the ddos to our main dns.
Re: DNS Setup
Posted: Fri Jun 06, 2014 8:05 am
by chapex
yea, i have the same slowly dns resolv problem. V5.26. if the query is directly, there is no problem!!! any advice?
best regards
Chapex
Re: DNS Setup
Posted: Fri Oct 24, 2014 9:37 pm
by estdata
For us was a ddos attack to dns ports to our customers that having public ip and redirect the ddos to our main dns.
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp