Hi to all,
Very new to Mikrotik.
Very simple network architecture:
WAN = ether1
LAN = bridge (ether2 to ether 10), 2 vlans, (vlan ///10 192.168.10.x/// and vlan 20 ///192.168.20.x///) with the relevant dhcp addresses etc.
No firewall resctrictions.
Everything working fine.
I can access one Windows device that resides in vlan 10 from vlan 20 using the ip address, no problem.
When i am trying using host-names, its not working. Tried to put domain name in the relevant dhcp networks, nothing. Tried static dns entries at ip/dns/static, nothing.
Any ideas?
Re: accessing local network hosts by host-name.local-domain-name
What is setting of dns-server property in /ip dhcp-server network? If it's not your router's IP address, then clients will use other DNS server and will miss configuration from /ip dns static.
Re: accessing local network hosts by host-name.local-domain-name
Thank you so much for your reply.
The problem seems to be that i haven't enabled the "allow remote requests".
So with that disabled, only dynamic dns servers from ISP are used (peer dns in dhcp client) despite that i had configured static dns servers in ip/dns and in ip/dhcp/networks. These entries are used ONLY if allow remote requests are enabled.
If that is enabled then the dns query asks the dns server specified there (ip/dns and ip/dhcp/networks). If the mikrotik router is set there then and only then the static dns entries are used!!!
Much complicated really.
The problem is now how can i secure my router from external dns requests when "allow remote requests" is enabled?
The problem seems to be that i haven't enabled the "allow remote requests".
So with that disabled, only dynamic dns servers from ISP are used (peer dns in dhcp client) despite that i had configured static dns servers in ip/dns and in ip/dhcp/networks. These entries are used ONLY if allow remote requests are enabled.
If that is enabled then the dns query asks the dns server specified there (ip/dns and ip/dhcp/networks). If the mikrotik router is set there then and only then the static dns entries are used!!!
Much complicated really.
The problem is now how can i secure my router from external dns requests when "allow remote requests" is enabled?
Re: accessing local network hosts by host-name.local-domain-name
The problem is now how can i secure my router from external dns requests when "allow remote requests" is enabled?
It's firewall rules for chain=input. Default firewall setup (in recent ROS version on SOHO devices) already blocks most connections from WAN, but it really depends on changes to follow philosophy used for default rules (e.g. proper interface list membership etc.).
The buil-tin DNS resolver should be able to combine statically defined entries with replies from upstream DNS servers, but it needs proper configuration:
Code: Select all
/ip dns set servers=<comma separated list of remote DNS servers>
Re: accessing local network hosts by host-name.local-domain-name [SOLVED]
Yes it is now worked as expected.The problem is now how can i secure my router from external dns requests when "allow remote requests" is enabled?
It's firewall rules for chain=input. Default firewall setup (in recent ROS version on SOHO devices) already blocks most connections from WAN, but it really depends on changes to follow philosophy used for default rules (e.g. proper interface list membership etc.).
The buil-tin DNS resolver should be able to combine statically defined entries with replies from upstream DNS servers, but it needs proper configuration:
Code: Select all/ip dns set servers=<comma separated list of remote DNS servers>
To summarize for other friends:
1. In order for the internal DNS resolver to work ==> Ip>DNS Allow remote requests should be enabled. If allow remote requests is disabled then the dns function is coming from peer DNS from DHCP client. This should be enabled at least if "allow remote requests" is disabled, otherwise there is no DNS service.
2. After the enabling of MIkrotik DNS function (with allow remote requests ON), then set static DNS servers in /ip/dhcp/networks and/or ip/dns. Optionally set static dns entries in ip/dns/static after setting static ip addresses for clients in dhcp server.
3. Securing Router from external dns queries with firewall rules (chain input, action drop, udp and tcp 53).