DNS setup with AdGuard and static hosts

RouterOS Beginner Basics
1

Hi community!

I want to use the AdGuard DNS server as my primary DNS server to filter Ads. Additionally, I want to define some static hosts on my local LAN, so I do not need to remember IPs and can swap out IPs without altering configured network shares and stuff. My setup is as follows:

$> /ip/dns print
                      servers: 10.10.10.50
              dynamic-servers: 88.134.230.33,88.134.230.97
               use-doh-server: 
              verify-doh-cert: no
   doh-max-server-connections: 5
   doh-max-concurrent-queries: 50
                  doh-timeout: 5s
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 2048KiB
                cache-max-ttl: 1w
      address-list-extra-time: 0s
                   cache-used: 46KiB

10.10.10.50 is the AdGuard DNS server, the dynamic DNS servers comes from my ISP.
I also defined some static DNS entries:

$> /ip/dns/static print
Columns: NAME, ADDRESS, TTL
# NAME             ADDRESS       TTL
;;; defconf
0 router.lan       192.168.10.1  1d 
1 core-router.lan  10.10.10.1    1d 
2 commander        10.10.10.50   1d

When I now ping “commander”, I got “Name or service not known”. When I set a static route in AdGuard for the “commander” host, I got a response. This all makes sense, but I want to define the static hosts and DNS entries in my Mikrotik Router. Is there a way I can achieve this? Like using my MT-router as the default DNS server, but all DNS requests which are not listed in the static hosts got redirected to AdGuard.

2

In case, you have a MT, which is officially supported to run openwrt, after flashing openwrt, you can do what you are asking for.

3

That is not quite the answer I had hoped for :slight_smile: No I want to keep the MT firmware with all my configuration.
Is this such an advanced task?

4

In the IP/DHCP Server settings check what DNS addresses you give out to the clients. Most likely DNS field is blank meaning MikroTik will pass its own DNS addresses (that you see in servers and dynamic-servers of IP/DNS) to the clients. And you need to change that in a way the clients receive your router’s IP as the DNS.

5

With Pi-hole it is possible to achieve this “Conditional forwarding” using local domain, not using AdGuard, but as I see there are some options to specify upstream DNS per domain, see https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#specifying-upstreams-for-domains.
Create in ROS static DNS entries hosts with some local domain like commander.lan and also setup in AdGuard ROS IP as upstream DNS for local domain which it will be used (eg. lan).
Then use for resolving host.domain, not just host name, eg. ping commander.lan.

6

Thanks optio, defining an upstream for a specific domain works fine!