Change DNS servers on VPN up/down

TempoVan · October 28, 2014, 4:19pm

Case: branch offices with Mikrotik as router with DHCP and DNS roles and VPN site-to-site (via OpenVPN, but it doesn’t matter). On Mikroitk WAN interface we get DNS servers from ISP, then VPN connection to head office connects it add Active Directory DNS servers, but they are on the bottom list of DNS servers on Mikrotik and don’t used if ISP DNS work.
So computers in branch offices do not resoleve internal DNS names if ISP’s DNS work.
How in this case we can set DNS servers from VPN connection on top of the list of DNS servers on Mikrotik?
As workaround I use RouterOS netwatch for VPN server internal ip with two actions:
On VPN Up:
/ip dns set servers 192.168.10.2,192.168.10.3
/ip dns cache flush
/log info “OVPN DNS OK”
On VPN Down:
/ip dns set servers 8.8.8.8,8.8.4.4
/ip dns cache flush
/log error “OVPN DNS bad”
But I think this is a bad idea. For example in Windows OpenVPN interface has biggest priority so on VPN up Windows use internal Active Directory DNS servers and on VPN down use DNS servers from ethernet connection.
Please help and advice.

TempoVan · November 5, 2014, 7:27am

So do not think of anything better. What do you think?

SystemErrorMessage · November 5, 2014, 5:29pm

its not necessary to change DNS servers. Use the DNS server on your routerboard, give it multiple servers (you can add much more than 2 IPs) and in DHCP set your routerboard as DNS server. There isnt much config to do and it will work on any network as long as your routerboard is reachable from that network.

Manually add the IP address in DNS server based on the order you want them to use. By default every system tries the first entry and if it doesnt work than the 2nd entry and so on. In the DHCP client untick use peer DNS and manually add your ISP’s DNS or some other DNS server under your DNS server assuming it is some other server.

Sorry even i cant fully understand your question.

bkuhn · November 5, 2014, 10:05pm

I recently started a topic about a similar issue, resolving DNS to “local” DNS servers when a PPTP client came up.

I couldn’t find a simple way to do it. Somebody mentioned using a Layer7 filter to redirect DNS requests for a specific domain name to a different DNS server, but I couldn’t make it work.

janisk · November 6, 2014, 11:46am

in RouterOS DNS cache does not have other priority, but the order DNS server addresses are added. So, your suggested solution with netwatch sounds reasonable.

Also, SystemErrorMessage suggestion makes sense. However, i would avoid using layer-7 as it is a resource hog.

TempoVan · November 10, 2014, 4:04am

Thank you all.