DNS handling on mikrotik - i'm confused

snooOren6925 · September 20, 2024, 5:33am

Hi All
apologies if this was discussed previously.. but after seeing so many post and as well mikrotik’s own doc (https://help.mikrotik.com/docs/display/ROS/DNS) I’m not sure if I’ve understood how mikrotik router handles DNS and it should be setup properly. Would like to use DoH (testing both nextdns and cloudflare). I’ve setup and tested both and it’s working but I’m still now sure if I’ve done it correctly. I’ve firewall NAT rule to redirect port 53 (TCP/UDP) traffic enabled.

Questions
#1 - if there is a DoH server entry my understanding is the the “Servers” list/entries will be ignore. ie all DNS queries will go through DoH?
#2 - on https://help.mikrotik.com/docs/display/ROS/DNS doc "Currently, DoH is not compatible with FWD-type static entries, in order to utilize FWD entries, DoH must not be configured. " what does this line mean? does it mean if DoH is enabled we should disable all static entries?
#3 - how can i setup DNS failover work? i.e. if nextdns DoH is not reachable, router resolver switch over to eg cloudflare.
#4 - i’ve seen comments that “Server” entries is needed for DNS failover to work.

kleshki · September 20, 2024, 9:19am

If DoH is configured, regular DNS is used to resolve DoH hostname only
It is on 7.16 already, you can try it out. On older versions, static entries are ignored when DoH is configured, so you may or may not disable it - doesn’t matter
No way currently, only one DoH can be configured at once (and regular dns failover doesn’t work nice also - if first DNS is down, it fallbacks to the second, but when first is up again, it doesn’t return back)
Yes as I said above, you can configure multiple regular DNS entries in Servers section, but not DoH