Access to DNS from OpenVPN clients

danilabagroff · November 15, 2017, 9:33am

Hi!

I have two OpenVPN clients, but just one of them(Windows10) can use Mikrotik’s(10.1.0.1) DNS.

From Windows 10

C:\test>nslookup printer.mega 10.1.0.1
╤хЁтхЁ:  gw1.mega
Address:  10.1.0.1

Не заслуживающий доверия ответ:
╚ь :     printer.mega
Address:  10.1.0.3

From DD-WRT

root@gw2:/tmp/etc# nslookup printer.mega 10.1.0.1
Server:    10.1.0.1
Address 1: 10.1.0.1 ca.mega

nslookup: can't resolve 'printer.mega'

All clients are definitely can access 53 tcp-port.
Allow Remote Request is also checked in WebFig.

What I should check?

blajah · November 15, 2017, 4:08pm

By default DNS uses UDP/53 not TCP. Does your firewall allows DNS queries from outside? Actually it does, if it works on WIN10. There must be issue with DDWRT setup, Hows your OVPNs IP Network described? Do you have DNS Servers in PPP Profile?

danilabagroff · November 16, 2017, 9:17am

Thank you for the reply.

[root@gw1] /ppp profile> print  
 1   name="openvpn1" local-address=10.7.0.1 remote-address=openvpn1 bridge=openvpn1 use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=default use-upnp=default 
     address-list="" dns-server=10.1.0.1 on-up="" on-down=""

blajah · November 16, 2017, 8:03pm

Well, i doubt its issue on MT side. I do not have a way to test whats with DDWRT settings, but can you point ( just for testing purposes) DNS servers of DDWRT to mikrotik and then test resolving,
Do you have some DNS Proxy on DDWRT or some catch-all-DNS firewall rule, or some similar mechanism?