Is anyone else running a local DNS on a local ip segment such as 192.168.1.* and care to let me in on how you configured it in WebFig?
I stumbled over DNS being a requirement for my VMWare solution so I might try to do it on the Router before messing with it on a server…
DNS is very easily accomplished on the MT, basically it provides a cache function for frequently visited sites is my impression.
Im a winbox guy so cannot help with webconfig.
I can use both, so feel free to elaborate dear Anav… albeit the cache function is not really what I am after, I need to specify a local DNS server with two local IP entries and then the whole shebang with anav1.workstation.llama and anav2.workstation.llama … etc…
This is exactly how my DNS Servers, on production, are set:
/ip dns
set allow-remote-requests=yes cache-max-ttl=30m cache-size=81920KiB max-concurrent-queries=1000 \
max-concurrent-tcp-sessions=40 servers=1.1.1.1,8.8.8.8
With that settings, actually only 40892 KiB of memory is occupied.
Default values:
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-concurrent-queries=100 max-concurrent-tcp-sessions=20 \
max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \
servers="" use-doh-server="" verify-doh-cert=no
What I have changed and why:
allow-remote-requests=yes obviously for activate the service
cache-max-ttl=30m (from 1w to 30m) do not want too old DNS records…
cache-size=81920KiB (from 2MiB to 80MiB) the RB1100Dx4 have 1GB of ram…
max-concurrent-queries=1000 (from 100 to 1000) for 4000 users are sufficient.
max-concurrent-tcp-sessions=40 (from 20 to 40) TCP is rarely used, 40 for 4000 users are sufficient.
servers=1.1.1.1,8.8.8.8 for specify what servers must be used.
And obviously on Border Firewall, on another machine, no one on Internet can reach the DNS service on that machine…
Humm… I am currently reducing server load as much as possible and adding a vmachine for bind or dnsmasq is not my first option. I would like the network equipment to handle all the network related settings, in principle. I think I have enough juice in my MT devices for that. Not even running Dude yet, but I do run Lansweeper on my FS server which is fulfilling some monitoring things.
As for description, I can’t use the ISP DNS, I tried in WinSrv, did not work. Let me tell you what I need it for. I am setting up a vCenter to handle virtual machines and experimenting with perhaps an AD and other things. The requirement for these are at the very least, local DNS server entries, or they won’t work. I can’t even install vCenter if I don’t specify a DNS. Since I am not interested in configuring a Google or Cloudflare DNS, it make no sense since I have nothing that goes towards Internet, I am looking at a local DNS that should be enough for the requirements of an AD and vCenter.
Now, how would I translate that in networking terms? Local DNS on 192.168.1.101 and 192.168.1.102 which I use to do local lookups and can use as alias management so I can type “lansweeper” in my browser instead of 192.198.1.10:44444. Yes, I can of course also edit my local .host file to accomplish that, but then I would have to edit all .host files on all computers and that’s not a great idea. I need of course to set fixed IP’s on a few devices and servers for this to work and that is not really an issue.
I am trying to explain, I will give more information if asked.
The first question with a quick answer would be if I do this on the Switch or on the Router? My guess would be on the Switch, since it is closer to the devices and currently runs just about nothing but the ports.
The MikroTik DNS do not act a real DNS server, but like a DNS proxy.
Do not accept DNS registration from devices,
but if you add a static DNSs like
server.local = 172.16.0.1
vm2.local = 172.16.0.2
etc.
and set on all the device on the local LAN, manually or by DHCP, to use mikrotik DNS, you do the trick.
RouterOS as poor man’s DNS server is possible, as long as you don’t need it to act as authoritative one (mark answers as authoritative, have SOA records for hosted domains, provide zone transfers, …) and the few supported record types are enough for you.
“alias” is a static CNAME type record to be entered in MT DNS
An alias/CNAME record where the A record is on a different DNS server is often a problem. (e.g. even for a Fortigate, it does not resolve)
And … Microsoft AD has very special requirements for the DNS server.
We’ve been using Pihole with Unbound for years on an old openwrt box. I think you could even run openwrt on some mikrotik devices, and then install pihole with unbound.
Yeah I think i do. Obvioulsy changing llama for “anav” and removing the mx-exchange and xmpp entries. Sorry if I am to obvious but that is kinda my mindset. I need to get things explained in steps and practice a bit before it sticks.
We’ll see how it turns out in regards to DNS requirements for diff systems.
After some additional reading I have come to determine I will need a better solution than posted by @Sob . I will configure my WinSrv to handle it, since it will be running regardless.
I am however grateful for the suggestions posted and should I set up some Linux I might very well consider bind or dnsmasq, but not relevant at this time and with current configuration.
So after some tribulations I set up a WinSrv to handle this and it seems to be working.
Image from a virtual w10 machine.
Had issues understanding the logic and explanation, or rather the lack of it, in diverse how-to’s and books. Thing is once you setup a DNS on WinSrv it takes the current IP of that WinSrv and add that as one of the DNS servers, then it automatically added another free IP from the 192.168.1.0/24 DHCP pool (I think) giving above result. Now, changing these IP’s to a custom dedicated range may be desirable, but as of yet not essential.
// also changed the topic title to better reflect latest content//
and removing the mx-exchange and xmpp entries. Sorry if I am to obvious but that is kinda my mindset. I need to get things explained in steps and practice a bit before it sticks.