Hi Team
First, I’m not good for in English. I’m sorry for this.
I have issue with DNS with new IP.
Now I have 1 Microtik CCR-103G and 1 Cisco SG500X.
It’s have VLAN and I’m use Microtik for DHCP Server and use SG500X for gateway.
and in Microtik have IP
10.1.10.1 → vlan 10 → DHCP 10.1.10.2-200 GW 10.1.10.254 and DNS 10.1.10.1
10.1.20.1 → vlan 20 → DHCP 10.1.20.2-200 GW 10.1.20.254 and DNS 10.1.20.1
10.1.30.1 → vlan 30 → DHCP 10.1.20.2-200 GW 10.1.30.254 and DNS 10.1.30.1
Cisco have IP
10.1.10.254 vlan 10
10.1.20.254 vlan 20
10.1.30.254 vlan 30
for this it working fine
but I want to create IP for DNS Server and then I created IP 10.1.10.2 and 10.1.10.3 in Microtik.
I’m try to use client (Connect VLAN 20) ping to 10.1.10.2 and .3 it working fine.
and now I want to change DNS in client(all vlan) to 10.1.10.2 and 10.1.10.3
for this it not working. I’m not sure we have solution for fix this ?
thank you very much.
sorry for my English.
Thank you very much.
Post a full export.
Why using a different IP for DNS? This is not controllable, AFAIK ROS DNS will listen on all IPs.
Thank guys
# jun/15/2017 09:25:17 by RouterOS 6.35.2
# software id = 516J-4212
#
/interface vlan
add disabled=yes interface=ether12 name=VLAN6-MT-L3 vlan-id=6
/interface bonding
add link-monitoring=none name=bonding1 slaves=ether2,ether3,ether4,ether5
/interface vlan
add interface=bonding1 name=VLAN10-Server vlan-id=10
add interface=bonding1 name=VLAN20-NETEmployee vlan-id=20
add interface=bonding1 name=VLAN30-WifiEmployee vlan-id=30
add interface=bonding1 name=VLAN40-WifiGuest vlan-id=40
add interface=bonding1 name=VLAN100-IPPhone vlan-id=100
add interface=bonding1 name=VLAN254-SwitchNetwork vlan-id=254
/ip dhcp-server option
add code=66 name=yealink value="'10.1.10.20/asterisk'"
add code=150 name=tftp1 value="'10.1.10.20/asterisk'"
/ip hotspot
add disabled=no idle-timeout=none interface=VLAN30-WifiEmployee name=\
HotSport-WifiEmployee
/ip pool
add name=Pool_VLAN30 ranges=10.1.30.2-10.1.30.200
add name=Pool_VLAN40 ranges=10.1.40.2-10.1.40.200
add name=Pool_VLAN10 ranges=10.1.10.65-10.1.10.128
add name=Pool_VLAN20 ranges=10.1.20.2-10.1.20.200
add name=Pool_VLAN100 ranges=10.1.100.2-10.1.100.200
add name=Pool_VLAN254 ranges=10.1.254.65-10.1.254.100
/ip dhcp-server
add address-pool=Pool_VLAN30 disabled=no interface=VLAN30-WifiEmployee \
lease-time=3d name=DHCP-WifiEmployee
add address-pool=Pool_VLAN40 disabled=no interface=VLAN40-WifiGuest lease-time=\
2h name=DHCP-WifiGuest
add address-pool=Pool_VLAN10 disabled=no interface=VLAN10-Server lease-time=2w \
name=DHCP-Server
add address-pool=Pool_VLAN20 disabled=no interface=VLAN20-NETEmployee \
lease-time=3d name=DHCP-NETEmployee
add address-pool=Pool_VLAN100 disabled=no interface=VLAN100-IPPhone lease-time=\
3d name=DHCP-IPPhone
add address-pool=Pool_VLAN254 disabled=no interface=VLAN254-SwitchNetwork \
lease-time=3d name=DHCP-SwitchNetwork
/user group
add name=bucadmin policy="local,telnet,ssh,ftp,reboot,read,write,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,!policy" skin=Admin
/interface bridge port
add interface=ether2
