Access to DNS from OpenVPN clients

danilabagroff · Wed Nov 15, 2017 11:33 am

Hi!

I have two OpenVPN clients, but just one of them(Windows10) can use Mikrotik's(10.1.0.1) DNS.

From Windows 10

C:\test>nslookup printer.mega 10.1.0.1
╤хЁтхЁ:  gw1.mega
Address:  10.1.0.1

Не заслуживающий доверия ответ:
╚ь :     printer.mega
Address:  10.1.0.3

From DD-WRT

root@gw2:/tmp/etc# nslookup printer.mega 10.1.0.1
Server:    10.1.0.1
Address 1: 10.1.0.1 ca.mega

nslookup: can't resolve 'printer.mega'

All clients are definitely can access 53 tcp-port.
Allow Remote Request is also checked in WebFig.

What I should check?

blajah · Wed Nov 15, 2017 6:08 pm

By default DNS uses UDP/53 not TCP. Does your firewall allows DNS queries from outside? Actually it does, if it works on WIN10. There must be issue with DDWRT setup, Hows your OVPNs IP Network described? Do you have DNS Servers in PPP Profile?

danilabagroff · Thu Nov 16, 2017 11:17 am

By default DNS uses UDP/53 not TCP. Does your firewall allows DNS queries from outside? Actually it does, if it works on WIN10. There must be issue with DDWRT setup, Hows your OVPNs IP Network described? Do you have DNS Servers in PPP Profile?

Thank you for the reply.

[root@gw1] /ppp profile> print  
 1   name="openvpn1" local-address=10.7.0.1 remote-address=openvpn1 bridge=openvpn1 use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=default use-upnp=default 
     address-list="" dns-server=10.1.0.1 on-up="" on-down=""

blajah · Thu Nov 16, 2017 10:03 pm

Well, i doubt its issue on MT side. I do not have a way to test whats with DDWRT settings, but can you point ( just for testing purposes) DNS servers of DDWRT to mikrotik and then test resolving,
Do you have some DNS Proxy on DDWRT or some catch-all-DNS firewall rule, or some similar mechanism?

Access to DNS from OpenVPN clients

Access to DNS from OpenVPN clients

Re: Access to DNS from OpenVPN clients

Re: Access to DNS from OpenVPN clients

Re: Access to DNS from OpenVPN clients