I am encountering an issue with DNS over HTTPS (DoH) on my MikroTik router. The error I receive is:
DoH server connection error: while reading - Connection reset by peer
Additionally, when checking the logs, I see repeated DNS query failures and the MikroTik returning messages like "server failure" and "dns query failure". Below is a relevant log snippet:
2025-03-11 12:14:36 dns,packet --- got query from 192.168.88.14![:19902:]()
2025-03-11 12:14:36 dns,packet id:e94e rd:1 tc:0 aa:0 qr:0 ra:0 QUERY 'no error'
2025-03-11 12:14:36 dns,packet question: i.ytimg.com.:AAAA:IN
2025-03-11 12:14:36 dns query from 192.168.88.14: #6746 i.ytimg.com. AAAA
2025-03-11 12:14:36 dns,packet --- got query from 192.168.88.14:40107:
2025-03-11 12:14:36 dns,packet id:aa36 rd:1 tc:0 aa:0 qr:0 ra:0 QUERY 'no error'
2025-03-11 12:14:36 dns,packet question: i.ytimg.com.:A:IN
2025-03-11 12:14:36 dns query from 192.168.88.14: #6747 i.ytimg.com. A
2025-03-11 12:14:36 dns,error DoH server connection error: while reading - Connection reset by peer
2025-03-11 12:14:36 dns done query: #6746 dns server failure
2025-03-11 12:14:36 dns,packet --- sending reply to 192.168.88.14![:19902:]()
2025-03-11 12:14:36 dns,packet id:e94e rd:1 tc:0 aa:0 qr:1 ra:1 QUERY 'server failure'
2025-03-11 12:14:36 dns,packet question: i.ytimg.com.:AAAA:IN
2025-03-11 12:14:36 dns,error DoH server connection error: while reading - Connection reset by peer [ignoring repeated messages]
2025-03-11 12:14:36 dns done query: #6747 dns server failure
2025-03-11 12:14:36 dns,packet --- sending reply to 192.168.88.14:40107:
2025-03-11 12:14:36 dns,packet id:aa36 rd:1 tc:0 aa:0 qr:1 ra:1 QUERY 'server failure'
2025-03-11 12:14:36 dns,packet question: i.ytimg.com.:A:IN
2025-03-11 12:14:36 dns,packet --- got query from 192.168.88.14:58985:
The issue occurs approximately every 10 minutes, and the error consistently appears when using DoH.
Configuration:
MikroTik RouterOS v7.18.1 (Stable)
Uptime: 4d11h40m42s
DNS Configuration:
/ip dns print
servers: 2aXXXXXXX::XXXX
2aXX:XXXX:54::1b:XXXX
use-doh-server: https://XXX.cloudflare-gateway.com/dns-query
verify-doh-cert: yes
allow-remote-requests: yes
Zero Trust: Using Cloudflare's Zero Trust free DoH service.
MikroTik Info:
/system routerboard print
uptime: 4d11h40m42s
version: 7.18.1 (stable)
build-time: 2025-02-28 11:31:28
factory-software: 7.5
free-memory: 647.6MiB
total-memory: 1024.0MiB
cpu: ARM64
cpu-count: 4
cpu-frequency: 864MHz
cpu-load: 0%
free-hdd-space: 90.1MiB
total-hdd-space: 128.0MiB
write-sect-since-reboot: 387745
write-sect-total: 22457471
bad-blocks: 0%
architecture-name: arm64
board-name: hAP ax^2
platform: MikroTik
What I have tried:
Checking if port 443 (HTTPS) is being blocked or filtered by the firewall.
Testing with other DoH servers (Cloudflare, Google, etc.).
Certificates are ok
Verifying DNS settings on MikroTik and confirming that DoH is configured correctly.
Question:
Has anyone encountered this issue before? Is there an additional configuration that may be blocking or causing issues with DoH connections? Any suggestions on how to resolve this problem?
DoH server connection error: while reading - Connection reset by peer
Additionally, when checking the logs, I see repeated DNS query failures and the MikroTik returning messages like "server failure" and "dns query failure". Below is a relevant log snippet:
2025-03-11 12:14:36 dns,packet --- got query from 192.168.88.14
2025-03-11 12:14:36 dns,packet id:e94e rd:1 tc:0 aa:0 qr:0 ra:0 QUERY 'no error'
2025-03-11 12:14:36 dns,packet question: i.ytimg.com.:AAAA:IN
2025-03-11 12:14:36 dns query from 192.168.88.14: #6746 i.ytimg.com. AAAA
2025-03-11 12:14:36 dns,packet --- got query from 192.168.88.14:40107:
2025-03-11 12:14:36 dns,packet id:aa36 rd:1 tc:0 aa:0 qr:0 ra:0 QUERY 'no error'
2025-03-11 12:14:36 dns,packet question: i.ytimg.com.:A:IN
2025-03-11 12:14:36 dns query from 192.168.88.14: #6747 i.ytimg.com. A
2025-03-11 12:14:36 dns,error DoH server connection error: while reading - Connection reset by peer
2025-03-11 12:14:36 dns done query: #6746 dns server failure
2025-03-11 12:14:36 dns,packet --- sending reply to 192.168.88.14
2025-03-11 12:14:36 dns,packet id:e94e rd:1 tc:0 aa:0 qr:1 ra:1 QUERY 'server failure'
2025-03-11 12:14:36 dns,packet question: i.ytimg.com.:AAAA:IN
2025-03-11 12:14:36 dns,error DoH server connection error: while reading - Connection reset by peer [ignoring repeated messages]
2025-03-11 12:14:36 dns done query: #6747 dns server failure
2025-03-11 12:14:36 dns,packet --- sending reply to 192.168.88.14:40107:
2025-03-11 12:14:36 dns,packet id:aa36 rd:1 tc:0 aa:0 qr:1 ra:1 QUERY 'server failure'
2025-03-11 12:14:36 dns,packet question: i.ytimg.com.:A:IN
2025-03-11 12:14:36 dns,packet --- got query from 192.168.88.14:58985:
The issue occurs approximately every 10 minutes, and the error consistently appears when using DoH.
Configuration:
MikroTik RouterOS v7.18.1 (Stable)
Uptime: 4d11h40m42s
DNS Configuration:
/ip dns print
servers: 2aXXXXXXX::XXXX
2aXX:XXXX:54::1b:XXXX
use-doh-server: https://XXX.cloudflare-gateway.com/dns-query
verify-doh-cert: yes
allow-remote-requests: yes
Zero Trust: Using Cloudflare's Zero Trust free DoH service.
MikroTik Info:
/system routerboard print
uptime: 4d11h40m42s
version: 7.18.1 (stable)
build-time: 2025-02-28 11:31:28
factory-software: 7.5
free-memory: 647.6MiB
total-memory: 1024.0MiB
cpu: ARM64
cpu-count: 4
cpu-frequency: 864MHz
cpu-load: 0%
free-hdd-space: 90.1MiB
total-hdd-space: 128.0MiB
write-sect-since-reboot: 387745
write-sect-total: 22457471
bad-blocks: 0%
architecture-name: arm64
board-name: hAP ax^2
platform: MikroTik
What I have tried:
Checking if port 443 (HTTPS) is being blocked or filtered by the firewall.
Testing with other DoH servers (Cloudflare, Google, etc.).
Certificates are ok
Verifying DNS settings on MikroTik and confirming that DoH is configured correctly.
Question:
Has anyone encountered this issue before? Is there an additional configuration that may be blocking or causing issues with DoH connections? Any suggestions on how to resolve this problem?
Statistics: Posted by csurata — Tue Mar 11, 2025 10:05 pm