DNS ALWAYS CRASHES DOWN IN THE NEW VERSION !!!
I already submitted a ticket SUP-117224

What hardware? What was your config?

Pretty broad statement without more info.

The usualclickbait headlinewith the usualfootwritten explanation:

Zero credibility,just bullshit.

A modereator should change this tilte or just delete this message.

Even if there was REALLY a problem written like that crap it's not even helpful for support...

So far nothing has happened to me either with the CHR or with hAP ax²...

Repressed childhood syndrome.

Sooooooo, did noone notice the 0.000 second timeout values?
That automatically fails any dns request made. Same with the 00:00:00 second TTL...

When I see "DO NOT UPDATE!!!", I start to think that this update is bricking devices or other serious problems. But there's just a software bug/misconfiguration. You should correct your title so you will not confuse others.

Those who install beta and rc versions are aware of possible problems. Use only stable or long-term releases if you do not want to take risks.

Sooooooo, did noone notice the 0.000 second timeout values?
That automatically fails any dns request made. Same with the 00:00:00 second TTL...

Maybe if something in that service is broken, settings can't be read and those are the default (not default service values, but default GUI values shown)?
Just saying..

not having any DNS issues for 7.10rc3 on my SXT. It looks like the OP has a misconfiguration, as others have stated.

过去,在一些v6。xx的版本,有一次我have seen the same thing on my router: timeout values suddenly zero, all DNS queries fail.
No idea what has caused it. Of course easy to fix.

What hardware? What was your config?

Pretty broad statement without more info.

RB4011iGS+5HacQ2HnD
The DNS configuration I have been using from 7.1 to 7.9.2 is fine, just upgrade to 7.10, DNS server crashed down

Repressed childhood syndrome.

I just remind everyone to be cautious about upgrading the RC version, you are really showing yourself

When I see "DO NOT UPDATE!!!", I start to think that this update is bricking devices or other serious problems. But there's just a software bug/misconfiguration. You should correct your title so you will not confuse others.

Those who install beta and rc versions are aware of possible problems. Use only stable or long-term releases if you do not want to take risks.

But DNS server crash is a very serious problem in my opinion. Most web pages cannot be accessed and are directly interrupted

Even if there was REALLY a problem written like that crap it's not even helpful for support...

So far nothing has happened to me either with the CHR or with hAP ax²...

DNS configuration I had used in many versions without problems, including the beta version, but when I upgrade to the 7.10 beta or RC version, the DNS service crashes quickly in a short time. I didn't get any useful information from the log.

You're just writing a lot of bullshit, instead of showing your DNS configuration, (a screenshot is not one configuration)
and since you're the only one on the forum that happens,
you're just typing random words without providing anything useful, just misleading to get attention unjustified.

Post your router configuration. Your ENTIRE router config!

In terminal: /export hide-sensitive file=AnyNameYouWish. Then view in a text editor, copy and paste for others to review.

Post your router configuration. Your ENTIRE router config!

In terminal: /export hide-sensitive file=AnyNameYouWish. Then view in a text editor, copy and paste for others to review.

The post is for 7.10rc3, hide-sensitive is only for v6...

But you will see that instead of posting something useful,
he will still write things like that we're all stupid, thank goodness he's reporting these things, and that seeing the configuration is useless...

But DNS server crash is a very serious problem in my opinion. Most web pages cannot be accessed and are directly interrupted

It is not a "DNS server crash", it is configuration of the DNS with unusable parameters.
It would have to be found how that happened, but that likely cannot be traced anymore now.
Just reset the configuration to correct values and be done with it!

In other words, you can trash the DNS service with just setting some unsupported value in some setting that doesn't have input validation?
Interesting.

hide-sensitive is a working export command for me on 7.9.2 and 7.10rc5. Is it just not needed anymore?

In other words, you can trash the DNS service with just setting some unsupported value in some setting that doesn't have input validation?
Interesting.

Yes, the unvalidated unique value is max concurrent queries, setting it to 0, DNS no longer responds...
But it is a setting that is only done manually, it is not the default one, it is a user error that does not know what he does ...
RouterOS can't prevent all user errors...

In other words, you can trash the DNS service with just setting some unsupported value in some setting that doesn't have input validation?
Interesting.

Which is strength and weakness of ros...

it is a user error that does not know what he does...

RouterOS is not a training program...

In other words, you can trash the DNS service with just setting some unsupported value in some setting that doesn't have input validation?
Interesting.

