![]() First, if the internet connection is down for a site, then they won't be able to do things like printing a document or accessing files on a local samba share, because there will be no DNS. For this, I would need to write a script that registers DHCP clients with an external DNS server (I don't know the names of all computers that will be connected.) There are some drawbacks. This is the way to the future anyway, because more and more it will become difficult or impossible to force all your client devices to use your own DNS resolver. It will be known by all outside DNS resolvers and it will always work. visznet.hu (or whatever TLD) and use that. visznet but instead register an official domain like. because you have created you own domain and loaded it some local server, there will be problems.Ī good way to avoid such problems is not to invent your own local domain like. So when you have DNS servers that have an incomplete picture of the situation, e.g. There is no "but I have another DNS server in my config, let's ask it there!" in any resolver. for name.domain, it asks a DNS server and when it gets a "no such name" response, that is where the story ends. When a DNS resolver gets a question, e.g. You have some FWD record which should avoid this, but I cannot grasp your entire network config to guarantee that it works OK everywhere. In general you need to understand that every DNS server needs to have the same view of the namespace, or else these problems will always occur. I could run a dns cache flush in every minute from a scheduled script but it would even be better to just disable the cache completely. They go into the negative cache, and then I s**ck again. The first packets are DNS requests in most cases. Even though I set persistent-keepalive to 25sec, my experience is that the first few packets are dropped (for whatever reason) when I try to communicate through the tunnel after a longer time of inactivity. ![]() These sites are connected with wireguard. Experience shows that setting it to 5 minutes (or probably even less) won't solve this problem. After runing "/ip/dns/cache flush" manually, the problem magically went away. I set it to five minutes, but today I faced this problem again. You will not be able to notice the performance difference, especially when you use a high-performance upstream resolver like those with 4 times the same digit in the address (and of course your local servers). ![]() That way you avoid the problems that wrong data is cached for a long time, not only for negative but also for positive results. I advise you to set the MAX TTL in the router not higher than 01:00:00 and when you are serving a lot of systems maybe 00:30:00 or even 00:10:00. Now, here comes the question: how can I change the negative ttl for the DNS server in routeros? I see that there is a cache-max-ttl, but I do not see anything about negative caches. I'm not 100% sure that this happened, but it is probable. And this could have caused the NXDOMAIN negative record to be put into my local router's cache. The remote routeros DNS server might have replied with NXDOMAIN and ttl=1d. But possibly I sent a query to that router BEFORE that name was registered by the dhcp server on the remote side. That problematic name "penztar-pc.visznet" was added to /ip/static/dns on the remote site via dhcp. I can send the whole config but it is quite long.Ĭode: Select all /ip/dns/static> add forward-to=123.123.123.123 regexp=".*\\.testnet" ttl=1m /ip/dns/static> :put įailure: dns server /ip/dns/static> /ip/dns/cache> print detail where name=test.testnetįlags: S - so if the forwarder is not available, then routeros does not add a negative cache record. Code: Select all /ip/dns/static> /ip/dns/static/print detail where type=FWDĤ regexp=".*\.visznet" type=FWD forward-to=192.168.5.254 ttl=1d
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |