Hi all,
I have a Mikrotik 751G-2HnD router. I am currently using opendns for additional security. However, I want to do add blocking therefore want to put the DNS servers of adguard. I want the DNS look up to happen such that the adguard servers are used first. If they fail, the router should refer to opendns. Is there a way I can do this?
I prefer not to delete the opendns server addresses because I have a synchronization script running which took me sometime and effort to setup so I want to keep as much of my settings intact as possible.

Pranav

Just put adguard DNS servers first in list, then opendns second in list.

Clients will use the first one, if no response will then use 2nd one

Not really, it doesn't work this way. All resolvers in system are supposed to be equal. I guess the first one will be used initially, but system is free to switch to another any time it wants, and it will, sooner or later.

I don't know adguard but did you have a look at PiHole?

I made myself an ad blocker by using DNSmasq and since a short while I put an other caching DNS in the chain with the name unbound which handle correctly the DNSSEC.

I really love the workings of unbound.

OK, let me rephrase, that is how it worked in Win NT4 days

Last century doesn't count. But more seriously, I tried to find where it's clearly documented and I don't seem to be very lucky today.

Windows (probably at least since XP) should prefer first resolver, but will switch to another immediately when first timeout (one second) occurs, and won't switch back to first resolver automatically, until another timeout with the new one. Quick test with Windows 7 confirms that making current resolver unavailable forces use of another one. But I also saw another switch to third resolver without previous timeout, so there's probably more to that. Windows 10 is said to be even more wild and send queries in parallel to multiple resolvers, but it may be only with multiple interfaces, I don't see it when system has only one.

I didn't find anything good about Linux.

MikroTik has only this to say about RouterOS in manual:

When both static and dynamic servers are set, static server entries are more preferred, however it does not indicate that static server will always be used (for example, previously query was received from dynamic server, but static was added later, then dynamic entry will be preferred).

But it doesn't go in detail about multiple static or multiple dynamic resolvers. I think someone from MikroTik wrote some details here in forum, but I can't find it.

In practice, it's best to not mix different kind of resolvers, because switches to other than first one will definitely happen, at least sometimes. In OP's case, it's not that bad (well, it is, but not completely tragic), if the resolution order doesn't work as expected, then worst case, other resolver will return valid IP address and ads won't be blocked. It's worse when people want the "primary" resolver to answer queries for some internal domain, because switch to public resolver means negative answer and unavailability of hostname for a while, thanks to negative caching.

Hi all,
Many thanks for your response. The Mikrotik documentation is indeed silent on the order of DMS. I have put the addguard servers first.
msatter, can you tell me more about dnsmasq? I had read about piHole and have a spare pi with me. How did you configure it? The router is advertising the DNS to clients inside my network. I am guessing I can change the static DNS server to the address of the pi. Do I need to do anything after that?

In the Mikrotik you put the DNS address of the PiHole (only one) and that will take care of your DNS. Don't "Allow Remote Request".

To install PiHole on your your first setup up your Raspberry with the standard Linux from their site and then go to the PiHole site to copy, past and execute the link:

https://pi-hole.net/#content found there in the middle of your screen. If you scroll even more down you will see the screen where you can put your DNS provider like OpenDNS. You can combine all kind of filter lists in PiHole. You don't need DHCP because the Mikrotik already got that.

Thanks msatter. These are exactly the instructions I needed.