Hi,
I have DHCP server configured using static reservations, I need that one specified computer should get IP address but without DNS entry. Is any way to do this?
Even if you could, still a DNS can be manually assigned to the computer.
So why exactly you do not want a DNS on that computer ?
MikroTik RouterOS does not set DNS entries for names assigned via DHCP, unless you have created a DHCP lease script to do so.
Either you modify the script according to your requirement, or there is some other DHCP+DNS server in use (e.g. a Windows domain controller) so the question is out of scope of RouterOS.
I dont think that this is what he talks about…
Inside the DHCP server network there is the DNS field where you specify the DNS server that will be sent to the dhcp client.
So my understanding is that he does not want the DNS to be sent to a specific client, thus leaving him with no DNS…
Ok, when it is that, it is possible to define options for each entry. So he can remove DNS from the main server profile and define it for each static entry except one.
(it can be put in an option set for easier handling)
Yes I have in IP–>DHCp Server–>Networks configured: address, gateway and DNS servers - and every client getting this settings.
But one pc should not get DNS IP - how could I do this?
This PC is blocked for standard user so anybody cannot change IP settings.
As I wrote it: remove those settings from the DNS server setting (set No DNS in the networks setting) and then add a DHCP option for DNS to an option set and assign that option set to all PCs other than that single one.
You will have to lookup the option code and value structure for a DNS option in the relevant RFC.
Does setting an option override the default setting? If it does, then it would be easier to construct option containing invalid (or empty) DNS server IP for particular device…
i would try to do something like this:
- create different DHCP server with no DNS
- create static lease for that pc and asign that DHCP witch does not have DNS to that lease
have not tested this, but in theory it could work
There can only be one DHCP server per L2 domain.
If @zuku tells us why he does not want a specific PC to have DNS we might find a better solution…
As i said earlier even if no DNS is passed to the PC again the user can manually enter a DNS. So?
But I agree: by not giving that PC address of DNS server doesn’t change much, that’s not a security solution.
Or maybe it is: if one wants toblock facebook, that’s virtually impossible using IP-address-based firewall. But I guess facebook doesn’t open if one types in IP address instead of www.facebook.com as URL … (actually it makes redirection to FQDN and without DNS resolver …)
mkx i missed that… but yes it does not change much…
The easiest way to handle this is to give the computer in question a static lease and then create a separate DHCP network for that computer, as shown below:
/ip dhcp-server network
#this will be used by all computers except 192.168.88.229
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
#this will be used by the 192.168.88.229 computer that should get no DNS
add address=192.168.88.229/32 comment=defconf dns-none=yes gateway=192.168.88.1 netmask=24
Yes but how will you define that inside the static lease?
You can only select the DHCP server to use…!
You don’t have to change anything inside the static lease. Simply “make static” and don’t bother changing anything in the lease and add the network under DHCP Server->Networks and it will work.
The matching of DHCP networks is like matching of routes, it will use the most specific network that matches the IP being handed out. In this case I have a network for the whole /24 and a network for the single /32 in the /24 and the computer matching the /32 will use the more specific network.
The only reason to add the static lease is to prevent the computer’s address from changing. You could simply add the dhcp network for that IP with no-dns configured and it will work for that one computer until the IP happens to change. Then suddenly if some other computer got that address it would start getting no-dns instead.
I do know this works fine - I tested it before posting just to make sure that it did what the OP wanted.
The matching of DHCP networks is like matching of routes, it will use the most specific network that matches the IP being handed out
Nice, that makes it totally clear to me…
@mducharme
I just configured using your solution and this is working great! Many thanks.