MikroTik

Hi,
I am struggling with DNS setup for my local domains.

• ether1 is my WAN interface and is currently connected via DHCP to my AVM Router; RB3011 gets a IP Adress from the Router

• DNS-Server is the IP Address from the AVM Router

• currently no firewall rules are defined in RB3011

• There are 3 vlans running on bridge1, each with a dhcp server

vlan1: 172.16.1.0/24; vlan1.home.mydomain.de
vlan10: 172.16.1.0/24; vlan1.home.mydomain.de
vlan20 : 172.16.1.0/24; vlan1.home.mydomain.de

Internet works fine from the vlans with AVM router as DNS Server. I can ping the clients accross the vlans with their ip-address but I cannot use the FQDN. What do I have to do to get this working?
I can see the hostnames in the Leases of the DHCP server.
Christian

In any case, your DNS resolver (AVM Router) would have to know about these hostnames. If it can set static entries, it would be easy to add them, if you'd have static config (DHCP reservations) in LANs. If you'd want it automatic, it should be possible on RouterOS side with lease script, but you'd also need some kind of API on AVM router, so that the records could be updated from RB3011. If it's not possible, you could use RB3011 as resolver and update records there.

Have a look if you AVM fritzbox can be set to be a bridge so it only takes care of your internet connection.

Hi,
thank for reply. I am not sure if I understood correctly:

The FritzBox will run as the "main" Router only for testiing until RB is prepared for connecting to the WAN. After that i will get a DNS Server from ISP for the internet queries.
Does it mean, that the RB will take over the internal DNS function automatically if i will remove the FritzBox? Or do I have to configure an internal DNS Server on the RB for my local network.

Thanks,
Christian

Hi,
it seems to be that Iam to stupid to understand the DNS stuff.

• Reset config without Default config.

• setup a network on Ether2 with 172.16.1.0/24

• ether1 (WAN) not connected

• bridge all ether ports

• no firewall rules installed

• setup dhcp server on same network

• setup dhcp gw with 172.16.1.1

• setup dhcp option "domain" with home.mydomain.de

• setup dns with 172.16.1.1

• client1 (linux )and client2 (windows) configured with dhcp, will get an ip from dhcp server

my tests

• I can ping ip address from client1, it works as expected

• I can ping "client1" with hostname, it works expected

• I can ping "client2" with hostname, it works expected

• I cannot ping client1.home.mydomain.de

• I cannot ping client2.home.mydomain.de

• ipconfig /all shows the DNS-Suffix of home.mydomain.de on client 2

• hostname -f shows only the hostname, domain is unknown (client1).

my question:

• why does the dns server not resolve the FQDN of my clients in the network?

• why does client1 not show the dns-suffix from the dhcp server on rb30122?

• how can I solve the issue?

Christian

DNS is just like a phonebook. You have to make clear for yourself if you have the correct phonebook and where it lays and who can look into it.

As soon you use .de your DNS will look outside the router on the Internet. You are looking in a phonebook that is not in the fritz.box
RouterOS has an static DNS sever section in which you can overwrite specific domain names (cheating) that are stated in the static DNS.

The fritz.box can only do that for domains that defined and you can try to state your specific domain in Rebind part in the fritz.box

Hi,
please forget the "Fritte". The fritzbox is actually disconnected. I only have a local LAN without connection to the www.
But if I understood it correctly, i have to add all my local clients manually to the "phonebook" of my RB3011-DNS-Server. I thought that the dhcp server will add them automatically. Isn´t it the cas?

A manually setup for clinets with static IPs is really understandable. but not for the dhcp clients in my local network. This must be done automatically, or not?

Christian

The Fritz.box did that for you.

You have to put the adress and domain name in the static DNS and if the match the client request the IP will be returned. For existing domain names not matching the static DNS will be requested on the Internet once connected.

The DNS provide by your ISP is called peer DNS. You can also enter your own DNS supplier there.

maybe an script that update an static dns entry for each machine when get dhcp lease

Hi all,
hm! Let me try to explain it in annother way!

The Fritzbox will not be there in future and will be replaced by the Mikrotik Router. Later, the Fritzbox should run as PBX in Ip-client mode and is only a "slave" on a separate Voip-vlan.
I cannot believe, that there is no way, to configure a local DNS Server on the RB3011 which is able to support my local domain with DNS queries and is able to resolve my local domain-clients in "home.mydomain.de" which get their ip-adress and the domain suffix from the dhcp-server on the RB.

Only for testing purpose, I build up a very simple "test environment" with the RB3011 and two clients on the same subnet. There is no connection to the Fritzbox and no connection to the Internet via ether1 Only a simple local setup in order to test the behavior of DNS...but it doesn´t work

If I am completely wrong and there is no way to get this working with Router OS, please try to give me the right hint because:
The same setup with a Fritzbox works. The only difference is the domain. This is the common Domain "fritz.box"? What is different between both configurations? Sorry, but I do not understand this?

Christian

I cannot use Mikrotik DNS for my internal nets either. Wether this is caused by missing knowledge or missing functionality may be concluded by others. I solved the issue by using the built-in DNS-Server of my NAS, leaving Mikrotik to take care of the public DNS-Servers only.

Hi,
is this really the case? There is no way to configure a local DNS on Router OS?
I have not expect this and I cannot believe it! There must be a way and i guess this is missing knowledge on my side. I count on the experts in the forum, to give me the right hint.

Christian

The Mikrotik has no build-in DNS server but is very flexible in the DNS functions.

