I have 2 + externals. It EATS DNS. An no, its not firewall rules, that unit has none as I thought maybe my access rules were the issue. I stripped it down to nothing but routing and nope still will end up doing it.
/insert "You shall not pass" meme here On Tue, Sep 4, 2012 at 3:09 PM, Chupaka <[email protected]> wrote: > That's why you should have 2 DNS not to have a downtime ;) > > > 2012/9/4 Jeromie Reeves <[email protected]> > >> I feel ya guys. My core MT randomly forgets how to do DNS at all. >> Takes a reboot to fix it. Tried everything from 3.16ish up to beta6. I >> am tempted to buy a Cisco! Right now I reboot the core at 3am once a >> week, no more issue and about 25 seconds of downtime. >> >> >> On Tue, Sep 4, 2012 at 6:17 AM, Mike Hammett <[email protected]> >> wrote: >> > I woke up today to having problems between my internal networks and one >> of my DNS servers. It ended up being a NAT problem. >> > >> > I think I got it. Half of the problem was the same I was having >> yesterday... pings when everything should be working weren't going through. >> Well, on one computer. For some reason the computer learns a certain route >> to a destination and maintains that no matter what. >> > >> > >> > >> > ----- >> > Mike Hammett >> > Intelligent Computing Solutions >> > http://www.ics-il.com >> > >> > ----- Original Message ----- >> > From: "Mike Hammett" <[email protected]> >> > To: "Mikrotik discussions" <[email protected]> >> > Sent: Sunday, September 2, 2012 5:55:20 PM >> > Subject: [Mikrotik] *&^$#%*&^%$ >> > >> > Hopefully that subject made it past your SPAM filters, but that's how I >> feel. >> > >> > I did so much in rage, chances are, I caused my own problems throughout >> the day. >> > >> > I had my main switch fail this morning. It had VLANs mapped for all >> kinds of stuff (about 15 - 20 VLANs). Of course no one open had a 48 port >> managed GigE switch. I set out to reconfigure existing stuff to work. >> > >> > The RB250GS is an absolute pain in the ass. I don't know why I even have >> them. They couldn't handle a complex VLAN setup to save their lives. >> > >> > I got everything online after several hours through my RB1200, which had >> to be reconfigured in many areas so that everything would work. I split the >> important VLANs off to their own interfaces to reduce the configuration >> load on my RB250GS. I'm doing traceroutes and pings to make sure all >> services and devices are up and running. >> > >> > I notice something odd in my pings out to the net. Traffic goes through, >> but pings have a redirect error. I had to figure out why. I fixed it by >> breaking a bridge that I had on my 1200, which broke the Internet service >> altogether. I ended up fixing it by changing some NAT rules. Well, for the >> internal traffic. Servers on public IPs never missed a beat once I got rid >> of that redirect error. >> > >> > I had one hell of a time coming to this conclusion because traceroutes >> and pings were not consistent. I have no default route on my internal, >> private IP range, only on my public IPs. Traceroutes out to an off-net >> public IP would head out my router through my internal network and end up >> failing. >> > >> > If there is no default route pointing to a given IP address, why did >> traffic go there? I was under the assumption that if there were no default >> route in that OSPF area, traffic would just die. >> > >> > Once I figured out that my NAT rules were to blame (they weren't >> matching correctly after the changed interfaces), I solved that problem. >> However, traceroutes to two different off-net public IPs would take two >> different routes. One would go the correct direction, while the other would >> continue to go down the private IP path. Of course most of the day I had >> been testing to the one that now wasn't working. >> > >> > How? >> > >> > God only knows how many times in my testing could the service possibly >> been working just fine, but my computer was decided to go down the old path >> still. >> > >> > I may have missed some things, but I'm tired of typing it all out, so >> I'm done for now. :-p >> > >> > >> > >> > ----- >> > Mike Hammett >> > Intelligent Computing Solutions >> > http://www.ics-il.com >> > >> > _______________________________________________ >> > Mikrotik mailing list >> > [email protected] >> > http://www.butchevans.com/mailman/listinfo/mikrotik >> > >> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > _______________________________________________ >> > Mikrotik mailing list >> > [email protected] >> > http://www.butchevans.com/mailman/listinfo/mikrotik >> > >> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://www.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://www.butchevans.com/pipermail/mikrotik/attachments/20120905/8a9b441e/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
