However I cant make this to work in 7.15.1 stable nor 7.15.2 stable (or 7.16beta2).
I can verify that the VRF is properly setup along with the routing tables because I can reach the ether1 interface both locally (on the same external switch as ether1 is connected to) as well as being routed through what this VRF is using as its default gateway.
Also outgoing ping and traceroute from the Mikrotik device (CRS326) towards 1.1.1.1 works.
But when I do a DNS-lookup locally I get an error:
/put [:resolve ntp.se]
failure: dns server failure
Same with going to System->Packages in webfig I get:
ERROR: could not resolve dns name (timeout)
The /ip/dns config is pretty straight forward:
/ip dns
set servers=1.1.1.1 vrf=VRF-MGMT
So what am I missing here, have someone in here managed to get the VRF-support for /ip/dns to be working?
The broken VRF-support för /ip/dns have been confirmed for both CRS326-24S+2Q+ and CRS112-8G-4S using both RouterOS 7.15.2 stable and 7.16beta4 testing.
Anyone in here who managed to get it working on these or some other Mikrotik model?
Interesting - I have a VRF in which I have an interface getting a DHCP address and the DNS, however the DNS is still placed in the main VRF. Probably another bug.
exact same problem here on 2 CCR2004-16G-2S+ on latest stable ROSv7.15.3
as soon as DNS is put in a VRF other than “main” resolving gets broken and stops to work, despite VRF routing table is set properly and a “ping vrf=vrfXYZ IP.of.DNS.Srv” is working and shows reachability
created a support ticket SUP-160816
So then we can hopefully rule out that this would be some kind of misconfiguration on my side.
Question is how the quality assurance works over at Mikrotik or how their config to validate this feature looks like?
I have also filed a support ticket SUP-156966 on 24th of june which gives that it have now passed 1 month and 1 week without any reply from Mikrotik on this issue
Im suffering the same issue on CRS310-8G+2S+ router os 7.15.3
I have my ip address in a vrf on a specific management vlan. default route points in that vrf also but when i set dns that i can ping in the vrf from the device and set them in the vrf, i cant resolve anything
I have opened a ticket with the support and they acknowledged the problem…
Currently VRF is supported for incoming DNS requests (if your router is the DNS server and it gets requests on VRF interfaces).
VRF for outgoing requests is not supported yet (your router connects to DNS server from VRF interface), it is in “To do” list.
Unfortunately we cannot give a clear ETA when this feature will be implemented. You will however receive an automated message when this will be fixed.
Soo… just barging in..
Can someone please explain below (how it works if possible):
*) dns - added VRF support (CLI only);
(taken from some change-logs of a recent ROS version)
Responding to my own post, it seems that this is no longer CLI only, I think newer Winbox versions matches this option in DNS, ability to select VRF.
Someone please correct me, maybe there is more to it. I would very much like DNS to work on any VRF, not only main or whatever I (single only) select in DNS section.
DNS is not yet fully VRF aware as i was told by MT support last year (unfortunately i cannot look back into the SUP ticket as of no tickets are shown to me in my account weirdly)
VRF setting here is more to be understand like to tell the DNS service on which VRF it will LISTEN for DNS REQs rather than making upstream requests in that VRF (which is not working up until this day)
