Problema con i DNS

[aaadoctor]

Salve a tutti,
ho un problema sul CRS 125-24G-1S-2Hn.
Quando vado a fare un ping da terminale verso google.it ho questo errore:
"invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
while resolving ip-address: could not get answer from dns server"
Ho già verificato i dns, impostandoli a mano, facendoli acquisire dalla pppoe ma non ho risolto.
Ho provato anche a resettarlo e a riconfigurarlo, ma niente.

Avete qualche idea su come risolvere?

Ha iniziato a dare errore con la versione 6.33 di routerOS, ho provato anche le versioni successive fino alla 6.45rc48

Grazie in anticipo per il supporto.

[xanio]

un export della configurazione?
Poi hai provato a pingare il tuo default gw? e se si, gli ip 8.8.8.8?

Per il resto non saprei cosa dirti non conoscendo la configurazione.

[aaadoctor]

a livello ip tutto ok. Se pingo i DNS 8.8.8.8 rispondono, se invece pingo il nome host esterno no.
Per spiegare brevemente, è impostato come router con 3 connessioni internet e configurazione PCC.
In questa versione dell'export non c'è il DNS perchè ero già in fase di test...

Codice: Seleziona tutto

/interface bridge
add mtu=1500 name=Bridge-Lan
add name=ospiti_bridge
/interface pppoe-client
add disabled=no interface=ether2 max-mru=1480 max-mtu=1480 name=cloud_pppoe \
    password=xxxxx use-peer-dns=yes user=xxxxx@xxxxxxx.xx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=privata supplicant-identity="" \
    wpa2-pre-shared-key=r1camb1amola
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=clienti supplicant-identity="" \
    wpa2-pre-shared-key=cli3ntimar16
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=guest supplicant-identity="" \
    wpa2-pre-shared-key=banco1716
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=italy disabled=no frequency=2417 frequency-mode=regulatory-domain \
    mode=ap-bridge security-profile=privata ssid=stormdrop-wifi
add disabled=no mac-address=D6:CA:6D:FA:87:E5 master-interface=wlan1 name=\
    Clienti security-profile=clienti ssid=stormdrop_cli wds-cost-range=0 \
    wds-default-cost=0
add disabled=no mac-address=D6:CA:6D:FA:87:E6 master-interface=wlan1 name=\
    Guest security-profile=guest ssid=storm_guest wds-cost-range=0 \
    wds-default-cost=0
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.0.100-192.168.0.250
add name=dhcp_pool3 ranges=192.168.22.2-192.168.22.254
add name=VPN-pool ranges=192.168.44.2-192.168.44.10
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Bridge-Lan lease-time=1d \
    name=dhcp1
add address-pool=dhcp_pool3 disabled=no interface=ospiti_bridge lease-time=1d \
    name=dhcp2
/ppp profile
set *FFFFFFFE local-address=192.168.99.1 remote-address=VPN-pool \
    use-compression=no use-mpls=no
/queue simple
add max-limit=512k/512k name=Centralino target=\
    192.168.0.20/32,83.211.227.21/32
/routing ospf instance
set [ find default=yes ] distribute-default=if-installed-as-type-1 \
    redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=\
    192.168.2.2
/interface bridge port
add bridge=Bridge-Lan interface=ether3
add bridge=Bridge-Lan interface=Clienti
add bridge=Bridge-Lan interface=wlan1
add bridge=ospiti_bridge interface=Guest
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no
set 1 dscp-based-qos-dscp-to-dscp-mapping=no
set 2 dscp-based-qos-dscp-to-dscp-mapping=no
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 5 dscp-based-qos-dscp-to-dscp-mapping=no
set 6 dscp-based-qos-dscp-to-dscp-mapping=no
set 7 dscp-based-qos-dscp-to-dscp-mapping=no
set 8 dscp-based-qos-dscp-to-dscp-mapping=no
set 9 dscp-based-qos-dscp-to-dscp-mapping=no
set 10 dscp-based-qos-dscp-to-dscp-mapping=no
set 11 dscp-based-qos-dscp-to-dscp-mapping=no
set 12 dscp-based-qos-dscp-to-dscp-mapping=no
set 13 dscp-based-qos-dscp-to-dscp-mapping=no
set 14 dscp-based-qos-dscp-to-dscp-mapping=no
set 15 dscp-based-qos-dscp-to-dscp-mapping=no
set 16 dscp-based-qos-dscp-to-dscp-mapping=no
set 17 dscp-based-qos-dscp-to-dscp-mapping=no
set 18 dscp-based-qos-dscp-to-dscp-mapping=no
set 19 dscp-based-qos-dscp-to-dscp-mapping=no
set 20 dscp-based-qos-dscp-to-dscp-mapping=no
set 21 dscp-based-qos-dscp-to-dscp-mapping=no
set 22 dscp-based-qos-dscp-to-dscp-mapping=no
set 23 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no
set 25 dscp-based-qos-dscp-to-dscp-mapping=no
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.0.1/24 interface=Bridge-Lan network=192.168.0.0
add address=192.168.1.10/24 interface=ether1 network=192.168.1.0
add address=192.168.3.2/24 interface=ether2 network=192.168.3.0
add address=192.168.2.2/24 interface=ether4 network=192.168.2.0
add address=192.168.22.1/24 interface=ospiti_bridge network=192.168.22.0
add address=192.168.30.1 interface=cloud_pppoe network=192.168.30.1
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether24
add comment="default configuration" dhcp-options=hostname,clientid interface=\
    ether1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=8.8.8.8 gateway=192.168.0.1
add address=192.168.22.0/24 dns-server=8.8.8.8 gateway=192.168.22.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=0s query-server-timeout=0ms \
