What's wrong with my DNS settings?

foobar229 · October 29, 2024, 8:17pm

I’ve two problems right now:

Checking for new firmware returns the error: “could not resolve DNS name”
NTP client is always stuck on waiting (I’ve already read the myriad of threads and trying the port 123 NAT trick)

Internet is working.

Which leads me to think something is wrong with my DNS settings. I have no idea what though…

# model = RB5009UPr+S+
/interface bridge
add name=B_LOCAL
/interface ethernet
set [ find default-name=ether1 ] name="ether1[WAN]"
/interface pppoe-client
add add-default-route=yes disabled=no interface="ether1[WAN]" name=pppoe-out1 \
    user=[REDACTED]
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.1.11-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=B_LOCAL lease-time=5m name=dhcp1
/interface bridge port
add bridge=B_LOCAL interface=ether3
add bridge=B_LOCAL interface=ether2
add bridge=B_LOCAL interface=ether4
add bridge=B_LOCAL interface=ether5
add bridge=B_LOCAL interface=ether6
add bridge=B_LOCAL interface=ether7
add bridge=B_LOCAL interface=ether8
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-server lease
add address=192.168.1.115 comment=[REDACTED] mac-address=[REDACTED] \
    server=dhcp1
add address=192.168.1.31 comment=[REDACTED] mac-address=[REDACTED] \
    server=dhcp1
add address=192.168.1.13 comment=[REDACTED] mac-address=[REDACTED] \
    server=dhcp1
add address=192.168.1.126 comment=[REDACTED] mac-address=[REDACTED]
add address=192.168.1.161 comment=[REDACTED] mac-address=[REDACTED]
add address=192.168.1.53 comment=[REDACTED] mac-address=[REDACTED] \
    server=dhcp1
add address=192.168.1.162 client-id=[REDACTED] mac-address=\
    [REDACTED] server=dhcp1
add address=192.168.1.4 client-id=[REDACTED] comment=[REDACTED] mac-address=[REDACTED] server=dhcp1
add address=192.168.1.3 client-id=[REDACTED] comment=[REDACTED] mac-address=[REDACTED] server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.1
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
    new in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat dst-port=123 protocol=udp to-ports=\
    12300-12390
add action=masquerade chain=srcnat comment=masquerade out-interface=\
    pppoe-out1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=192.168.1.0/24
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/[REDACTED]
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org

elbob2002 · October 29, 2024, 8:23pm

Yes something is wrong. You have no DNS resolver configured.

i.e. you have no DNS server in your settings to forward requests to.

/ip dns set servers=8.8.8.8,8.8.4.4

Edit - to clarify your router has no DNS servers configured but your clients do because your DHCP settings assign 8.8.8.8 as the DNS server to use. The above command will configure your ROUTER ONLY to use those Google DNS servers.

anav · October 29, 2024, 8:24pm

In addition to the point above by elbob, either use that approach or the approach by infabo below.

Fix your IP address, mistakenly set to ether2 ( the default ).
/ip address
add address=192.168.1.1/24 interface**=ether2** network=192.168.1.0

Should be:
/ip address
add address=192.168.1.1/24 interface=B_LOCAL network=192.168.1.0

Firewall rules suck for a public facing IP… not safe, remove from internet.
No clue what abomination of a srcnat rule you have setup as first rule ???
add action=masquerade chain=srcnat dst-port=123 protocol=udp to-ports=
12300-12390
Miissiing some NTP settings.
should look like
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes
/system ntp client servers
add address=pool.ntp.org

infabo · October 29, 2024, 8:25pm

on your pppoe-client: set “use-peer-dns=yes” and youre good to go.

foobar229 · October 29, 2024, 8:47pm

Yes something is wrong. You have no DNS resolver configured.

i.e. you have no DNS server in your settings to forward requests to.
/ip dns set servers=8.8.8.8,8.8.4.4
Edit - to clarify your router has no DNS servers configured but your clients do because your DHCP settings assign 8.8.8.8 as the DNS server to use. The above command will configure your ROUTER ONLY to use those Google DNS servers.

That did it, thanks!

Actually spotted this while looking around just minutes ago, thanks!

Can you explain this a bit more in detail, please?

That was an attempt to masquerade port 123 in case my ISP was blocking it (I saw this in some thread here)

Worked, thanks!