I agree with you that such parameter values, unless they have some special meaning that is useful (like "infinity" or "not checked"), should
not be allowed.
As I wrote before, it happened to me too, way back in 6.3x somewhere, that after an upgrade (I think) these parameters were set to zero.
Maybe it can be explained by some race condition or other error during the upgrade processing?
Anyway, when 0 is not a useful value the code should replace it with the default when it encounters it, and refuse it when the user tries it.

when 0 is not a useful value the code should replace it with the default when it encounters it, and refuse it when the user tries it.

+1

maybe should change title to 7.10 stable,
viewtopic.php?t=197095
I think it's same issue.
I have many forward-to rule in dns-static.
it works on 7.9.2, but random lost happen on 7.10 stable.

Moreover, I have conducted tests and found that if no rules are configured in dns-static, it does not cause this issue.
It seems that the DNS resolver is crashing.

DNS ALWAYS CRASHES DOWN IN THE NEW VERSION !!!

1. This thread is about RC3. If you have problem with Stable make a new thread.
2. What has MT written about your SUP?
3. Title of this thread is just stupid. This version may work for 99% or more of the user out there.

Example tiltle.
Take care, if you have this or that, it may break, so test before upgrade.

Have you use Netinstall and started from a clean configuration? No backup/restore/upgrade?

maybe should change title to 7.10 stable,
viewtopic.php?t=197095
I think it's same issue.
I have many forward-to rule in dns-static.
it works on 7.9.2, but random lost happen on 7.10 stable.

Moreover, I have conducted tests and found that if no rules are configured in dns-static, it does not cause this issue.
It seems that the DNS resolver is crashing.

1.jpg
2.jpg

It's really a random serious problem and I can't catch any useful logs, so I think maybe the DNS server crashed before print logs

DNS ALWAYS CRASHES DOWN IN THE NEW VERSION !!!

1. This thread is about RC3. If you have problem with Stable make a new thread.
2. What has MT written about your SUP?
3. Title of this thread is just stupid. This version may work for 99% or more of the user out there.

Example tiltle.
Take care, if you have this or that, it may break, so test before upgrade.

Have you use Netinstall and started from a clean configuration? No backup/restore/upgrade?

MT has written nothing

I don't use Netinstall and started from a clean configuration because just downgrade to 7.9.2 or an early version without any problem. I think if there is a problem appears, just reinstalling the system will never find the reason.

I think it's same issue.
I have many forward-to rule in dns-static.
it works on 7.9.2, but random lost happen on 7.10 stable.
Moreover, I have conducted tests and found that if no rules are configured in dns-static, it does not cause this issue.

There is no export, but at least you have deigned, not like other fools, to give a minimum of explanations and do some tests.

Thank you.

As a potential workaround block access to dns resolver from WAN port and do not flush dns cache on every ppp reconnect.

As a potential workaround block access to dns resolver from WAN port and do not flush dns cache on every ppp reconnect.

I assume you read about its configuration somewhere, or is it the classic generic rule of not opening DNS to the world?

As a potential workaround block access to dns resolver from WAN port and do not flush dns cache on every ppp reconnect.

Thanks, I try it

do not flush dns cache on every ppp reconnect.

Is a RouterOS instruction (?) or is the habit of some ISP?

As a potential workaround block access to dns resolver from WAN port and do not flush dns cache on every ppp reconnect.

Thanks, I try it

(see, it always works...)

Looking forward to@mrz's kind reply...

So if a user disables the firewall that is there by default,
(or doesn't configure it correctly, since the model was never specified)
allowing the whole world to use the RouterBOARD as a DNS server (and optionally, a DDoS amplifier),
and moreover it sets in the ppp profile that at each reconnection it must unnecessarily delete the DNS cache...

DNS hangs.

I don't think it happens on RouterOS 7.10x only, and that's why so far there has only been 1 (or 2 if the problem is the same) report...

Boys ... ROS connects people ... try to get calm

i know one case with a ccr1036 and ccr2004 with a similar problem starting with 7.9.2, persist after upgrading to 7.10, was escalated to support, waiting for answer

I'm deeply dissatisfied that the forum deleted my reply. On the contrary, the perpetrators' rudeness guys were not punished, In the future, I will not give feedback on any BUG and slowly replace hundreds of devices of Mikrotik in my company including switch. I will no longer promote this brand to my customer. In the end, this serious problem from the first 7.10 beta version including the developed version of 7.10appha44-7.10appha236 lasted until the stable version. Congratulations to @rextended and @anav for their great contribution to Mikrotik in the future.

