Hello friends,
we have an internal DNS-Server (192.168.1.201). This one is define in the mikrotik DNS-area. It looks like the mikrotik ignores internal DNS-Servers.
Here a picture:
The clients uses the mikrotik as DNS-Server. But the mikrotik can’t forward the local DNS-Server to the clients. Is it possible to make a mangle- or nat-roule?
Best regards
mikrotik75
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 protocol=udp to-addresses=192.168.1.201 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 protocol=tcp to-addresses=192.168.1.201 to-ports=53
Thank you for your answer. This firewall nat rules I had already tested. It don’t works.
The problem is, the DST-NAT can’t use LAN-Interface as OUTPUT-Interface. So the DNS-Server (192.168.1.201) is search by WAN-Interface and that crashes. My workaround is I use the DNS-Server from my VPN-Remote and vice versa. That works for me.
Thank you for the idea, which brought me to the solution.
mikrotik75
Edit: My workaround isn’t the solution. Only the DNS-cache play the right DNS. 
If I flushing the cache nothing works.
Anyone an idea?
mikrotik75
If you use some sort of authentication to connect to your ISP whether it is PPP or some method, make sure to uncheck use peer DNS. Make sure that the DNS server on the router is set to your internal DNS server and that if you use some sort of rule to force all internal clients to use that DNS server than you must make an exception not to redirect the DNS server itself. This would be under DHCP client.
For DHCP server set the DNS server in there as well so that the clients use your internal DNS server and not the router or in the case of peer DNS your ISP.
Unchecking peer DNS will work for IPv4 but a IPv6 DNS server is still shown.
Where do you get that one from? DHCPv6 client has the same option for peer DNS.
DARN, I missed that. Now there is no dynamic DNS stated anymore in the IPv4 DNS screen. I have a local DNS that fetches it information with my provider.
Thanks Sob!