1

Timeouts on DoH with a Mikrotik device

Hello!

I've been using DoH with AX3 for more than 6 months, and recently started experiencing issues with DNS resolution - timeouts and failures. Here's what it looks like in logs:

 13:21:22 dns,warning DoH max concurrent queries reached, ignoring query
 13:21:22 dns,warning DoH max concurrent queries reached, ignoring query [ignoring repeated messages]
 13:21:24 dns,error DoH server connection error: Idle timeout - waiting data
 13:21:25 dns,error DoH server connection error: Idle timeout - connecting
 13:21:28 dns,warning DoH max concurrent queries reached, ignoring query
 13:21:28 dns,warning DoH max concurrent queries reached, ignoring query [ignoring repeated messages]
 13:21:28 dns,error DoH server connection error: SSL: internal error (6)
 13:21:28 dns,warning DoH max concurrent queries reached, ignoring query
 13:21:28 dns,error DoH server connection error: SSL: internal error (6)
 13:21:28 dns,error DoH server connection error: SSL: internal error (6) [ignoring repeated messages]
 13:21:30 dns,warning DoH max concurrent queries reached, ignoring query
 13:21:31 dns,error DoH server connection error: SSL: internal error (6)
 13:21:31 dns,warning DoH max concurrent queries reached, ignoring query
 13:21:31 dns,warning DoH max concurrent queries reached, ignoring query [ignoring repeated messages]
 13:21:33 dns,error DoH server connection error: Idle timeout - connecting
 13:21:33 dns,error DoH server connection error: Idle timeout - connecting [ignoring repeated messages]
 13:21:33 dns,error DoH server connection error: SSL: internal error (6)
 13:21:34 dns,error DoH server connection error: SSL: internal error (6) [ignoring repeated messages]
 13:21:35 dns,error DoH server connection error: Idle timeout - connecting
 13:21:36 dns,warning DoH max concurrent queries reached, ignoring query
 13:21:36 dns,warning DoH max concurrent queries reached, ignoring query [ignoring repeated messages]
 13:21:38 dns,error DoH server connection error: Idle timeout - connecting
 13:21:40 dns,error DoH server connection error: SSL: internal error (6)
 13:21:41 dns,error DoH server connection error: Idle timeout - connecting
 13:21:43 dns,error DoH server connection error: Idle timeout - connecting [ignoring repeated messages]
 13:30:47 dns,error DoH server connection error: Idle timeout - connecting
 13:30:57 dns,error DoH server connection error: Idle timeout - connecting

My ISP does not do any filtering of the traffic, and when using ISP's DNS servers or 8.8.8.8 everything works just fine. There are no issues visiting regular HTTPS websites as well.

I'm on latest ROS 7.11.2. My DNS configuration:

 /ip/dns> print
                      servers: 8.8.8.8,1.1.1.1
              dynamic-servers: 192.168.1.1
               use-doh-server: https://dns.nextdns.io/ID_HERE/mt-g
              verify-doh-cert: yes
   doh-max-server-connections: 10
   doh-max-concurrent-queries: 50
                  doh-timeout: 10s
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 6s
          query-total-timeout: 15s
       max-concurrent-queries: 150
  max-concurrent-tcp-sessions: 30
                   cache-size: 3048KiB
                cache-max-ttl: 1w
      address-list-extra-time: 0s
                   cache-used: 121KiB

What can I do to troubleshoot that? 

1 reply

null
    • JEFF_ZEVALLOS
    • 1 mth ago
    • Reported - view

    Lo mas triste que NEXTDNS no nos da una solucion

Login to reply

Content aside

  • 1 Likes
  • 1 mth agoLast active
  • 1Replies
  • 1020Views
  • 2 Following