mikrotik ROS 6.33.1 and a local DNS server

mikrotik75 · November 22, 2015, 10:20am

Hello there,

we have a local DNS server in our network (192.168.1.201). This is a “blackbox” for us, because we can’t configure this.
But we must use this device, because it make special name solutions.

So I’ve this local DNS server post in the DNS field of mikrotik router (192.168.1.1). The clients are use the mikrotik router as your DNS server, because I’ve some static DNS names for the local network.

This constellation runs for (can resolve IP addresses for) the clients:

the special (static) names from local “blackbox” DNS server (192.168.1.201), such as: specialname.domain.xyz
the static names which defined on mikrotik DNS service, such as: proxy.local, mirrorserver.local…

but the local “blackbox” DNS server can’t resolve internet URL’s for the clients, like www.google.com

With the old simple router (no mikrotik) it works.

I think a firewall rule in mikrotik router is needed for the local “blackbox” DNS server to synchronize with main internet DNS server.
Have anyone an idea for a forward firewall rule?

Best regards
mikrotik75

Sob · November 22, 2015, 5:14pm

It would be best if you knew what exactly the old simple router did.

Was it perhaps configured to forward everything under domain.xyz to your blackbox DNS? Unfortunately, MikroTik still does not see per-domain forwarding as useful feature, so there’s no straightforward way to do it in RouterOS. But you can use the old L7 hack.

mikrotik75 · November 22, 2015, 7:05pm

I’m deeply impressed. The “old L7-hack” is it.

The regular expression is not so easy for me. All endings with “abc.xyz” should route. I’ve post “\x06\x03abc\x03xyz”. This is not work.
How should be the regexp for all endings “abc.xyz”?

Best regards
mikrotik75

PS: I’ve found it: “\x03abc\x03xyz”. Now it works fine!

Many thanks!

mikrotik75 · November 23, 2015, 1:03pm

I’m sorry. The first joy was short. The problem is actually. I think I had not clean the DNS cache by test. Just it don’t work.

Now I ask again:
How should be the regexp for all endings “abc.xyz”?

Thx mikrotik75

Sob · November 23, 2015, 3:19pm

“\x03abc\x03xyz” is basically correct, just few ideas:

if you enter it in WinBox, you need only single slashes: \x03abc\x03xyz
if abc.xyz is just an example (it’s an existing domain) and your domain is different, make sure that the numbers are correct. They mean the number of following characters, e.g. domain.info would be \x06domain\x04info
if client is on same subnet as target DNS server, you need working hairpin NAT rule for the redirected packets

mikrotik75 · December 19, 2015, 10:04am

Great, it works fine!
Thank you very much!

mikrotik75