    query-total-timeout=0ms
/ip firewall filter
add chain=forward comment="Accetto le connessioni gi\E0 stabilite" \
    connection-state=established,related
add action=drop chain=forward comment="Blocco le connessioni invalite" \
    connection-state=invalid
add action=tarpit chain=input comment=\
    "Blocco della porta del PPTP VPN se non autorizzati" dst-port=1723 \
    protocol=tcp src-address-list=!Allowed
add action=drop chain=forward dst-address=192.168.0.0/24 in-interface=\
    ospiti_bridge
add action=tarpit chain=input dst-port=80 protocol=tcp src-address-list=\
    !Allowed
/ip firewall mangle
add chain=forward in-interface=Bridge-Lan src-address=192.168.0.0/24
add chain=prerouting dst-address=192.168.0.0/24 in-interface=!Bridge-Lan
add chain=prerouting dst-address=192.168.1.0/24 in-interface=Bridge-Lan
add chain=prerouting dst-address=192.168.2.0/24 in-interface=Bridge-Lan
add chain=prerouting dst-address=192.168.3.0/24 in-interface=Bridge-Lan
add chain=prerouting dst-address=192.168.20.0/24 in-interface=Bridge-Lan
add chain=prerouting dst-address=192.168.44.0/24 in-interface=Bridge-Lan
add action=mark-routing chain=prerouting comment=\
    "Address List - Uscire Telecom" dst-address-type=!local in-interface=\
    Bridge-Lan new-routing-mark=to_Telecom passthrough=no src-address-list=\
    Uscire_Telecom
add action=mark-routing chain=prerouting comment="Address List - Uscire MIMO" \
    dst-address-type=!local in-interface=Bridge-Lan new-routing-mark=\
    to_Eutelia2 passthrough=no src-address-list=Uscire_MIMO
add action=mark-routing chain=prerouting comment=\
    "Address List - Uscire COREGLIA" dst-address-type=!local in-interface=\
    Bridge-Lan new-routing-mark=to_Eutelia passthrough=no src-address-list=\
    Uscire_COREGLIA
add action=mark-connection chain=prerouting comment="Mark Connection INPUT" \
    connection-mark=no-mark in-interface=ether1 new-connection-mark=\
    Eutelia_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether4 new-connection-mark=Eutelia2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=cloud_pppoe new-connection-mark=Telecom_conn
add action=mark-connection chain=prerouting comment=\
    "Mark Connection OUTPUT - PCC" connection-mark=no-mark dst-address-type=\
    !local in-interface=Bridge-Lan new-connection-mark=Telecom_conn \
    per-connection-classifier=both-addresses:3/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=Bridge-Lan new-connection-mark=\
    Eutelia2_conn per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=Bridge-Lan new-connection-mark=\
    Eutelia_conn per-connection-classifier=both-addresses:3/1
add action=mark-routing chain=prerouting comment="Mark Routing" \
    connection-mark=Eutelia_conn in-interface=Bridge-Lan new-routing-mark=\
    to_Eutelia
add action=mark-routing chain=prerouting connection-mark=Eutelia2_conn \
    in-interface=Bridge-Lan new-routing-mark=to_Eutelia2
add action=mark-routing chain=prerouting connection-mark=Telecom_conn \
    in-interface=Bridge-Lan new-routing-mark=to_Telecom
add action=mark-routing chain=output comment=\
    "Mark Routing - Traffico generato dal router" connection-mark=\
    Eutelia_conn new-routing-mark=to_Eutelia
add action=mark-routing chain=output connection-mark=Eutelia2_conn \
    new-routing-mark=to_Eutelia2
add action=mark-routing chain=output connection-mark=Telecom_conn \
    new-routing-mark=to_Telecom
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether4 to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=cloud_pppoe to-addresses=\
    0.0.0.0
add action=masquerade chain=srcnat dst-address=192.168.3.0/24 out-interface=\
    ether2 to-addresses=0.0.0.0
/ip firewall service-port
set sip disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1 max-cache-size=none
/ip route
add check-gateway=ping distance=4 gateway=62.94.58.1 routing-mark=to_Telecom
add check-gateway=ping distance=2 gateway=192.168.20.1 routing-mark=\
    to_Eutelia2 target-scope=30
add check-gateway=ping distance=3 gateway=192.168.10.1 routing-mark=\
    to_Eutelia target-scope=30
add check-gateway=ping distance=1 gateway=\
    192.168.20.1,192.168.10.1,62.94.58.1 target-scope=30
add check-gateway=ping distance=1 dst-address=192.168.10.1/32 gateway=\
    192.168.1.1
add check-gateway=ping distance=1 dst-address=192.168.20.1/32 gateway=\
    192.168.2.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/lcd
set enabled=no touch-screen=disabled
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Rome
/system identity
set name=PortaSaponette
/system leds
set 0 interface=wlan1
set 1 interface=sfp1
/system logging
add action=disk topics=critical
add action=disk disabled=yes topics=error
add action=disk disabled=yes topics=info
add action=disk disabled=yes topics=warning
/system ntp client
set enabled=yes primary-ntp=193.204.114.105
/system package update
set channel=release-candidate
/tool graphing interface
add interface=cloud_pppoe
add interface=ether1
add interface=ether4
/tool mac-server
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5


