DNS in site to site VPN tunnel

pharao · April 25, 2017, 9:07am

Hello,
We have two departments of our company with two mikrotik routers. We have created site to site vpn tunnel and nearly everything is working fine except some problems with DNS.
In this scenario we have:

two subnets, i.e. : 192.168.0.0/24 and 192.168.1.0/24.
In one subnet (192.168.0.0/24) there is a Domain Controller with DNS server and other services like remote desktop, fileshare etc. All of them use friendly names like rd1, rd2, fs1, fs2.
Second subnet (192.168.1.0) has DHCP server on Mikrotik, and on DHCP Server->Networks we defined two DNS servers: 192.168.0.2 (which is DNS in first subnet) and alternate DNS 8.8.8.8

Everything is good, users can connect to remote desktops and fileshares using friendly names. But when our Internet is down in first department or our DNS server is down, second department lost connection with Internet. I had assumed that computers should use in this case alternate DNS 8.8.8.8 but they didn’t.

Is there any mistake in my understanding? Is there any possible solutions for this scenario?

Please forgive me my English.

Van9018 · April 25, 2017, 8:24pm

I don’t know why the second DNS doesn’t work for you.

But an alternate config that I use:

2nd site uses Mikrotik for DNS
2nd site Mikrotik has Layer7 firewall rule to redirect DNS queries to 192.168.0.2 when the query ends with .company.local

Go to IP > Firewall, Layer7 Protocol. Create an entry: name=DNS-SITE1 REGEXP: yourdomain.local
Go back to dst-nat, add rule. When packet comes in bridge-local interface that is udp with dst-port=53 and layer7=DNS-SITE1, then action dst-nat, to-address=192.168.0.2