It receives DNS log messages sent via UDP (using the remote logging feature on RouterOS) and stores them in a local SQLite database.
The dashboard provides web-based charts and stats for top queried domains, query types, blocked queries, and per-client breakdown, updated in real time.
All you need is Docker; no external dependencies or cloud required.
How to use:
Run the dashboard with Docker (the project includes a ready-to-use Docker Compose file).
On your MikroTik, enable logging for the dns topic and set a remote log action pointing to your server and UDP port 5354.
OMG i was literally thinking this morning,
i wish mikrotik had a way of me tracking what DNS records a device/ip was querying!
this is amazing and it works a treat!
i will keep it running a few days and report back any problems!
only issue so far spotted was the docker-compose.yaml in the repo is missing the http port hehe
EDIT1: one feature request, i can see a domain being called over n over, in the top domains tab
but i would like to be able to click the domain and get a list of the IPs that query those domains
not have to go into the Clients tab, click an ip then find out if that device called that domain or not
EDIT2: for some reason in the security tab im seeing loads of blocked domains?
but i dont use the adlist/forwarders or static, so not sure why these are showing as blocked?
EDIT3: docker-compose.yaml again, data folder shows /app/data when it should be /data
EDIT4: you should also set the logging as ( dns, !packet ),
the !packet is important because otherwise you get duplicate entries,
one for UNKNOWN from the packet because it hasnt queried it yet
and one for the actual record with the result
Thank you for your feedback, I’m glad you found the project useful!
I’ve wanted this kind of DNS tracking for MikroTik since I migrated my DNS there, but as a backend developer, I always postponed building a frontend. With some help from AI, I finally managed to create an interface that works for my needs.
I appreciate you pointing out the missing HTTP port and the /app/data path in the docker-compose.yaml—I’ll update those right away.
Your feature request makes total sense: being able to click a domain and view all IPs that queried it is definitely something I want to implement. I’ll add it to the GitHub issues.
Regarding the Security tab showing blocked domains: if you’re not using adlists, forwarders, or statics, these may be false positives or log parsing quirks—I’ll review this logic and see how it can be improved.
Good catch on the logging config—!packet really does avoid duplicate entries. I’ll update the documentation and sample configs to recommend this setup.
Thanks again for the detailed feedback and for testing the dashboard. Let me know if you run into anything else or have more suggestions! If all goes well, I hope this project can become a robust tool for the MikroTik community.
