Community discussions

MUM Europe 2020
 
krak
just joined
Topic Author
Posts: 8
Joined: Tue Nov 25, 2014 9:05 am

Help config mikrotik crs125-24g-1s-2hnd. not resolve dns name

Mon Aug 14, 2017 10:24 pm

Hi.
I have local area network behind cisco asa. On ASA port have IP address 10.10.10.5. For local area I have 10.10.10.0/24. microtik connected to asa in 1st port. All computers are see other and they have full internet. But in winbox I check update router os and get error cound not resolve host name. Iunderstand that not configured dns, but I don't understand how I can config dns for microtik itself. All computers connected to microtic resolve internet adresses very well.

Code: Select all

# aug/14/2017 21:08:09 by RouterOS 6.39.1
# software id = FW0C-0JI4
#
/interface bridge
add admin-mac=64:D1:54:00:B7:37 auto-mac=no comment=defconf fast-forward=no \
name=bridge
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether6 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1
set [ find default-name=ether12 ] master-port=ether1
set [ find default-name=ether13 ] master-port=ether1
set [ find default-name=ether14 ] master-port=ether1
set [ find default-name=ether15 ] master-port=ether1
set [ find default-name=ether16 ] master-port=ether1
set [ find default-name=ether17 ] master-port=ether1
set [ find default-name=ether18 ] master-port=ether1
set [ find default-name=ether19 ] master-port=ether1
set [ find default-name=ether20 ] master-port=ether1
set [ find default-name=ether21 ] master-port=ether1
set [ find default-name=ether22 ] master-port=ether1
set [ find default-name=ether23 ] master-port=ether1
set [ find default-name=ether24 ] master-port=ether1
set [ find default-name=sfp1 ] master-port=ether1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=russia disabled=no distance=indoors frequency=auto mode=ap-bridge \
ssid=wifi wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys wpa-pre-shared-key=MyWiFiSecretPassword! wpa2-pre-shared-key=\
MyWiFiSecretPassword!
/ip pool
add name=dhcp_pool1 ranges=10.10.10.101-10.10.10.240
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1
/interface l2tp-server server
set caller-id-type=ip-address
/ip address
add address=10.10.10.1/24 interface=ether1 network=10.10.10.0
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server lease
add address=10.10.10.78 client-id=1:60:45:cb:86:b6:ce mac-address=\
60:45:CB:86:B6:CE server=defconf
add address=10.10.10.76 client-id=1:1c:b7:2c:ee:f4:af mac-address=\
1C:B7:2C:EE:F4:AF server=defconf
/ip dhcp-server network
add address=10.10.10.0/24 comment=defconf dns-server=\
10.10.10.1,8.8.8.8,8.8.4.4 gateway=10.10.10.5 ntp-server=\
91.226.136.155,91.226.136.142,88.147.254.227
/ip dns
set allow-remote-requests=yes cache-max-ttl=0s query-server-timeout=1ms \
query-total-timeout=1ms servers=8.8.4.4,8.8.8.8
/ip dns static
add address=10.10.10.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" disabled=yes \
in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade"
/ip route
add disabled=yes distance=1 dst-address=10.10.10.0/24 gateway=10.10.10.1
add disabled=yes distance=1 dst-address=10.10.10.1/32 gateway=10.10.10.5
/lcd
set time-interval=hour
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=Europe/Kaliningrad
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
 
sid5632
Member
Member
Posts: 380
Joined: Fri Feb 17, 2017 6:05 pm

Re: Help config mikrotik crs125-24g-1s-2hnd. not resolve dns name

Tue Aug 15, 2017 2:49 am

The IP address should be on the bridge, not ether1.

I'm not sure I understand your "/ip route" statements either. Oh, I just saw they are disabled, but even so...
 
User avatar
sjwrick
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Tue Jul 25, 2006 10:12 pm

Re: Help config mikrotik crs125-24g-1s-2hnd. not resolve dns name

Tue Aug 15, 2017 4:26 am

Yeah I would expect you need a default gateway so

/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.5
 
krak
just joined
Topic Author
Posts: 8
Joined: Tue Nov 25, 2014 9:05 am

Re: Help config mikrotik crs125-24g-1s-2hnd. not resolve dns name

Tue Aug 15, 2017 9:03 am

Hi. Thanks for answer.
I add this line /ip route add dst-address=0.0.0.0/0 gateway=10.10.10.5, but error show again.
 
krak
just joined
Topic Author
Posts: 8
Joined: Tue Nov 25, 2014 9:05 am

Re: Help config mikrotik crs125-24g-1s-2hnd. not resolve dns name

Tue Aug 15, 2017 9:28 am

If I enter in console ping google.com I see this message
invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
while resolving ip-address: could not get answer from dns server
I fount this, but I haven't dhcp client from cisco. http://www.mikrotikwiki.com/2014/10/sol ... dress.html
ping 8.8.8.8 - ok.
all rules in firewall disable, but not happend.
 
User avatar
doneware
Trainer
Trainer
Posts: 541
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Help config mikrotik crs125-24g-1s-2hnd. not resolve dns name

Tue Aug 15, 2017 5:22 pm

i'd say the query timeouts you set are a bit too tough:

set allow-remote-requests=yes cache-max-ttl=0s query-server-timeout=1ms \
query-total-timeout=1ms servers=8.8.4.4,8.8.8.8

just set them back to normal values:

query-total-timeout=10s
query-server-timeout=2s
#TR0359
 
krak
just joined
Topic Author
Posts: 8
Joined: Tue Nov 25, 2014 9:05 am

Re: Help config mikrotik crs125-24g-1s-2hnd. not resolve dns name

Tue Aug 15, 2017 5:25 pm

i'd say the query timeouts you set are a bit too tough:

set allow-remote-requests=yes cache-max-ttl=0s query-server-timeout=1ms \
query-total-timeout=1ms servers=8.8.4.4,8.8.8.8

just set them back to normal values:

query-total-timeout=10s
query-server-timeout=2s
Thank you very well... It's work.

Who is online

Users browsing this forum: No registered users and 13 guests