Community discussions

MikroTik App
 
haj3s29a
newbie
Topic Author
Posts: 30
Joined: Sun Jul 05, 2020 5:02 pm

local DNS blocked by firewall (bug?)

Tue Aug 04, 2020 9:33 pm

Chateau C12 LTE, ROS v7.1beta1

I have setup local DNS cache. There is some weird issues with the default rule defconf: drop all not coming from LAN

I see in firewall log

Aug/04/2020 19:56:01 firewall,info DROP !LAN:  input: in:(unknown 1) out:(unknown 0), proto UDP, 192.168.88.1:43119->192.168.88.1:53, len 73

2020-08-04_supout.rif.zip
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: local DNS blocked by firewall (bug?)

Tue Aug 04, 2020 9:53 pm

You set router's own address as dns resolver:
/ip dns
set allow-remote-requests=yes servers=192.168.88.1
Don't to that and the problem should go away.
 
haj3s29a
newbie
Topic Author
Posts: 30
Joined: Sun Jul 05, 2020 5:02 pm

Re: local DNS blocked by firewall (bug?)

Tue Aug 04, 2020 10:13 pm

already configured this way
Last edited by haj3s29a on Wed Aug 05, 2020 12:44 am, edited 1 time in total.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: local DNS blocked by firewall (bug?)

Tue Aug 04, 2020 11:24 pm

Your router should not be set to use itself as a DNS server. Under IP->DNS, verify that the only DNS server IPs entered are remote ones and not the router itself.
 
haj3s29a
newbie
Topic Author
Posts: 30
Joined: Sun Jul 05, 2020 5:02 pm

Re: local DNS blocked by firewall (bug?)

Tue Aug 04, 2020 11:32 pm

Your router should not be set to use itself as a DNS server. Under IP->DNS, verify that the only DNS server IPs entered are remote ones and not the router itself.
thanks for reply. I have followed your manual.

Isn't it incorrectly written or did I misunderstand, please?
Example: To set 159.148.60.2 as the primary DNS server and allow the router to be used as a DNS server, do the following:
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: local DNS blocked by firewall (bug?)

Wed Aug 05, 2020 12:25 am

What I posted is from your config and it's what's wrong, you shouldn't set any server if you don't have it. Just let it use dynamic servers that can be seen in your supout.

Edit: Of course if you want, you can set some static public ones like 8.8.8.8.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: local DNS blocked by firewall (bug?)

Wed Aug 05, 2020 3:46 am

Isn't it incorrectly written or did I misunderstand, please?
Example: To set 159.148.60.2 as the primary DNS server and allow the router to be used as a DNS server, do the following:
You misunderstood. In the example, "159.148.60.2" would be the DNS server you want to use (ex. that of your ISP) and not the router itself. The "allow-remote-requests=yes" is what allows the router to be used as a DNS server.

Who is online

Users browsing this forum: No registered users and 19 guests