Accessing devices by hostname (Local DNS server?)

jdanen · December 27, 2021, 1:11pm

I’m in the process of moving my network installation from an older OpenWrt router to a Rb2011-UiAS-2hnd. One functionality that OpenWrt made very easy was accessing devices in the LAN by their hostname+a domain suffix (i.e. a PC named mediapc with a static lease for 192.168.2.42 could be accessed on mediapc.lan, and I guess the static lease isn’t even necessary). As far as I understand, this would be handled by a local DNS server - in case of OpenWrt, dnsmasq. OpenWrt handled this pretty much automatically, which seems not to be the case for RouterOS. If I understand the relevant wiki page correctly, the name translation can be set up manually under

/ip dns static

but after doing that for one of the machines, I’m still unable to ping it by hostname (still pings fine by IP address). Any suggestions on how to get this to work would be much appreciated, especially if someone has managed to get this to the point of automation that OpenWrt had. The config for the router is attached below.

# dec/27/2021 15:06:46 by RouterOS 6.49.2
# software id = FIEP-NH1Q
#
# model = 2011UiAS-2HnD
# serial number = 814407CF4483
/interface bridge
add name=bridj
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=latvia disabled=no \
    frequency=auto mode=ap-bridge ssid=WhyTest
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap \
    mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=lan_pool ranges=192.168.2.3-192.168.2.254
/ip dhcp-server
add address-pool=lan_pool disabled=no interface=bridj name=lan_dhcp
/interface bridge port
add bridge=bridj interface=ether2
add bridge=bridj interface=ether3
add bridge=bridj interface=ether4
add bridge=bridj interface=ether5
add bridge=bridj interface=ether6
add bridge=bridj interface=ether7
add bridge=bridj interface=ether8
add bridge=bridj interface=ether9
add bridge=bridj interface=ether10
add bridge=bridj interface=wlan1
/interface list member
add interface=bridj list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.2.2/24 interface=bridj network=192.168.2.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.2.42 client-id=1:bc:5f:f4:77:1a:ad mac-address=\
    BC:5F:F4:77:1A:AD server=lan_dhcp
add address=192.168.2.3 client-id=1:14:da:e9:a6:81:ed mac-address=\
    14:DA:E9:A6:81:ED server=lan_dhcp
/ip dhcp-server network
add address=192.168.2.0/24 boot-file-name=extscript.kpxe domain=lan gateway=\
    192.168.2.2 next-server=192.168.2.3
/ip dns
set servers=1.0.0.1
/ip dns static
add address=192.168.2.3 name=FF-Server
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=WAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN
/lcd
set time-interval=hour
/lcd pin
set pin-number=4705
/system clock
set time-zone-name=Europe/Riga
/system identity
set name=StarryNight
/system ntp client
set enabled=yes server-dns-names=lv.pool.ntp.org
/system package update
set channel=upgrade
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

tdw · December 27, 2021, 1:27pm

The clients have to use the Mikrotik as a DNS server
/ip dhcp-server network
add address=192.168.2.0/24 boot-file-name=extscript.kpxe dns-server=192.168.2.2 domain=lan gateway=192.168.2.2 next-server=192.168.2.3
or configured directly on the client if it has a static IP address set.

jdanen · December 27, 2021, 2:08pm

Alright, now I can access them by the string I set in /ip dns static, without the .lan domain suffix. Slightly confusing, gotta admit. Was there any reason OpenWrt used the [host].[domain] nomenclature, or was that just a string appended to the end to make it easier for the user to remember what is he connecting to?

tdw · December 27, 2021, 2:46pm

I don’t know how OpenWrt manages its static DHCP and DNS entries.

With Mikrotiks the static DNS entries return the IP address matching the name field, be it a short name, e.g. “somehost”, or a fully-qualified name, e.g. “somehost.mydomain”. The DHCP networks domain= provides any DHCP client the DNS domain if asked, i.e. the client includes option 15 in its DHCP request.

How the DNS domain is used is purely down to the client device, typically it will append it to requests containing no dots, e.g. if the DNS domain is “mydomain” and the user asks for “somehost” the device actually requests “somehost.mydomain”

aesmith · January 9, 2022, 9:15am

You can also add a script to the DHCP server so that each address lease creates a local DNS entry. It’s reliant on the host giving a sensible name, which some do and some don’t. And I note on our network it doesn’t correctly handle iphones with “private address” enabled.

BartoszP · January 9, 2022, 9:30am

Put this as a script for your DHCP server

:local zone "mydomain.local"
:local dnsrecord [/ip dns static find where address=$leaseActIP ]
:if ( $leaseBound = 0 ) do={
  :if ( [ :len $dnsrecord ] > 0 ) do={
    :log warning ("DNS release record for $[/ip dns static get $dnsrecord name] ( $leaseActIP )")
    /ip dns static remove $dnsrecord
  }
} else={
  :local hostname [/ip dhcp-server lease get [/ip dhcp-server lease find where address=$leaseActIP server=$leaseServerName ] host-name]	
  :local fqdn
  :local dhcplease
  :foreach dhcplease in=[/ip dhcp-server lease find where ( server="$leaseServerName" && address=$leaseActIP ) ] do={
    :set hostname [/ip dhcp-server lease get $dhcplease host-name ]
    :set fqdn ( $hostname . "." . $zone )
    :local ttl [/ip dhcp-server lease get $dhcplease expires-after ]
    :if ( [ :len $dnsrecord ] > 0 ) do={
      /ip dns static remove $dnsrecord
    }
    :log warning ("Renew DNS record for $fqdn ( $leaseActIP )")
    /ip dns static add name=$fqdn address=$leaseActIP ttl=$ttl comment=$leaseActMAC
  }
}