I have a basic question regarding DNS client and server in RouterOS.
Am I right, that there is just a single DNS server/cache in RouterOS which is used by RouterOS itself (client) as well as by clients in the LAN (if remote requests are enabled)?
For example, I want to provide a DNS server to my LAN clients, that resolves only the static DNS entries configured in RouterOS. Later on I will create these static DNS entries dynamically based on DHCP leases. However, it should not resolve any other (real) domains. So it should not use any upstream DNS servers.
But RouterOS itself must be able to resolve “real domains”, such that, for example, the NTP client can resolve the target domains. So I need to configure some DNS servers in RouterOS (statically, or get one via DHCP dynamically). But if I understand it correctly, those DNS servers are just upstream servers for RouterOS’ DNS server. So then, clients in my LAN cannot only resolve the statically configured DNS entries (see above), but also real domains. Am I right?
Is there a way to configure multiple DNS servers, such that I have one DNS server for my LAN clients, which is only used to resolve LAN hostnames, and another DNS server/cache which is used by RouterOS DNS client only?
I have a dedicated DNS server in my LAN which I already propagate via DHCP to clients. However, that DNS server is not aware of the DHCP clients (and their hostnames) of the Mikrotik router. My DNS server should be able to use the routers DNS server to resolve these hostnames, but only those. Is that possible?
Because if I specify a DNS server via "/ip dns", which I need for DNS to function on the router itself (e.g. NTP), the router's DNS server will resolve real names as well, right? Not only my statically configured DNS entries based on DHCP leases.
You can let your dedicatd DNS server resolve its names with the RB.
Because if I specify a DNS server via “/ip dns”, which I need for DNS to function on the router itself (e.g. NTP), the router’s DNS server will resolve real names as well, right? Not only my statically configured DNS entries based on DHCP leases.
Yes, I know, but the question is whether I can limit RB to answer only to lan-hostname queries (static entries) when queried remotely (by that dedicated DNS server), but when queried by RouterOS itself, it should resolve all real domains. Or maybe running 2 DNS servers, one for my static entries (accessible remotely) and one for the real internet (used locally, not accessible remotely).
Regarding to your last "Right." comment, I guess it is not possible.
The thing is that in the final setup RouterOS should actually use the dedicated DNS server as well for its DNS client. But if I set it up via "/ip dns", that dedicated DNS server will be the upstream server also for requests coming in remotely ... i.e. by that dedicated DNS server... I would have a DNS loop.
Since you’re running “real” DNS server on a dedicated device in your LAN, you may as well use same device to run DHCP server … and set it to update DNS records for DHCP hosts. This way you’ll skip using one mediocre ROS service (DHCP server is not bad but it’s not great either) and one bad ROS service (DNS service hardly qualifies as usable DNS server for anything but most trivial records).
First of all, regarding the idea of DHCP-to-DNS, it may not work that well. For example, I currently have 4 different active DHCP leases with “iPhone” as the host name. Which one should be using the static record “iPhone”? There are many devices that don’t report any name at all. Before I started using MikroTik, I also used DHCP-to-DNS thanks to it being built-in in dnsmasq. When I switched to MT, I even wrote a script to achieve something similar but never actually used it. I realized all devices where I care to have a local DNS record are also statically leased, and there are just a few of them. Set-and-forget type of deal.
In addition to what others suggested, you can point all your clients to ROS DNS and configure ROS with your dedicated DNS server as upstream. Sounds like you wanted to do this anyway.
But I agree with @mkx, if you already have a DNS server (pretty much any DNS server), it will be much better than the one in ROS.