add interface=ether3
add interface=ether5
add interface=ether4
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=\
192.168.88.0
add address=10.1.254.10/24 interface=VLAN254-SwitchNetwork network=10.1.254.0
add address=10.1.40.254/24 interface=VLAN40-WifiGuest network=10.1.40.0
add address=10.1.30.254/24 interface=VLAN30-WifiEmployee network=10.1.30.0
add address=10.1.0.1/30 interface=ether12 network=10.1.0.0
add address=10.1.10.1/24 interface=VLAN10-Server network=10.1.10.0
add address=10.1.30.1/24 interface=VLAN30-WifiEmployee network=10.1.30.0
add address=10.1.40.1/24 interface=VLAN40-WifiGuest network=10.1.40.0
add address=10.1.100.1/24 interface=VLAN100-IPPhone network=10.1.100.0
add address=10.1.10.4/24 interface=VLAN10-Server network=10.1.10.0
add address=10.1.20.1/24 interface=VLAN20-NETEmployee network=10.1.20.0
add address=10.1.10.7/24 interface=VLAN10-Server network=10.1.10.0
/ip dhcp-server network
add address=10.1.10.0/24 dns-server=10.1.10.2,10.1.10.3 gateway=10.1.10.254
add address=10.1.20.0/24 dns-server=10.1.10.2,10.1.10.3 gateway=10.1.20.254
add address=10.1.30.0/24 dns-server=10.1.10.2,10.1.10.3 gateway=10.1.30.254
add address=10.1.40.0/24 dns-server=10.1.10.2,10.1.10.3 gateway=10.1.40.254
add address=10.1.100.0/24 dhcp-option=yealink,tftp1 dns-server=\
10.1.10.2,10.1.10.3 gateway=10.1.100.254
add address=10.1.254.0/24 dns-server=10.1.254.6 gateway=10.1.254.5
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=drop chain=forward dst-address=10.1.0.0/16 src-address=10.1.40.0/24
add chain=input connection-state=new protocol=tcp
add chain=input protocol=udp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
/ip hotspot ip-binding
add mac-address=F8:2F:A8:F4:93:9D server=HotSport-WifiEmployee type=bypassed
add mac-address=9C:B2:B2:2B:00:1F server=HotSport-WifiEmployee type=bypassed
add mac-address=E0:06:E6:C6:EF:1A server=HotSport-WifiEmployee type=bypassed
add mac-address=2C:D0:5A:E4:48:A5 server=HotSport-WifiEmployee type=bypassed
/ip hotspot user
add name=admin password=admin
/ip route
add distance=1 gateway=10.1.254.5
/ip route rule
add action=drop dst-address=10.1.10.0/24 src-address=10.1.40.0/24
add action=drop dst-address=10.1.20.0/24 src-address=10.1.40.0/24
add action=drop dst-address=10.1.30.0/24 src-address=10.1.40.0/24
add action=drop dst-address=10.1.254.0/24 src-address=10.1.40.0/24
add action=drop dst-address=10.1.40.1/32 src-address=10.1.40.0/24
add action=drop dst-address=10.1.0.0/16 src-address=10.1.40.0/24
/system clock
set time-zone-name=Asia/Bangkok
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=\
disabled
I’m use this because I’m want to simulate dns server for use in internal network.
You need to assign those IPs on the proper interfaces:
add address=10.1.10.2/24 interface=VLAN10-Server network=10.1.10.0
add address=10.1.10.3/24 interface=VLAN10-Server network=10.1.10.0
Hi Guys
I’m try to add this.
If I live in this VLAN it working fine ( I mean.. I’m try to use client plug to this VLAN 10.1.10.0)
but If I live in other VLAN (Ex 10.1.20.0) it not working.
We have idea for fix this ?
Thank you very much.
