It would be brilliant to add conditional DNS forwarding to the Caching DNS Forwarder in RouterOS. That is, the ability to specify “if a request comes in for a record under suffix foo.bar, forward it to 172.16.0.2 rather than the normal DNS server”. This is particularly helpful for allowing private DNS zones to be resolved across a VPN link while still allowing public DNS zones to be resolved by some local public DNS server (especially useful so that you don’t lose DNS when the VPN link goes down!).
I’m fully aware of the trick to implementing this using NAT, Mangle, and Layer7 Protocol rules in the firewall. However, that solution has various problems, including one huge one.
The big one is that it only works for DNS queries over UDP; any DNS query over TCP will just fail if this method is attempted. Obviously DNS mostly uses UDP, but it’ll fall back to TCP and break at surprising times.
A smaller issue, but a real one, is that implementing this method requires understanding the details of UDP DNS packet structure. Most of the tutorials on these forums and elsewhere get the regular expressions wrong.
Requests that get handled by the Layer7 NAT trick don’t get their results cached by the Mikrotik, so they have to be forwarded every time.
If Mikrotik doesn’t want to add this as a core feature of the RouterOS DNS Forwarder, I’d love to see a more fully-featured DNS forwarder added as a separate package, the way the fully-featured NTP client and server are.
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns forwarders
add domain=company1.lan servers=10.11.12.13
add domain=company2.lan servers=192.168.89.10,192.168.89.11
and have all queries to .company1.lan go to 10.11.12.13, etc. It can’t be difficult to implement, can it?
Indeed it would be great!
For reasons, I use an internal DNS server for my local computers domain. At this point, my two MikroTik routers have two home servers as DNS backend which run dnsmasq with conditional forwarding. It would be really nice to shutdown the home servers and only use the MikroTik resolvers.