All,
Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests. This traffic is blocked at my firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood KB3VWG
It is, if one sets 44.60.44.3 as a DNS server on any router. It does not need to be MikroTik.
Marius, YO2LOJ
On 24.11.2020 11:29, lleachii--- via 44Net wrote:
All,
Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests. This traffic is blocked at my firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood
KB3VWG _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Btw, vou published it as a service in the wiki as a DNS server:
Various Operators/DNS/ dns-mdc.ampr.org (44.60.44.3)
If you don't plan to honor the service, remove that entry. Routers usually don't have zone setups to be able to differentiate the requests, so you need to deal with that traffic.
And if you accept the request and respond, at least it would not be repeated until the expiry of its record TTL (and MT does it correctly by caching the response).
Basically, by denying the request, you make it worse, since the request will be repeated endlessly.
On 24.11.2020 12:15, Marius Petrescu via 44Net wrote:
It is, if one sets 44.60.44.3 as a DNS server on any router. It does not need to be MikroTik.
Marius, YO2LOJ
On 24.11.2020 11:29, lleachii--- via 44Net wrote:
All,
Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests. This traffic is blocked at my firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood
KB3VWG _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Marius,
Please see the wiki again - I believe you missed an important part:
"44/8 hosts may use as recursive/Client DNS servers"
A late Silent Key dear to all of us told me - and I think we discussed it recently, that Internet traffic on AMPRGW should be reduced. One method is to not allow the public side of an AMPR gateway to reach the 44-side of another - as that uses AMPRGW when there should be a perfectly good route directly to their 44 subnet.
It's my understanding all of our recursive DNS servers are configured like this - if this is a problem for others too, I will consider allowing your IPENCAP public IPs by firewall rule to use DNS.
73,
- Lynwood KB3VWG
PS: That late SK also suggested I'd not open the DNS to public IPs.
-----Original Message----- From: Marius Petrescu marius@yo2loj.ro To: AMPRNet working group 44net@mailman.ampr.org Cc: lleachii@aol.com Sent: Tue, Nov 24, 2020 5:15 am Subject: Re: [44net] Non-stop DNS requests
It is, if one sets 44.60.44.3 as a DNS server on any router. It does not need to be MikroTik.
Marius, YO2LOJ
On 24.11.2020 11:29, lleachii--- via 44Net wrote:
All,
Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests. This traffic is blocked at my firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood
KB3VWG _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
All,
You should now be able to perform DNS queries from your gateway with both the Public IP and a 44 IP as your SRC address.
- KB3VWG
-
lleachii@aol.com -
Marius Petrescu