Start by pinging from VLAN device to IP corresponding to that VLAN on the router.
post a
/ip route print detail
/ip address print detail
Hi
For ping it working fine. I’m not sure…like we want to permit remote for all (internal) can access ?
> /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=10.1.6.2
gateway-status=10.1.6.2 reachable via VLAN6 distance=1 scope=30
target-scope=10
1 ADC dst-address=10.1.6.0/30 pref-src=10.1.6.1 gateway=VLAN6
gateway-status=VLAN6 reachable distance=0 scope=10
2 ADC dst-address=10.1.10.0/28 pref-src=10.1.10.4 gateway=VLAN10-Server
gateway-status=VLAN10-Server reachable distance=0 scope=10
3 ADC dst-address=10.1.30.0/24 pref-src=10.1.30.254 gateway=VLAN30-WifiEmploye>
gateway-status=VLAN30-WifiEmployee reachable distance=0 scope=10
4 ADC dst-address=10.1.40.0/24 pref-src=10.1.40.254 gateway=VLAN40-WifiGuest
gateway-status=VLAN40-WifiGuest reachable distance=0 scope=10
5 ADC dst-address=10.1.254.0/24 pref-src=10.1.254.10
gateway=VLAN254-SwitchNetwork
gateway-status=VLAN254-SwitchNetwork reachable distance=0 scope=10
6 DC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether1
gateway-status=ether1 unreachable distance=255 scope=10
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf
address=192.168.88.1/24 network=192.168.88.0 interface=ether1 actual-interface=ether1
1 address=10.1.254.10/24 network=10.1.254.0 interface=VLAN254-SwitchNetwork actual-interface=VLAN254-SwitchNetwork
2 address=10.1.40.254/24 network=10.1.40.0 interface=VLAN40-WifiGuest actual-interface=VLAN40-WifiGuest
3 address=10.1.30.254/24 network=10.1.30.0 interface=VLAN30-WifiEmployee actual-interface=VLAN30-WifiEmployee
4 address=10.1.10.4/28 network=10.1.10.0 interface=VLAN10-Server actual-interface=VLAN10-Server
5 XI address=10.1.10.2/24 network=10.1.10.0 interface=VLAN10-Server actual-interface=VLAN10-Server
6 XI address=10.1.10.3/24 network=10.1.10.0 interface=VLAN10-Server actual-interface=VLAN10-Server
7 address=10.1.6.1/30 network=10.1.6.0 interface=VLAN6 actual-interface=VLAN6
You don’t have anuy IP or route in the 10.1.20.x range, where’s that range supposed to be?
In order for the mikrotik to act as a router, it will need either an ip from that 10.1.20.x range, or a route to the router “B” handling it, and a route on that B router so that it knows how to reach A router networks.
Oh sorry.
for you don’t see IP now I’m use by add create server (VM) and use web min for dns server.
but I still want to use Microtik for DNS Server.
and for IP now I’m added to this Microtik.
and for route VLAN 20 live in Cisco SG500x.
I’m can ping to 10.1.10.2 & .3 (at vlan 20 can ping to vlan 10) but I cannot use dns with this IP.
Sorry again..pukkita
Do you mean that
- You have a standalone DNS server on a VM, IP 10.0.10.2
- You set 10.0.10.2 as server on IP > DNS on the routerboard
- Ping from the mikrotik to the DNS server IP (10.0.10.2) works
but if using 10.0.10.1 as DNS no resolution takes place? (i.e., Mikrotik DNS doesn’t seem to communicate with VM DNS?)
If that’s the case, I will double check the DNS service you’re running at the VM allows for DNS requests from 10.0.10.1.
Haha..
Sorry for my word not clear
Now I’m fix by create server (VM) IP 10.1.10.2 and use DNS Server
but I still want to use DNS with that IP (10.1.10.2 & 10.1.10.3)
and when I back to this step(DNS in Microtik) I will shutdown server 10.1.10.2 and test DNS in Microtik.
sorry again.