hello I don’t know if this has any solution, but all my Local LAN addresses passing through my router going to my DNS server are taking the router’s IP for example my IP is 192.168.0.187 my local PC DNS is 192.168.0.1 and the router is connected to the DNS server 192.168.0.33 all the traffic arriving from the router are the router’s IP and I know that it’s standard like that but is there a way to make the traffic from the router to the DNS take the original source IP or forward the traffic the DNS Server?
If your clients are using 192.168.0.33 as DNS server and there is no something special in router’s configuration, it shouldn’t be so. From your description I assume you configured Mikrotik router as DNS server for clients, and ‘allow remote requests’ along with 192.168.0.33 as DNS server on Mikrotik. In such case it should be as you described.
yes, exactly I set the router’s DNS as 192.168.0.33 and “allowed remote requests” but all the requests coming to the DNS Server 0.33 are from the client IP 0.1(the router) i need them to be the source IP address not masked with the router’s address. I tried using dstnat on one pc as a trial but the pc stopped resolving hostnames.
What’s the DNS set to from the PC’s point of view? And how is it set? Static or DHCP?
If the former, then you set it like that, so you can change it.
If the latter, then change the DHCP server’s configuration to give 0.33 instead of 0.1 as the DNS.
(It also helps readability and understanding if you structure sentences properly, using punctuation, and not writing a whole paragraph all as one sentence.
And don’t post stupid worthless screenshots which don’t tell you anything much.)
the DNS of the PC is the same as the router 0.1 (Static), and no I can’t change it since if I can do so I wouldn’t have asked the question in the first place.
Use 192.168.0.33 as DNS server on your clients directly: set it at IP → DHCP Server → Networks as a DNS server for you network.
Obviously if you use your router as a DNS resolver for your PC’s and your DNS server as a resolver for the router itself then the only client of DNS Server is the router, that is what you get, and there can’t be any workaround.
I can’t do that there are some specific static DNS entries available on the router, required to be available.
Either move these entries to your server at .33, or you have to live with what you have now.
yes i think I’ll just have to live with that, i tried using NAT dst-nat but that didn’t work at all the requests wouldn’t resolve.
why if I use a public DNS IP in DST-NAT everything returns to normal but when I use a local IP like 0.33 everything stops?
Dst-nat could help you to forward the request to the server, and let the server answer instead of mikrotik.
But you can either forward the request to the server (needed for “regular” use), or let mikrotik answer the request (needed for you static enties), not both at the same time.
Because the local server sends the reply directly to the client (and the router has no chance to do the reverse translation), while the client waits for the answer from the router’s IP, not from the server’s.
What if I changed the IP of the DNS Server to a different range?
Yes, that is the best solution.
I changed the IP of the DNS server to 10.10.10.1 and then used that address in the NAT it forwarded the request to that DNS server, but the IP entering the DNS server is still the IP of the router rather than the client’s actual ip
That was the solution to make NAT work, not for your initial problem.
The only way to make the DNS server see the addresses of its clients is to make them its clients: move all static entries to DNS server and let it be the only one DNS resolver in your network.
Alternatively you could reverse the situation completely: make it Clients → DNS Server → Router → Public DNS
But I guess you use separate DNS Server for a reason, and using Router to connect to upstream DNS is not an option?
Or is it?
If the static DNS records provided by the router are simple to distinguish, you can use matching of the queries to regular expressions listed under /ip firewall layer7-protocol to make the action=dst-nat rule selective: what needs to be answered by the external DNS server will be redirected (dst-nated) to it, and what needs to be responded by the router itself will be left unchanged. This only works for DNS queries that use UDP and use a different source port for each query, which is mostly the case.
Ok ok, I understand what you said, no I can’t do that, yes one DNS server is for the ORG’s private usage the other DNS server I’m trying to use is a website content filtering, and there’s a reporting service with it but the client IP was always the router’s IP, I was wondering if there’s a bypass for such problem.
my problem is that we use static IPs inside the ORG(I don’t know Why) and to make each PC connect to the server statically is a pain in the a**.
Thank you again if there’s anything else please tell.
I want to use nxfilter to content filter my website request, and see which IP is accessing which website but the client IP is the same as the router’s IP not the original source IP (that’s my ultimate problem)
Well, that looks like a solution, if there is no “many thousands entries list” involved, populated by some script.
Even if static DNS entries are somehow “dynamic”, then the only thing missing is another script that will periodically copy the contents of DNS Static to L7 filters.