24 Nov
2020
24 Nov
'20
9:29 a.m.
All,
Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their
gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests.
This traffic is blocked at my firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood
KB3VWG
24 Nov
24 Nov
10:15 a.m.
It is, if one sets 44.60.44.3 as a DNS server on any router. It does not
need to be MikroTik.
Marius, YO2LOJ
On 24.11.2020 11:29, lleachii--- via 44Net wrote:
All,
Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their
gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests.
This traffic is blocked at my firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood
KB3VWG
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
10:30 a.m.
Btw, vou published it as a service in the wiki as a DNS server:
Various Operators/DNS/ dns-mdc.ampr.org (44.60.44.3)
If you don't plan to honor the service, remove that entry. Routers
usually don't have zone setups to be able to differentiate the requests,
so you need to deal with that traffic.
And if you accept the request and respond, at least it would not be
repeated until the expiry of its record TTL (and MT does it correctly by
caching the response).
Basically, by denying the request, you make it worse, since the request
will be repeated endlessly.
On 24.11.2020 12:15, Marius Petrescu via 44Net wrote:
It is, if one sets 44.60.44.3 as a DNS server on any
router. It does
not need to be MikroTik.
Marius, YO2LOJ
On 24.11.2020 11:29, lleachii--- via 44Net wrote:
All,
Can the operator of 44.178.0.0/30 contact me off thread and/or
reconfigure their gateway's public 93.123.xxx.xxx address - as to
stop sending incessant DNS requests. This traffic is blocked at my
firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the
DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags
[none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A?
cloud.mikrotik.com. (36)
09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags
[none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A?
cloud.mikrotik.com. (36)
09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags
[none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A?
cloud.mikrotik.com. (36)
09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags
[none], proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A?
cloud.mikrotik.com. (36)
09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none],
proto UDP (17), length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A?
cloud.mikrotik.com. (36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood
KB3VWG
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
12:54 p.m.
Marius,
Please see the wiki again - I believe you missed an important part:
"44/8 hosts may use as recursive/Client DNS servers"
A late Silent Key dear to all of us told me - and I think we discussed it recently, that
Internet traffic on AMPRGW should be reduced. One method is to not allow the public side
of an AMPR gateway to reach the 44-side of another - as that uses AMPRGW when there should
be a perfectly good route directly to their 44 subnet.
It's my understanding all of our recursive DNS servers are configured like this - if
this is a problem for others too, I will consider allowing your IPENCAP public IPs by
firewall rule to use DNS.
73,
- Lynwood
KB3VWG
PS: That late SK also suggested I'd not open the DNS to public IPs.
-----Original Message-----
From: Marius Petrescu <marius(a)yo2loj.ro>
To: AMPRNet working group <44net(a)mailman.ampr.org>
Cc: lleachii(a)aol.com
Sent: Tue, Nov 24, 2020 5:15 am
Subject: Re: [44net] Non-stop DNS requests
It is, if one sets 44.60.44.3 as a DNS server on any router. It does not
need to be MikroTik.
Marius, YO2LOJ
On 24.11.2020 11:29, lleachii--- via 44Net wrote:
All,
Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their
gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests.
This traffic is blocked at my firewall and using the resources of AMPRGW.
As an FYI and reminder, operators should use 44net IPs to access the DNS service.
(times UTC)
09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17),
length 64)
93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com.
(36)
Is this the normal behavior of a MikroTik device?
73,
- Lynwood
KB3VWG
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1:06 p.m.
All,
You should now be able to perform DNS queries from your gateway with both the Public IP
and a 44 IP as your SRC address.
- KB3VWG
1259
days inactive
1259
days old
5 comments
2 participants
participants (2)
-
lleachii@aol.com -
Marius Petrescu