Static DNS in VLAN

fadelliz78 · April 16, 2024, 4:10am

I have Mikrotik CCR and a few Unifi U6-Pro AP with 4 VLAN in the configuration.

VLAN 10 for office network
VLAN 20 for Wi-Fi network
VLAN 30 for guest
VLAN 40 for device

and the problem is, I have static DNS in Mikrotik with VLAN 10 network but when user connect with Wi-Fi network(VLAN20) they cannot access via DNS name, but when using IP it connected. and I already set up DNS server for VLAN 20 network which is VLAN 10 network. is there additional settings need for resolve DNS in VLAN ?

Router
/interface list member
add interface=VLAN100 list=VLAN-Network
add interface=VLAN110 list=VLAN-Network
add interface=VLAN99 list=VLAN-Network
add interface=VLAN80 list=VLAN-Network

/ip address
add address=192.168.100.1/23 interface=VLAN100 network=192.168.100.0
add address=192.168.110.1/24 interface=VLAN110 network=192.168.110.0
add address=192.168.80.1/24 interface=VLAN80 network=192.168.80.0
add address=192.168.99.1/24 comment="Device WiFi Address" interface=VLAN99 \
    network=192.168.99.0

/ip dhcp-server network
add address=192.168.80.0/24 dns-server=8.8.8.8 gateway=192.168.80.1
add address=192.168.99.0/24 dns-server=192.168.100.1 gateway=192.168.99.1
add address=192.168.100.0/23 dns-server=192.168.100.1 gateway=192.168.100.1
add address=192.168.110.0/24 dns-server=192.168.100.1 gateway=192.168.110.1

/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=\
    8.8.8.8,1.1.1.1,192.168.100.1

Switch
/interface bridge
add admin-mac=78:9A:18:E1:0D:68 auto-mac=no name="Bridge to Router" \
    port-cost-mode=short vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=qsfpplus1-1 ] disabled=yes
set [ find default-name=qsfpplus1-2 ] disabled=yes
set [ find default-name=qsfpplus1-3 ] disabled=yes
set [ find default-name=qsfpplus1-4 ] disabled=yes
set [ find default-name=qsfpplus2-1 ] disabled=yes
set [ find default-name=qsfpplus2-2 ] disabled=yes
set [ find default-name=qsfpplus2-3 ] disabled=yes
set [ find default-name=qsfpplus2-4 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] comment=BondingToSwitchCore
set [ find default-name=sfp-sfpplus3 ] comment=BondingToSwitchLAN
set [ find default-name=sfp-sfpplus5 ] comment=BondingToSwitchAP
set [ find default-name=sfp-sfpplus7 ] comment=BondingToSwitchServer
set [ find default-name=sfp-sfpplus9 ] disabled=yes
set [ find default-name=sfp-sfpplus10 ] disabled=yes
set [ find default-name=sfp-sfpplus11 ] disabled=yes
set [ find default-name=sfp-sfpplus12 ] disabled=yes
set [ find default-name=sfp-sfpplus13 ] disabled=yes
set [ find default-name=sfp-sfpplus14 ] disabled=yes
set [ find default-name=sfp-sfpplus15 ] disabled=yes
set [ find default-name=sfp-sfpplus16 ] disabled=yes
set [ find default-name=sfp-sfpplus17 ] disabled=yes
set [ find default-name=sfp-sfpplus18 ] disabled=yes
set [ find default-name=sfp-sfpplus19 ] disabled=yes
set [ find default-name=sfp-sfpplus20 ] disabled=yes
set [ find default-name=sfp-sfpplus21 ] disabled=yes
set [ find default-name=sfp-sfpplus22 ] disabled=yes
set [ find default-name=sfp-sfpplus23 ] disabled=yes
set [ find default-name=sfp-sfpplus24 ] disabled=yes
/interface bonding
add mode=802.3ad name=BondingToRouter slaves=sfp-sfpplus1,sfp-sfpplus2 \
    transmit-hash-policy=layer-2-and-3
add mode=802.3ad name=BondingToSwitchAP slaves=sfp-sfpplus5,sfp-sfpplus6 \
    transmit-hash-policy=layer-2-and-3
add mode=802.3ad name=BondingToSwitchLAN slaves=sfp-sfpplus3,sfp-sfpplus4 \
    transmit-hash-policy=layer-2-and-3
add mode=802.3ad name=BondingToSwitchServer slaves=sfp-sfpplus7,sfp-sfpplus8 \
    transmit-hash-policy=layer-2-and-3
/interface vlan
add interface=BondingToRouter name=VLAN99 vlan-id=99

/interface bridge port
add bridge="Bridge to Router" ingress-filtering=no interface=BondingToRouter \
    internal-path-cost=10 path-cost=10
add bridge="Bridge to Router" ingress-filtering=no interface=\
    BondingToSwitchLAN internal-path-cost=10 path-cost=10
add bridge="Bridge to Router" interface=BondingToSwitchAP internal-path-cost=\
    10 path-cost=10 pvid=99
add bridge="Bridge to Router" interface=BondingToSwitchServer \
    internal-path-cost=10 path-cost=10

/interface bridge vlan
add bridge="Bridge to Router" tagged="BondingToRouter,BondingToSwitchLAN,Bridg\
    e to Router,BondingToSwitchServer" untagged=BondingToSwitchAP vlan-ids=99
add bridge="Bridge to Router" tagged="BondingToRouter,BondingToSwitchLAN,Bondi\
    ngToSwitchServer,BondingToSwitchAP" vlan-ids=100
add bridge="Bridge to Router" tagged=\
    BondingToRouter,BondingToSwitchAP,BondingToSwitchLAN vlan-ids=110
add bridge="Bridge to Router" tagged=\
    BondingToRouter,BondingToSwitchAP,BondingToSwitchLAN vlan-ids=70
add bridge="Bridge to Router" tagged=BondingToRouter,BondingToSwitchServer \
    vlan-ids=50
add bridge="Bridge to Router" tagged=\
    BondingToRouter,BondingToSwitchAP,BondingToSwitchLAN vlan-ids=80

config.txt (4.39 KB)

holvoetn · April 16, 2024, 4:57am

VLAN is no different from a normal subnet.
Config for that VLAN needs to provide proper DNS services and you need to make sure it is reachable from within that VLAN.

Most likely not all required firewall rules are in place to allow other VLANs to reach that internal DNS server.
You can also set DNS service for those other VLANs to external services like Google or OpenDNS (neglecting the missing firewall rules) but I guess that’s not the intention ?

But without seeing your config, nobody can tell for sure.

fadelliz78 · April 19, 2024, 4:21am

Sorry I’m forgot to put config in attachment