Congratulations to @rextended and @anav for their great contribution to Mikrotik in the future.

They have done more for the forum than you ever will do.

Just some tip for you.

1. That you do have problem with some does not mean that all do have problem with a releas. I have not seen any problems with my setups.
2. Use a proper title on of your message. DO NOT UPDATE is a title that does not give any information. For me this title is just a click bate.
3. Give as much information as possible. A good diagram. Post config off all devices.
4. Try netinstall and start from scratch.
5. Simplify setup. Remove all that are not needed.
6.尊重他人的论坛。你是一个新人(on this forum). rextended and anav has posted 1000s of good post and have done a lot to help other. They may be some trigger happy, but listen and reply what you are asked for and all will be simpler and you get better support.
7. No one are foring you to use latest version. Do you really need latest version? Why?

I should potentially have read this before 7.10 upgrade too on my CRS310-1G-5S-4S+.
Perhaps the title is inappropriate and should point to the OP DNS issues but they might be valid. I personally cannot use 7.10 stable as I found my ONTi SFP Modules to be read with 255C temperature and ROS shutting them down with for overtemperature protection every couple of minutes. Also my switch sfp-temperature is reported 255C and "temperature" on 255C in "Health" panel. As a result also the fan spinning at >13000rpm.
Downgrading to 7.9.2 resolved the problem entirely:

• board-temperature1: 45C
• board-temperature2: 31C
• cpu-temperature: 46C
• fan1-speed: 0rpm
• psu1-voltage: 23.7V
• sfp-temperature: 25C
• temperature: 25C
• voltage: 23.4V

Sure my ONTi Modules from Aliexpress might be crap. They never reported any temperature and the corresponding line in ROS 7.9.2 is simply displaying empty. But in ROS 7.10 it reports 255C constantly. Not sure if it could be fixed by SFP module upgrade but I also don't know if I could get an upgrade and why the readouts suddenly changed in ROS 7.10. So I am back to 7.9.2 for now.

Anyway, now there is the stable version. I updated to it without issues from ROS6.

Regards.

I will not give feedback on any BUG and slowly replace hundreds of devices of Mikrotik in my company including switch. I will no longer promote this brand to my customer

I think support from community is big part of deciding which technology you want to use along with cost/benefit ratio of performance and features. But deciding to switch technology which can potentially generate more problems/costs just because of certain individuals on forum which are not even officials from brand not sure how wise is that idea, unless there are some other reasons.
You can always set foes in forum CP:

谁能just kill this topic.....

谁能just kill this topic.....

You said what I've been thinking painfully inside for days.

A great example how a "screaming" title irritates forum users. Such threads should be deleted at sight.
A thread title should reflect the problem. Forum users could decide by themselves what to do with this information.

RB5009, got the similar problem since early version of 7.10 (maybe rc4, it is the first version I've tried)
The configuration works well in 7.9.2 but when upgrade to 7.10 stable, dns became stucked every 5-10mins.
I set multiple static FWD records with regexp and address-list values, and forward to dns servers in local network.
当所有静态设置与regexp是禁用的, the problem remains. It may not be the problem of setting regexp or address-list values.
One CPU core keep 100% when stucked, and webfig shows the resources were used by dns resolver.
When it got stucked, DNS settings, static and cache turns blanks.
After about 1mins' stuck or more, the cpu returns normal and the setting and cache values reappears (maybe a restart of winbox was required).
At the time when the dns stucked, I tried upstream local dns resolver, both upstream dns servers work normally.
Currently I have to manually downgrade to 7.9.2 and it returns normal.
Hoping to get fixed, thx.

