Hello everyone,

I'm having problems with this setup:
I have two devices: Mikrotik and a PC with Windows Server 2012 R2

Mikrotik:
- DHCP, DNS, etc
WS2012:
- DOMAIN CONTROLLER and DNS

In mikrotik I set the dns configuration to go to the DC and in the DC I set a configuration to forward all requests that the DC can't resolve to Mikrotik.

Also, I figured out that if I set static dns entry in mikrotik, a single computer can't resolve that as expected because he can't reach the mikrotik dns.

I'm not expert neither professional in this area, I hope someone can help me with this.
Maybe this is not the recommended way to implement, a DC and DNS in different equipments.
I'm also open to hear other recommendations about other ways to do this.

I had the same problem a while back and the easiest way to fixed it and other problems I was having is to have the Windows Server be your DHCP and DNS server and then have your Mikrotik do DHCP Relay.

For example if you have your server have an IP address of 192.168.1.5 and you Router has a IP address of 192.168.1.1
So your Server DNS Settings should be
DNS1:192.168.1.5
DNS2:192.168.1.1
Gateway: 192.168.1.1
And when you setup DHCP in your Server you put the same settings in there so when your computers go get a IP address from the Server it will get the DNS Settings.

And on your Mikrotik you should put public DNS like
DSN1: 8.8.8.8
DNS2: 8.8.4.4

Let me know if that helped you. Or if you would like more information.
In the Windows Networking world, it makes it a lot easy if you have a DC to make your windows Servers be your DHCP and DSN Servers as well.

I understand why you want Mikrotik to be the second DNS server, but in Windows AD this is not good idea. You should configure Windows AD DCs as only DNS servers for your LAN. You can then configure Windows DNS to forward requests to your provider's DNS servers directly, or to Mikrotik. On Mikrotik use only provider's DNS servers, don't mess with internal servers.

All of these suggestions are good, if you have a Microsoft AD environment you should not be using DNS or DHCP on the MikroTik for domain joined clients. It would be ok to use the MikroTik to relay and cache requests to another upstream DNS server but to reduce complexity I'd just have the AD servers perform upstream lookups and caching themselves. Ideally, you should stand up a second AD DNS server if you are worried about redundancy. Starting in Server 2012R2 and beyond you can also deploy DHCP in a redundant fashion without leveraging scope separation or overlap.

Sorry for bringing up an old thread, but I recently wrote an article on how you can run AD DNS on a MikroTik router.

Of course, standard disclaimer applies -- you should not be doing it in an environment where:

1. You have more than one domain and/or forest
2. You need dynamic DNS updating to work
3. You want to use DNSSEC
4. You use domain controller replication

However, the setup I describe in my article is totally OK for home or lab single-forest-single-domain setup where dynamic DNS updates from client miachines and DNSSEC are not necessary.

With DNS and DHCP on MikroTik you don't lose network connectivity (because of no DNS service) while your DC is installing Windows updates.

Here is the link if anyone is interested:
https://levicki.net/articles/2021/05/02 ... router.php