Is anyone else running a local DNS on a local ip segment such as 192.168.1.* and care to let me in on how you configured it in WebFig?
I stumbled over DNS being a requirement for my VMWare solution so I might try to do it on the Router before messing with it on a server...

Router specified on my signature.

Or maybe I should rather do it on the Switch?

Switch specified in signature.

The manual has some basics explained, but not really any good how-to's.
https://wiki.mikrotik.com/wiki/Manual:IP/DNS

DNS is very easily accomplished on the MT, basically it provides a cache function for frequently visited sites is my impression.
Im a winbox guy so cannot help with webconfig.

Im a winbox guy so cannot help with webconfig.

I can use both, so feel free to elaborate dear Anav... albeit the cache function is not really what I am after, I need to specify a local DNS server with two local IP entries and then the whole shebang with anav1.workstation.llama and anav2.workstation.llama ... etc...

This is exactly how my DNS Servers, on production, are set: With that settings, actually only 40892 KiB of memory is occupied.

Default values:
What I have changed and why:
allow-remote-requests=yes obviously for activate the service
cache-max-ttl=30m (from 1w to 30m) do not want too old DNS records...
cache-size=81920KiB (from 2MiB to 80MiB) the RB1100Dx4 have 1GB of ram...
max-concurrent-queries=1000 (from 100 to 1000) for 4000 users are sufficient.
max-concurrent-tcp-sessions=40 (from 20 to 40) TCP is rarely used, 40 for 4000 users are sufficient.
servers=1.1.1.1,8.8.8.8 for specify what servers must be used.

And obviously on Border Firewall, on another machine, no one on Internet can reach the DNS service on that machine...

Whats the point in caching for 30 minutes?? How many websites get old after 30 minutes.

Be more precise, for you is too high or too low?

For example

TTL are from authoritative DNS, not my DNS

:resolve www.playstation.com

30 minutes:
www.playstation.com -> www.playstation.com-v2.edgekey.net

4 minutes:
www.playstation.com-v2.edgekey.net -> www.playstation.com-v2.edgekey.net.glob ... akadns.net

20 minutes:
www.playstation.com-v2.edgekey.net.glob ... akadns.net -> e2790.dscx.akamaiedge.net

20 seconds:
e2790.dscx.akamaiedge.net -> 23.77.212.145

While i appreciate any insight, I am after LOCAL DNS SERVER and how to set that up.

Not google....

Ops, misunderstanded your post, like @anav....

Please provide a DETAILED description of what you want from your local DNS.

Hint: use a VM with "bind" is better...

So what would be a detailed description?

Humm... I am currently reducing server load as much as possible and adding a vmachine for bind or dnsmasq is not my first option. I would like the network equipment to handle all the network related settings, in principle. I think I have enough juice in my MT devices for that. Not even running Dude yet, but I do run Lansweeper on my FS server which is fulfilling some monitoring things.

As for description, I can't use the ISP DNS, I tried in WinSrv, did not work. Let me tell you what I need it for. I am setting up a vCenter to handle virtual machines and experimenting with perhaps an AD and other things. The requirement for these are at the very least, local DNS server entries, or they won't work. I can't even install vCenter if I don't specify a DNS. Since I am not interested in configuring a Google or Cloudflare DNS, it make no sense since I have nothing that goes towards Internet, I am looking at a local DNS that should be enough for the requirements of an AD and vCenter.

Now, how would I translate that in networking terms? Local DNS on 192.168.1.101 and 192.168.1.102 which I use to do local lookups and can use as alias management so I can type "lansweeper" in my browser instead of 192.198.1.10:44444. Yes, I can of course also edit my local .host file to accomplish that, but then I would have to edit all .host files on all computers and that's not a great idea. I need of course to set fixed IP's on a few devices and servers for this to work and that is not really an issue.

I am trying to explain, I will give more information if asked.

The first question with a quick answer would be if I do this on the Switch or on the Router? My guess would be on the Switch, since it is closer to the devices and currently runs just about nothing but the ports.

The MikroTik DNS do not act a real DNS server, but like a DNS proxy.
Do not accept DNS registration from devices,
but if you add a static DNSs like
server.local = 172.16.0.1
vm2.local = 172.16.0.2
etc.
and set on all the device on the local LAN, manually or by DHCP, to use mikrotik DNS, you do the trick.

RouterOS as poor man's DNS server is possible, as long as you don't need it to act as authoritative one (mark answers as authoritative, have SOA records for hosted domains, provide zone transfers, ...) and the few supported record types are enough for you.

"Poor mans DNS" ? "Beggars DNS"?

Yeah, al righty... so can any of you guys step through the cmd's for this achievement, and elaborate on how I can use alias wih it? The DHCP version...

"alias" is a static CNAME type record to be entered in MT DNS

An alias/CNAME record where the A record is on a different DNS server is often a problem. (e.g. even for a Fortigate, it does not resolve)
And ... Microsoft AD has very special requirements for the DNS server.

We've been using Pihole with Unbound for years on an old openwrt box. I think you could even run openwrt on some mikrotik devices, and then install pihole with unbound.

You get the idea.

Code: Select all

/ip dns static
add address=192.168.88.10 name=anav1.workstation.llama
add address=192.168.88.20 name=anav2.workstation.llama
add address=2001:db:0:88::20 name=anav2.workstation.llama type=AAAA
add address=192.168.88.2 name=mail1.server.llama
add address=192.168.88.3 name=mail2.server.llama
add mx-exchange=mail1.server.llama mx-preference=10 name=mail.llama type=MX
add mx-exchange=mail2.server.llama mx-preference=20 name=mail.llama type=MX
add address=192.168.88.5 name=jabber1.server.llama
add name=_xmpp-server._tcp.chat.llama srv-port=5269 srv-priority=1 srv-target=jabber1.server.llama srv-weight=0 type=SRV
add name=_xmpp-client._tcp.chat.llama srv-port=5222 srv-priority=1 srv-target=jabber1.server.llama srv-weight=0 type=SRV

You get the idea.

Yeah I think i do. Obvioulsy changing llama for "anav" and removing the mx-exchange and xmpp entries. Sorry if I am to obvious but that is kinda my mindset. I need to get things explained in steps and practice a bit before it sticks.

We'll see how it turns out in regards to DNS requirements for diff systems.

Thanks

If was just example of different record types, use whatever you need.

I think you could even run openwrt on some mikrotik devices, and then install pihole with unbound.

+1
Or to use dnsmasq, or even powerDNS with openwrt, running on some MT devices.
Done that.

After some additional reading I have come to determine I will need a better solution than posted by @Sob . I will configure my WinSrv to handle it, since it will be running regardless.
I am however grateful for the suggestions posted and should I set up some Linux I might very well consider bind or dnsmasq, but not relevant at this time and with current configuration.

Now to find a tutorial and some reading for that.

So after some tribulations I set up a WinSrv to handle this and it seems to be working.


Image from a virtual w10 machine.

Had issues understanding the logic and explanation, or rather the lack of it, in diverse how-to's and books. Thing is once you setup a DNS on WinSrv it takes the current IP of that WinSrv and add that as one of the DNS servers, then it automatically added another free IP from the 192.168.1.0/24 DHCP pool (I think) giving above result. Now, changing these IP's to a custom dedicated range may be desirable, but as of yet not essential.


// also changed the topic title to better reflect latest content//

I am using my Windows Server (domain controller) as the DNS server on my main home LAN. For all other LANs, the Mikrotik is the DNS server.