I’m contacting you because I need to use a load balancer to forward my DNS requests to 2 different IPs.
In my scenario I have 2 NAT rules that redirect all DNS requests (port 53 TCP/UDP) to a single IP (see below) and I would like to add a second IP and forward the queries to both them using a Load Balancer:
add action=dst-nat chain=dstnat dst-port=53 in-interface=bridge1 protocol=udp to-addresses=MYFIRSTIP to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=bridge1 protocol=tcp to-addresses=MYFIRSTIP to-ports=53
If you want that each query is sent to both external servers, then no, load balancing cannot do that. If you want that a certain share of queries is sent to one external server and the rest to the other one, then a load balancer is the right way.
Hi,
would be nice to have in user profiles login-script/logout-script attribute.
when user login → login-script is executed
when user logout → logout-script is executed.
thanks,
rahulsaha.
@Sindy I would like to send dns requests on 2 IPs using load balancer.
That’s because if first fails I can use the second one to resolve domains without interruption to the service.
Do you think it’s possible? If so, can you tell me how can I do that?
Configure the 2 external IP addresses as servers in IP->DNS and then direct all your internal requests to the DNS resolver in the router itself.
It will automatically perform the loadbalancing and failover.
I’ve just tried setting both DNS in IP->DNS of Mikrotik but it use always the first DNS and, only when the first one fails, it switch to the second one.
Then it keep using the second DNS and never back to the first one, also if it works properly.
When does it return to using the first DNS?
Is it a parameter I can set to reduce that time?
No. It returns to the first one only once the second one fails.
I still haven’t understood whether you want each single request to be sent to both server’s, or whether it is enough that odd requests are sent to one server and even ones to the other one.
In practice it will not work that way because very often there are DNS queries that time out and the resolver will switch to the other server.
So you will see it alternately use each server for maybe half a minute and then switch again.
(of course assuming it is in real use by a number of devices)
There is no real info on the actual algorithm in use. It may also be that it collects statistical information over time and use that to distribute the load.
(some resolvers in Linux do this, but we do not know which resolver is used)
Thanks for your quick reply, I really appreciated it.
I would like to use first DNS and, if it fails, switch to the second one but, when the first DNS back to work properly, switch again to primary.
The behavior I noticed is the following:
→ Mikrotik resolve domains using always primary DNS
→ When it fails, (DNS request timeout), then it start using the second DNS
→ Also if the primary one back to work correctly Mikrotik keep the secondary DNS
→ If seconday DNS fails, then Mikrotik returns to use the primary DNS
It suits me like behavior, however, I would like Mikrotik go back to use the primary DNS after some time.
Is it possibile?
There is a script approach of what you describe to want to accomplish:
:do {
:local dns1 "8.8.8.8";
:local dns2 "8.8.4.4";
:do { [:resolve dns.google server=$dns1]; :if ([/ip dns get server] != $dns1) do={ /ip dns set server=$dns1 } } on-error={ :if ([/ip dns get server] != $dns2) do={ /ip dns set server=$dns2 } }
} on-error={ /exit }
You can set the script to run every 59 seconds in a scheduler at startup. There maybe better better approaches but i don’t know the reason behind your question. If you are having problems with the isp dns in a dual balance environment you are not doing the load balance the right way probably
@vasilaos thank you very much for the script, I’ll try it soon on my environment.
Just to clarify, I have 2 DNS Server and I want to use the first one but if it fails I want that Mikrotik switch to the second IP.
When first DNS back to resolve properly then I want to go back to using the primary IP.
It remains a bit of a strange requirement. Normally DNS servers need to return the same information for things to work reliably, and so
it should not matter which server you use. A common mistake is to think “I can run my own DNS server with info for my own local
equipment and use that server primarily, and configure a second server on internet which still returns internet domain info when
my local server is down” but unfortunately DNS is not designed that way, and you should not use it that way.
