It is difficult to understand `Allow Remote Requests`

cocktail · March 27, 2018, 7:05am

Yesterday, I received MikroTik hAP ac2. I configured it. It is a nice warm brick. RouterOS is far easier than OpenWrt, too.

In IP > DNS, I checked Allow Remote Requests, and I start seeing three DNS servers in /etc/resolv.conf

nameserver 192.168.80.1
nameserver 84.200.69.80
nameserver 84.200.70.40

After unchecking it, 192.168.80.1 was removed from /etc/resolv.conf.

According to my test, 192.168.80.1 is the caching DNS server on RouterOS that processes every DNS request and probably forwards external DNS requests to 84.200.69.80 and 84.200.70.40. Thus, it doesn’t make sense to have 84.200.69.80 and 84.200.70.40 as nameservers when 192.168.80.1 is the primary nameserver.

Is there anything I don’t understand?

normis · March 27, 2018, 8:02am

You are mixing up things.

“Allow Remote Requests” simply allows other devices to use RouterOS as DNS server. Uncheck this, and RouterOS can only use it for itself.

What DNS server addresses your DHCP client received is completely unrelated. You configure that in your DHCP server settings.

cocktail · March 27, 2018, 9:03am

RouterOS DHCP server seems to use DNS settings from IP > DNS with the following settings. Shall I set dns server option in 'IP > DHCP server > Options`?

My DNS cache settings: (Checking Allow Remote Requests adds 192.168.80.1 to /etc/resolv.conf in addition to 84.200.69.80 and 84.200.70.40)

My DHCP client settings:

normis · March 27, 2018, 9:32am

I suggest upgrading to v6.41.3 and checking once more. This was a bug that was fixed, I believe.

cocktail · March 27, 2018, 10:25am

I just upgraded hAP ac2’s RouterOS to v6.41.3. The issue still exists.

$ cat /etc/resolv.conf

Generated by dhcpcd from enp2s0.dhcp

/etc/resolv.conf.head can replace this line

nameserver 192.168.80.1
nameserver 84.200.69.80
nameserver 84.200.70.40

/etc/resolv.conf.tail can replace this line

Perhaps, it is not an issue, but an intended outcome which I don’t understand, yet.

normis · March 27, 2018, 11:00am

Please make a supout.rif file (command /system sup-out) in the new version and send it to support@mikrotik.com
The issue was supposed to be fixed.

2frogs · March 27, 2018, 11:32am

What do you have under:
IP>DHCP SERVER>[Networks] tab? This is where your devices receive their DNS settings from.

cocktail · March 27, 2018, 11:53am

2frogs · March 27, 2018, 12:23pm

I believe the default behavior if IP>DHCP SERVER>[Networks]-DNS is blank is what you are seeing. If you only want the router for DNS, then set it’s IP here.

cocktail · March 31, 2018, 8:33am

I contacted support@mikrotik.com.

This is the answer I got.

Hello,

I will explain how this is working in RouterOS and I hope you will find answers to all your questions.

For example ISP → GW → LAN:

You do not configure any “DNS servers on “GW” DHCP server network configuration”- device will forward DNS server received from ISP to LAN devices.

You configure “DNS servers on “GW” DHCP server network configuration”- device will give configured DNS servers to LAN devices.

“dns-none” configured under “DNS servers on “GW” DHCP server network configuration” - device will not forward any of dynamic DNS servers to LAN devices.
Currently in release-candidate available option:
*) dhcpv4-server - added “dns-none” option to “/ip dhcp-server network dns”.

Arturs C. didn’t seem to be aware of the issue you were talking about.
What is the issue? I don’t know what the issue is, either.