[Script] Fallback script for DNS traffic redirection using DHCP Server without NAT rules..

shafiqrahman · May 9, 2021, 6:09pm

This script will act as a fallback mechanism in the scenario where redirected DNS fails. The original idea was

Client → Mikrotik–>pihole–>Mikrotik as a DNS–> wan

You can find the full development in the original post http://forum.mikrotik.com/t/mikrotik-pihole-unbound/148772/4

I had difficulties using NAT redirection rules, So, use the /ip dhcp-server network method by @vecernik87 http://forum.mikrotik.com/t/alternate-dns-for-specific-ip-on-lan-is-it-possible/125145/1 Also, because there is no NAT rules so most probably this method will not redirect some apps which have hardcoded DNS. DHCP Server network setup:

/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.5 gateway=192.168.88.1
add address=192.168.88.5/32 dns-server=192.168.88.1 gateway=192.168.88.1

There is only a single issue that is “dhcp changed by” entries in logs. There are two variants, though they are both the same and do the same things.
Script 1

:local gateway "192.168.88.1"
:local currentDNS [/ip dhcp-server network get [find comment=defconf] dns-server]
:local piholeDNS "192.168.88.5"
:local backupDNS ""
:local testDomain "www.google.com"

:if ($currentDNS = $piholeDNS) do={
    :do {
        :resolve $testDomain server $piholeDNS
    } on-error={
        /ip dhcp-server network set 0 address=192.168.88.0/24 dns-server=$backupDNS comment=defconf gateway=$gateway netmask=24;
    }
} else={
    :do {
        :resolve $testDomain server $piholeDNS
        /ip dhcp-server network set 0 address=192.168.88.0/24 dns-server=$piholeDNS comment=defconf gateway=$gateway netmask=24;
    } on-error={}
}

Script 2

:local gateway "192.168.88.1"
:local currentDNS [/ip dhcp-server network get [find comment=defconf] dns-server]
:local piholeDNS "192.168.88.5"
:local backupDNS ""
:local testDomain "www.google.com"

:if ($currentDNS = $piholeDNS) do={
    :do {
        :resolve $testDomain server $piholeDNS
    } on-error={
        /ip dhcp-server network set [find comment=defconf] dns-server=$backupDNS;
    }
} else={
    :do {
        :resolve $testDomain server $piholeDNS
        /ip dhcp-server network set [find comment=defconf] dns-server=$piholeDNS;
    } on-error={}
}

shafiqrahman · May 15, 2021, 2:44pm

These scripts were elegantly enhanced by @2frogs http://forum.mikrotik.com/t/mikrotik-pihole-unbound/148772/17 So, all credits for this script go to @2frogs. Here is the final code for reference if someone needs it:

:local IPsubnet "192.168.88.0/24"
:local currentDNS
:local piholeDNS "192.168.88.5"
:local alternateDNS "192.168.88.1"
:local testDomain "www.google.com"

:set $currentDNS [/ip dhcp-server network get [find address=$IPsubnet] dns-server]

:if ($currentDNS=$piholeDNS) do={
    :do {
        :resolve $testDomain server=$piholeDNS
            } on-error={
                /ip dhcp-server network set [find address=$IPsubnet] dns-server=$alternateDNS
                }
} else={
    :do {
        :resolve $testDomain server=$piholeDNS
        /ip dhcp-server network set [find address=$IPsubnet] dns-server=$piholeDNS
            } on-error={
            }
}