# jun/17/2023 08:29:41 by RouterOS 7.9.2
# software id = Q5P7-****
#
# model = RB5009UG+S+
# serial number = ***********
/ip dns
set allow-remote-requests=yes cache-max-ttl=2h cache-size=40960KiB \
max-concurrent-queries=200 max-concurrent-tcp-sessions=200 \
max-udp-packet-size=4096 query-server-timeout=1s500ms \
query-total-timeout=5s servers=10.114.0.10,10.114.0.11
/ip dns static
add address-list=service cname=kr.actual.battle.net name=\
prod.actual.battle.net type=CNAME
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*ntp.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*dav.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*time.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*dns.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*srv.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*api.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*welink.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*pay.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*io.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=pop.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=imap.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=smtp.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=mail.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=login.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=appleid.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=idmsa.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=gsa.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*device.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*vpn.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*game.* type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*pumch.cn type=FWD
添加地址列表=服务期待= 10.114.0.10再保险gexp=.*alipay.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*push.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*notify.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*getui.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*talk.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*sns.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*im.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*wns.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*message.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*blued.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*finka.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*chat.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*zoom.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*meeting.* type=FWD
add address-list=sns forward-to=10.114.0.10 regexp=.*weixin.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*passport.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*auth.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*captive.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*img.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*gif.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*pic.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*mi.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*xiaomi.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*miot.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*weibo.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*bing.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*sina.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*static.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*fonts.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*alicdn.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*tbcache.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*meituan.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*dianping.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*toutiao.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*map.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*navi.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*taobao.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*steam.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*read.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*store.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*origin.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*epic.* type=FWD
add address-list=img forward-to=10.114.0.10 regexp=.*jd.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*tube.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*video.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*pod.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*bili.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*hdslb.com type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*mcdn.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*keep.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*youku.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*iqiyi.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*tudou.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*douyin.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*kuaishou.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*zijie.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*byte.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*itunes.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*music.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*xiaohongshu.* type=FWD
add address-list=video forward-to=10.114.0.10 regexp=.*xhscdn.com type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*tracker.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*sandai.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*p2p.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=bt.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=pt.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=download.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=appldnld.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=update.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*pan.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*dist.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*p2sp.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*dbank.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*xunlei.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*88cdn.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*delivery.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*drive.* type=FWD
add address-list=bt forward-to=10.114.0.10 regexp=.*drv.* type=FWD

A great example how a "screaming" title irritates forum users. Such threads should be deleted at sight.
A thread title should reflect the problem. Forum users could decide by themselves what to do with this information.

Bravo. +1

Especially when the problem is leaving the DNS open to the world and constantly clearing the DNS cache...
All things that those with common sense would never do...

当所有静态设置与regexp是禁用的, the problem remains. It may not be the problem of setting regexp or address-list values.

So, why post only the static settings?
Please post full configuration.

I see that some people have troubles with DNS and VPN's, but it is not a enought reason to not update to latest version of ROS for all users. In my case both things I manage on a Raspberry Pi and for it I not have troubles for now.

Regards.

@jasonchen0917

I think I have found the cause of the problem; the issue lies in dns-to-address-list.
Use the code below and it won’t crash anymore:
Because by comparing the logs of RouterOS 7.9/7.9.2 and 7.10,
I found that the RouterOS upgrade did not make too many DNS changes,
I believe MikroTik would reflect additions and changes in the logs.
And 7.10 added the endpoint-independent-nat feature.
This is definitely a major overhaul of the firewall.
And the only connection between DNS and the firewall is dns-to-address-list.
So, I tried turning off dns-to-address-list here, only retaining forward-to.
As a result, up to now, the crash issue has not occurred again.

@mrz
So, I am sure the issue is with dns-to-address-list.
I have already tested and confirmed this on CCR2004/RB5009/RB4011/CHR and other devices.

Changed the title of the topic. Please make informative titles rather than clickbait.

It worked, and thanks for help. I will remains in 7.9.2 since address-list was important for my firewall rules.
The processing of dns static rules were slightly different between 7.9 and 7.10.
Address-list rules in 7.10 stable automatically added query names in comments, the addresses were added as static rules, and no timeout was set. In 7.9 series, the addresses were added as dynamic rules, had a timeout value set, and no comments. Maybe the changes caused the problem?
Hoping to get fixed.

@jasonchen0917

I think I have found the cause of the problem; the issue lies in dns-to-address-list.
Use the code below and it won’t crash anymore:

Code:Select all

/ip dns static set [find where address-list!=""] address-list=""

Because by comparing the logs of RouterOS 7.9/7.9.2 and 7.10,
I found that the RouterOS upgrade did not make too many DNS changes,
I believe MikroTik would reflect additions and changes in the logs.
And 7.10 added the endpoint-independent-nat feature.
This is definitely a major overhaul of the firewall.
And the only connection between DNS and the firewall is dns-to-address-list.
So, I tried turning off dns-to-address-list here, only retaining forward-to.
As a result, up to now, the crash issue has not occurred again.

@mrz
So, I am sure the issue is with dns-to-address-list.
I have already tested and confirmed this on CCR2004/RB5009/RB4011/CHR and other devices.