How to set DNS servers for users connecting through RouterBoard

ChrisM · November 10, 2015, 4:31pm

I have our RouterBoard running on IP 192.168.1.1 and this is connected to our ISP’s router which is 192.168.0.1. We have various clients connected through the RouterBoard and these are assigned addresses through DHCP.

I would like to have all clients connecting through the RouterBoard to be assigned just 192.168.1.1 as the DNS server, and for the RouterBoard to then perform lookups via a specified public DNS server (eg Google DNS or our ISP’s DNS servers).

However, I can’t seem to get this to work. For example, if I remove 192.168.0.1 from the “Servers” list under IP > DNS the RouterBoard can’t resolve any hostnames. If I enable “Use peer DNS” for the ether1-gateway interface’s DHCP configuration this adds 192.168.0.1 to the “Dynamic servers” list.

The reason we need local clients only to use the router’s IP is because we use some internal static DNS records so we need to force local clients to go through the RouterBoard’s DNS for this purpose.

So how can we have local clients only using 192.168.1.1 with the RouterBoard relaying these requests to specified DNS servers?

The only workaround I have found is http://wiki.mikrotik.com/wiki/Force_users_to_use_specified_DNS_server which would force all requests on port 53 to go via the RB but this would still leave 192.168.0.1 listed as a DNS server for clients using DHCP eg:
2015-11-10_1629.png
Thanks in advance,
Chris

stmx38 · November 11, 2015, 11:51am

ChrisM,
Please show your settings under IP → DHCP Server → Network

/ip dhcp-server network export

Ape · November 11, 2015, 1:24pm

Hi,

you already described the solution to your issue:

This is a reliable way to force clients to use your DNS server whatever you clients configured as DNS server.

Regarding the issue with both DNS servers being announced, ChrisM wrote how to get what we need to know, to assist you:

But keep in mind, these are two different things. Just announcing a DNS server with DHCP is not enough if your clients must use your internal DNS server.

Ape

ChrisM · November 11, 2015, 1:50pm

Thanks for the replies.

Here are the settings from IP > DHCP Server > Networks:
2015-11-11_1346.png
It’s not mission critical that we need to force all clients to use our DNS via the firewall, but would be nice if the DHCP server assigned clients with only 192.168.1.1 as the only DNS server (with the RB then doing DNS lookups to the ISP’s DNS servers).

Thanks in advance for any suggestions.

Ape · November 12, 2015, 4:21pm

Hi,

Okay. Thank you for clarifying.

Just add the DNS server’s IP in your “DHCP server” → “network” config. That’s it.

Ape

ChrisM · November 26, 2015, 1:48pm

This works - thank you very much!