[ppraz]

Non hai settato i dns

Codice: Seleziona tutto

/ip dns
set allow-remote-requests=yes cache-max-ttl=0s query-server-timeout=0ms \
    query-total-timeout=0ms

Devi aggiungere

Codice: Seleziona tutto

/ip dns set servers=8.8.8.8,8.8.4.4


[xanio]

Ppraz ha ragione, ma tu hai detto che li avevi eliminati tu, quindi sia con che senza non riesci a risolvere i nomi?

[aaadoctor]

Giusto, soprattutto CON, non riesco a risolvere i nomi...

[ppraz]

Allora, sicuramente un server DNS devi darglielo.
Poi bisogna capire come mai esso non ti risponde.
Io procederei così:
- imposta un solo dns, 8.8.8.8
- tool trace 8.8.8.8
così capisci da dove esce la connessione verso 8.8.8.8
Vedo infatti che hai diversi gateway, se il ping è originato dal router in questione non devi vedere quelli che hanno "routing mark", ma gli altri che sono:

Codice: Seleziona tutto

add check-gateway=ping distance=1 gateway=\
    192.168.20.1,192.168.10.1,62.94.58.1 target-scope=30


Ora tu NON hai ip su quelle classi (vedendo la sezione

Codice: Seleziona tutto

/ip address
add address=192.168.0.1/24 interface=Bridge-Lan network=192.168.0.0
add address=192.168.1.10/24 interface=ether1 network=192.168.1.0
add address=192.168.3.2/24 interface=ether2 network=192.168.3.0
add address=192.168.2.2/24 interface=ether4 network=192.168.2.0
add address=192.168.22.1/24 interface=ospiti_bridge network=192.168.22.0
add address=192.168.30.1 interface=cloud_pppoe network=192.168.30.1

quindi ovviamente non hai modo di uscire...
confermi?

[aaadoctor]

Allora.. io esco, perchè i gw 192.168.20.1 e 192.168.10.1 sono raggiungibili nello scope=30

Codice: Seleziona tutto

add check-gateway=ping distance=1 dst-address=192.168.10.1/32 gateway=\
    192.168.1.1
add check-gateway=ping distance=1 dst-address=192.168.20.1/32 gateway=\
    192.168.2.1

Per quanto riguarda il traceroute sul dns 8.8.4.4 impostato sul router ho questo risultato

Codice: Seleziona tutto

[admin@PortaSaponette] > /tool traceroute address=8.8.4.4
# ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST
1 192.168.1.1                        0%  360   0.5ms     0.5     0.4     1.4
2 62.94.58.1                         0%  360  64.3ms    37.3     8.7   198.7
3 212.90.3.180                       0%  360  45.3ms    37.5    15.5   191.6
4 212.90.3.180                       0%  360  20.2ms    40.2    15.4   206.7
5 217.29.66.96                       0%  360    41ms    39.1    15.8   209.3
6 72.14.237.99                       0%  360  37.6ms      41    15.6   205.9
7 8.8.4.4                            0%  359  24.2ms    37.2    15.8     171
-- [Q quit|D dump|C-z pause]


Anche perchè se faccio un ping verso il dns utilizzando l'ip 8.8.4.4 ho questo risultato

Codice: Seleziona tutto

[admin@PortaSaponette] > ping 8.8.4.4
  SEQ HOST                                     SIZE TTL TIME  STATUS           
    0 8.8.4.4                                    56  58 23ms
    1 8.8.4.4                                    56  58 16ms
    2 8.8.4.4                                    56  58 38ms
    3 8.8.4.4                                    56  58 84ms
    sent=4 received=4 packet-loss=0% min-rtt=16ms avg-rtt=40ms max-rtt=84ms

quindi, riassumendo:
- se al dhcp server imposto un DNS esterno, i pc collegati al router funzionano correttamente anche su internet;
- se dal router faccio un ping verso un indirizzo ip, funziona;
- se dal router chiedo di pingare o fare un traceroute verso www.google.it mi ritorna questo errore

Codice: Seleziona tutto

[admin@PortaSaponette] > /tool traceroute address=www.google.it
invalid value for argument address:
    invalid value for argument ip-address
    invalid value for argument ipv6-address
    while resolving ip-address: could not get answer from dns server


[aaadoctor]

nessuna idea?

[xanio]

hai provato a fare

Codice: Seleziona tutto

/tool traceroute google.it

e un

Codice: Seleziona tutto

ping google.it