HI,
i am having this problem.
If I have a host on the 10.0.6.0/24 network I can ping it only by ip from the 10.0.2.0/24 network but not with the hostname.
It's like the dns is not working.
If I add a static entry I can ping it by hostname but only from the mikrotik terminal.
Can you help me?
jun/06/2023 20:04:00 by RouterOS 7.9.2
software id = JUXQ-YBLU
model = RB4011iGS+
serial number = B8F60A437855
/interface bridge
add name=bridge-external-devices
add name=bridge-guests
add name=bridge-native
add name=bridge-pc
add name=bridge-printers
add name=bridge-server
/interface ethernet
set [ find default-name=ether1 ] name=ether1-0046
set [ find default-name=ether2 ] name=ether2-0036
set [ find default-name=ether3 ] name=ether3-0647
set [ find default-name=ether4 ] name=ether4-0044
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no name=
sfpplus1-trunk
/interface vrrp
add disabled=yes interface=sfpplus1-trunk name=VRRP vrid=49
/interface vlan
add interface=sfpplus1-trunk name=external-devices vlan-id=5
add interface=sfpplus1-trunk name=guests vlan-id=4
add interface=sfpplus1-trunk name=pc vlan-id=2
add interface=sfpplus1-trunk name=printers vlan-id=3
add interface=sfpplus1-trunk name=server vlan-id=6
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pc ranges=10.0.2.50-10.0.2.150
add name=printers ranges=10.0.3.50-10.0.3.150
add name=guests ranges=10.0.4.50-10.0.4.150
add name=external-devices ranges=10.0.5.50-10.0.5.150
add name=server ranges=10.0.6.50-10.0.6.150
/ip dhcp-server
add address-pool=printers interface=bridge-printers lease-time=1w name=
printers
add address-pool=pc interface=bridge-pc lease-time=1w name=pc
add address-pool=guests interface=bridge-guests lease-time=1w name=guests
add address-pool=external-devices interface=bridge-external-devices
lease-time=1w name=external-devices
add address-pool=server interface=bridge-server lease-time=1w name=server
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=to_ether1-0046
add fib name=to_ether2-0036
add fib name=to_ether3-0647
add fib name=to_ether4-0044
/interface bridge port
add bridge=bridge-pc ingress-filtering=no interface=pc
add bridge=bridge-external-devices ingress-filtering=no interface=
external-devices
add bridge=bridge-printers ingress-filtering=no interface=printers
add bridge=bridge-guests ingress-filtering=no interface=guests
add bridge=bridge-server ingress-filtering=no interface=server
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.0.0.1/27 interface=sfpplus1-trunk network=10.0.0.0
add address=192.168.0.2/24 interface=ether1-0046 network=192.168.0.0
add address=192.168.1.2/24 interface=ether2-0036 network=192.168.1.0
add address=192.168.2.2/24 interface=ether3-0647 network=192.168.2.0
add address=192.168.3.2/24 interface=ether4-0044 network=192.168.3.0
add address=10.0.2.1/24 interface=pc network=10.0.2.0
add address=10.0.3.1/27 interface=printers network=10.0.3.0
add address=10.0.4.1/24 interface=guests network=10.0.4.0
add address=10.0.5.1/24 interface=external-devices network=10.0.5.0
add address=10.0.6.1/24 interface=server network=10.0.6.0
add address=10.0.7.1 interface=VRRP network=10.0.7.1
/ip dhcp-server
add address-pool=*6 interface=sfpplus1-trunk lease-time=1d name=test
/ip dhcp-server network
add address=10.0.2.0/24 dns-server=10.0.2.1 gateway=10.0.2.1 ntp-server=
193.204.114.232
add address=10.0.3.0/24 dns-server=10.0.3.1 domain=printers gateway=10.0.3.1
ntp-server=193.204.114.232
add address=10.0.4.0/24 dns-server=10.0.4.1 domain=guests gateway=10.0.4.1
ntp-server=193.204.114.232
add address=10.0.5.0/24 dns-server=10.0.5.1 domain=external-devices gateway=
10.0.5.1 ntp-server=193.204.114.232
add address=10.0.6.0/24 dns-server=10.0.6.1 gateway=10.0.6.1 ntp-server=
193.204.114.232
/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=512
servers=8.8.8.8,1.1.1.1
/ip firewall address-list
add address=0.0.0.1-255.255.255.255 comment="Allowed Users" list=
allowed_users
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=
not_in_internet
add address=10.0.0.0/24 comment=Local list=Local
add address=10.0.2.0/24 list=Local
add address=10.0.3.0/24 list=Local
add address=10.0.4.0/24 list=Local
add address=10.0.5.0/24 list=Local
add address=10.0.6.0/24 list=Local
add address=192.168.0.0/24 list=Local
add address=192.168.1.0/24 list=Local
add address=192.168.2.0/24 list=Local
add address=192.168.3.0/24 list=Local
add address=10.0.7.1 list=Local
/ip firewall filter
add action=drop chain=input disabled=yes dst-address=10.0.4.0/24 src-address=
10.0.2.0/24
add action=drop chain=input disabled=yes dst-address=10.0.2.0/24 src-address=
10.0.4.0/24
add action=fasttrack-connection chain=forward comment=FastTrack
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Established, Related"
connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
log=yes log-prefix=invalid
add action=drop chain=forward comment=
"Drop tries to reach not public addresses from LAN" dst-address-list=
not_in_internet in-interface=all-vlan log=yes log-prefix=
"!public_from_LAN out-interface=!bridge"
add action=drop chain=forward comment=
"Drop incoming packets that are not Nated" connection-nat-state=!dstnat
connection-state=new in-interface=ether1-0046 log=yes log-prefix=
"!NAT" prefix"
add action=drop chain=forward connection-nat-state=!dstnat connection-state=
new in-interface=ether2-0036 log=yes log-prefix="!NAT" prefix"
add action=drop chain=forward connection-nat-state=!dstnat connection-state=
new in-interface=ether3-0647 log=yes log-prefix="!NAT" prefix"
add action=drop chain=forward connection-nat-state=!dstnat connection-state=
new in-interface=ether4-0044 log=yes log-prefix="!NAT" prefix"
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp
protocol=icmp
add action=drop chain=forward comment=
"Drop incoming from internet which is not public IP" in-interface=
ether1-0046 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward in-interface=ether2-0036 log=yes log-prefix=
!public src-address-list=not_in_internet
add action=drop chain=forward in-interface=ether3-0647 log=yes log-prefix=
!public src-address-list=not_in_internet
add action=drop chain=forward in-interface=ether4-0044 log=yes log-prefix=
!public src-address-list=not_in_internet
add action=drop chain=forward comment=
"Drop packets from LAN that do not have LAN IP" in-interface=all-vlan
log=yes log-prefix=LAN_!LAN src-address-list=Local
add action=drop chain=forward in-interface=ether1-0046 log=yes log-prefix=
LAN_!LAN src-address-list=Local
add action=drop chain=forward in-interface=ether2-0036 log=yes log-prefix=
LAN_!LAN src-address-list=Local
add action=drop chain=forward in-interface=ether3-0647 log=yes log-prefix=
LAN_!LAN src-address-list=Local
add action=drop chain=forward in-interface=ether4-0044 log=yes log-prefix=
LAN_!LAN src-address-list=Local
/ip firewall mangle
add action=accept chain=prerouting in-interface=ether1-0046
add action=accept chain=prerouting in-interface=ether2-0036
add action=accept chain=prerouting in-interface=ether3-0647
add action=accept chain=prerouting in-interface=ether4-0044
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=all-vlan new-connection-mark=ether1-0046_conn passthrough=
yes per-connection-classifier=both-addresses-and-ports:4/1
src-address-list=allowed_users
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=all-vlan new-connection-mark=ether2-0036_conn passthrough=
yes per-connection-classifier=both-addresses-and-ports:4/2
src-address-list=allowed_users
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=all-vlan new-connection-mark=ether3-0647_conn passthrough=
yes per-connection-classifier=both-addresses-and-ports:4/3
src-address-list=allowed_users
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=all-vlan new-connection-mark=ether4-0044_conn passthrough=
yes per-connection-classifier=both-addresses-and-ports:4/4
src-address-list=allowed_users
add action=mark-routing chain=prerouting connection-mark=ether1-0046_conn
in-interface=all-vlan new-routing-mark=to_ether1-0046 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether2-0036_conn
in-interface=all-vlan new-routing-mark=to_ether2-0036 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether3-0647_conn
in-interface=all-vlan new-routing-mark=to_ether3-0647 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether4-0044_conn
in-interface=all-vlan new-routing-mark=to_ether4-0044 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-0046
src-address-list=allowed_users
add action=masquerade chain=srcnat out-interface=ether2-0036
src-address-list=allowed_users
add action=masquerade chain=srcnat out-interface=ether3-0647
src-address-list=allowed_users
add action=masquerade chain=srcnat out-interface=ether4-0044
src-address-list=allowed_users
/ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1
routing-table=to_ether1-0046
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1
routing-table=to_ether2-0036
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.2.1
routing-table=to_ether3-0647
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.3.1
routing-table=to_ether4-0044
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.2.1
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.3.1
/snmp
set enabled=yes trap-generators=temp-exception,interfaces,start-trap
trap-interfaces=all
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=Router1
/system logging
add topics=firewall
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=193.204.114.232
add address=193.204.114.233
/system resource irq rps
set sfpplus1-trunk disabled=no