Router OS - VLAN - DNS traffic

ejuser · September 1, 2021, 12:54am

Hello I am new to RouterOS but familiar with VLANs in OpenWRT/EdgeOS.

I have created 2 vlans in mikrotik RB4011 eth10 port. When I populate the DNS server as public - I could get the DNS working on VLAN clients. But when I leave it blank(for DNS) - it uses the WAN DNS servers as DNS servers.

In OpenWRT/EdgeOS :
VLAN 10 - 192.168.10.0/24 - Gateway -192.168.10.1 - DNS 192.168.10.1
VLAN 20 - 192.168.20.0/24 - Gateway -192.168.20.1 - DNS 192.168.20.1

In OpenWRT - Allow tcp/udp traffic from VLAN to LAN on port 53 and this would make the dns queries work from vlan clients.

In Mikrotik:

If I specificy the DNS server as public dns server like 8.8.8.8 - DNS queries work fine.
If I leave the DNS server as blank - it uses the DNS servers of the WAN interface.
My preference is to use 192.168.10.1 (in turn the same router - which uses the nextdns as name resolution and I can’t get this nextdns working on vlan clients with the above restriction). Assuming there seems to be a missing firewall rule for DNS look ups from VLAN → router.

Could you please help on what is the correct way to go about this?

Thanks

ejuser · September 1, 2021, 5:49am

I could solve this problem by these rules.

[admin@RB4011] > /ip firewall filter add place-before=5 chain=input action=accept protocol=udp in-interface=all-vlan dst-port=53 log=no log-prefix=“”
[admin@RB4011] > /ip firewall filter add place-before=5 chain=input action=accept protocol=tcp in-interface=all-vlan dst-port=53 log=no log-prefix=“”
[admin@RB4011] >

reference links:
http://forum.mikrotik.com/t/how-do-i-allow-dns-traffic-from-one-vlan-to-another/131382/1
http://forum.mikrotik.com/t/dns-remote-requests-on-vlan-interfaces/93278/1
http://forum.mikrotik.com/t/adding-firewall-filter-priorities-in-cli/61745/1

However unable to use winbox when connected through VLAN - even after opening the port - 8291/tcp. Not sure if there is any other port needed for this.

Thanks