RouterOS 7.13 DNS issue

dmitriikuvshinov · December 20, 2023, 9:14am

Another trouble with DNS on mikrotik

/ip dns static
add cname=foo.example.com name=bar.example.com ttl=1w type=CNAME

Try to check it:

dig foo.example.com @192.168.1.1

; <<>> DiG 9.10.6 <<>> foo.example.com @192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35991
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;foo.example.com. IN A

;; Query time: 54 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Dec 20 10:11:58 CET 2023
;; MSG SIZE rcvd: 33

where - 192.168.1.1 is a mikrotik IP

It’s not working on 7.11.2 too

vingjfg · December 20, 2023, 9:54am

You need a A record for the CNAME.

On Mikrotik:

/ip/dns/static/add name=bar.example.com type=CNAME ttl=1w cname=foo.example.com

Resolution:

$ dig @192.168.2.1 bar.example.com

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.2.1 bar.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64821
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bar.example.com.		IN	A

;; Query time: 116 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Wed Dec 20 10:49:14 CET 2023
;; MSG SIZE  rcvd: 33

$ dig @192.168.2.1 foo.example.com

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.2.1 foo.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62207
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;foo.example.com.		IN	A

;; Query time: 8 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Wed Dec 20 10:49:20 CET 2023
;; MSG SIZE  rcvd: 33

On Mikrotik:

/ip/dns/static/add name=foo.example.com type=A address=192.168.99.1

Resolution:

$ dig @192.168.2.1 bar.example.com

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.2.1 bar.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57415
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bar.example.com.		IN	A

;; ANSWER SECTION:
bar.example.com.	604800	IN	CNAME	foo.example.com.
foo.example.com.	86400	IN	A	192.168.99.1

;; Query time: 4 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Wed Dec 20 10:49:53 CET 2023
;; MSG SIZE  rcvd: 67

$ dig @192.168.2.1 foo.example.com

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.2.1 foo.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24909
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;foo.example.com.		IN	A

;; ANSWER SECTION:
foo.example.com.	86400	IN	A	192.168.99.1

;; Query time: 4 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Wed Dec 20 10:49:57 CET 2023
;; MSG SIZE  rcvd: 49

dmitriikuvshinov · December 20, 2023, 10:32am

wow
i need to set A record for cname?
BUT
ROS 6.48.6:
On mikrotik

/ip dns static
add address=192.168.1.1 name=gw.example.com ttl=1w
add address=192.168.1.2 name=core.example.com ttl=1w
add cname=core.example.com name=networkcore.example.com ttl=1w type=CNAME

Check

dig @192.168.1.1 networkcore.example.com
; <<>> DiG 9.10.6 <<>> @192.168.1.1 networkcore.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33002
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;networkcore.example.com.  IN      A

;; ANSWER SECTION:
networkcore.example.com. 604800 IN CNAME   core.example.com.
core.example.com. 604800 IN   A       192.168.1.2

;; Query time: 21 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Dec 20 11:28:20 CET 2023
;; MSG SIZE  rcvd: 81

ROS 7.13:
On mikrotik

/ip dns static
add address=192.168.2.1 name=gw.example.com ttl=1w
add address=192.168.2.2 name=core.example.com ttl=1w
add cname=core.example.com name=networkcore.example.com ttl=1w type=CNAME

Check

dig @192.168.2.1 networkcore.example.com
; <<>> DiG 9.10.6 <<>> @192.168.2.1 networkcore.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9248
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;networkcore.example.com.  IN      A

;; Query time: 5002 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Wed Dec 20 11:31:25 CET 2023
;; MSG SIZE  rcvd: 46

vingjfg · December 20, 2023, 10:35am

Could you check the last example? It seems you interrogated 192.168.2.1 instead of 192.168.1.1.

vingjfg · December 20, 2023, 10:42am

For the the A record for the CNAME, the canonical entry needs to be resolvable:

Resolvable canonical name:

/ip/dns/static/add name=bar.example.com type=CNAME ttl=1w cname=www.google.com

 $ dig @192.168.2.1 bar.example.com

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.2.1 bar.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55477
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bar.example.com.		IN	A

;; ANSWER SECTION:
bar.example.com.	604800	IN	CNAME	www.google.com.
www.google.com.		68	IN	A	142.250.74.36

;; Query time: 12 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Wed Dec 20 11:40:00 CET 2023
;; MSG SIZE  rcvd: 77

Unresolvable canonical name:

/ip/dns/static/add name=bar.example.com type=CNAME ttl=1w cname=www.notavaliddomainnameiknowof.com

 $ dig @192.168.2.1 bar.example.com

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.2.1 bar.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36053
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bar.example.com.		IN	A

;; Query time: 80 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Wed Dec 20 11:41:18 CET 2023
;; MSG SIZE  rcvd: 33

dmitriikuvshinov · December 20, 2023, 10:43am

192.168.2.1 - it’s mikrotik with ROS7
192.168.1.1 - it’s mikrotik with ROS6

Your code is working

add cname=foo.example.com name=bar.example.com ttl=1w type=CNAME
add address=192.168.99.1 name=foo.example.com

But i can’t understand two things:

Why i need to make A record for alias
Why the same code working on ROS6 and not working on ROS7

vingjfg · December 20, 2023, 11:53am

The A record is for the canonical name. Actually, the only requirement is that the last CNAME be resolvable. For example, this is contrived but valid:

/ip dns static
add cname=foo.example.com name=bar.example.com ttl=1w type=CNAME
add cname=stuff.example.com name=foo.example.com ttl=1w type=CNAME
add cname=www.google.com name=stuff.example.com ttl=1w type=CNAME

The resolution gives:

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.2.1 bar.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25429
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bar.example.com.		IN	A

;; ANSWER SECTION:
bar.example.com.	604800	IN	CNAME	foo.example.com.
foo.example.com.	604800	IN	CNAME	stuff.example.com.
stuff.example.com.	604800	IN	CNAME	www.google.com.
www.google.com.		30	IN	A	142.250.74.68

;; Query time: 8 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Wed Dec 20 12:51:32 CET 2023
;; MSG SIZE  rcvd: 123

Now why the difference between ROS6 and ROS7? No idea, I no longer have a ROS6 around to play with.

dmitriikuvshinov · January 10, 2024, 7:34am

So
In ROS 7.13.1 they fix normally resolve. Like in ROS6