Going back to your client IP. You request this from the DHCP sever and mostly the IP is the same and if not you can make that IP static. Open line - copy - - eneter wished IP - remove original - save copy

Now you can enter that IP with the wished domainname.de in the static DNS. Remember to set the IP of the Mikrotik as DNS sever in your clients. Automatically is done by putting that information into the DHCP server defaults in the Mikrotik.

The Mikrotik sits between your clients and the final DNS server (peer) and as soon it sees a matching subdomain.domain.de it gives back the information in the static and not from the final DNS server.

I did also come from a fritz.box to Mikrotik router and the first time the learning curve is very steep but you never want to back.

https://wiki.mikrotik.com/wiki/Manual:IP/DNS

Yet another DHCP to DNS script

That is great and that is for later. AVM automates a lot so basic knowledge is not transfered.

Christiaan please take care that your DNS is not open to requests from the internet.

Note: If allow-remote-requests is used make sure that you limit access to your server over TCP and UDP protocol.

Take your time and you learn the best from your mistakes. The scripts provided by others you can use in /system - scheduler

Hi,
is this really the case? There is no way to configure a local DNS on Router OS?
I have not expect this and I cannot believe it! There must be a way and i guess this is missing knowledge on my side. I count on the experts in the forum, to give me the right hint.

Christian

You can type in the Menu Winbox ROS IP-DNS-DNS static (/ip dns static>), address you want and the FQDN for example client1.home.mydomain.de IP address 172.16.1.xxx (Of course, you must mark "Allow Remote Requests."
I have a script that runs every 5 minutes and reads information from DHCP Lease and writes FQDN to Static DNS.
Link Scripts Example:
https://wiki.mikrotik.com/wiki/Setting_ ... DHCP_lease
Now I see. Msatter answered and explained clearly

Hi all,
thank you so much for support. Seems to be that there is a workaround for the "issue". I will check it tomorrow.

Let me summarize what I understood in own words (for "script edition"):

• setup local DNS server with Router IP and enable "allow-remote-requests"

• setup DNS-Server (Router IP) in DHCP options for the specific network

• setup schedular with one of the scrips above

• if WAN is connected, make sure that access is limited for local DNS server in terms of TCP and UDP protocol.

Only a few questions left:
I am planning to setup 8 vlans (admin, voip, smarthome, office, iptv, etc), each on a different subnet.

• Does it mean I have to run the script for each dhcp-network?

• Does it make sense to create 8 domain-suffixes, for each vlan an own suffix (vlan1.mydomain.de; vlan10.mydomain.de....) or is it better, regarding "Network-Design-Rules", to configure a single domain-suffix for all subnets (internal.mydomain.de)?

Thanks for support,
Christian

The fritz.box, which you are using for VOIP has no option to set VLAN. DNS knows only IP no VLAN, so you use the IP. If your domain is only internal then I suggest that you use .local instead of .de because .de is kept in the DNS on the Internet.

VLAN is separating the networks and subnets also do that as long you do not enable routing/GW between them.

Hi,

The fritz.box, which you are using for VOIP has no option to set VLAN. DNS knows only IP no VLAN, so you use the IP. If your domain is only internal then I suggest that you use .local instead of .de because .de is kept in the DNS on the Internet.

Yes, that´s true!
The idea is, to assign an utagged port of the Mikrotik for the Fritzbox. The Box will receive an IP from this vlan, if the Box runs in IP-Client Mode. All the local Fritzbox Ports (WLAN included) will host the vlan and I can connect the IP Phones to this Subnet. I hope this will work!

What exactly do you mean with this:

VLAN is separating the networks and subnets also do that as long you do not enable routing/GW between them.

My intention is, to make the LAN much more secure in order to move specific clients in a separate vlan. E.g., it does not make sense to have SmartHome devices in the same subnet together with Xbox, PlayStation and Co.
For some other clients,I think, it also makes sense, to spend them an own vlan (Sonos Multiroom-Device) but the players should have access to the internet and to the NAS in another vlan. The players should also communicate with the controllers which are also located in annother vlan. This is just an idea and if this will work, I don´t know.

DNS-Test:
Today I tried the following:

• entering a static entry to the DNS-Server with the new FQDN. This works fine

• installing the script into the "DHCP-Lease-Script Window" of the specific dhcp-Server. As soon as the Client will get the lease, the DNS-Entry is processed and I can ping the client with FQDN. As soon as lease expires (or is deleted) the Static entry in the DNS-Server will be removed. If I am right, I have to install the script for each dhcp-server.

Christian

Pleased to read that the DNS/DHCP worked and now you have the same workings as in the fritz.box.
DNS is really great to use and I love the Round Robin function when having multiple IP addresses on one domain name.

Tagging/untagging on the switch port is fine.

Default, subnets can't see each other unless you make them visible with a GateWay or routing. VLAN adds an extra separation layer.

I never used VLAN (only fot my ISP) so I won't be much of a help on it.

Hi,
it´s me again

There is one topic left:
Does it makes sense to use different domain suffixes in a local domain-environment?

example:

• vlan1: admin.home.mydomain.local
• vlan10: smarthome.home.mydomain.local
• vlan20: iptv.home.mydomain.local

or is it better, in terms of design rules for networks, to use a common local domain name.

• vlan1-vlan nn: home.mydomain.local

I am not very experience with this stuff, so I hope someone can give me a tip.

Thanks,
Christian

I'd say it depends entirely on what you like. You might prefer different suffixes to make things look more segmented, or just one to keep it simple. The latter may be safer for dynamic updates, if devices with same hostname happen to be connected in different vlans at the same time. But then it's annoying if you'd want to actually type those long names.