Community discussions

 
uts
just joined
Topic Author
Posts: 12
Joined: Mon Jul 30, 2018 10:40 am

DNS issue

Wed Aug 29, 2018 7:14 am

New Setup has dns issue.
issue:
cannot ping on lan but can ping out to google
cannot rdp by name on lan but can rdp by ip address
cannot map network drive by name but can map by ip address

setting:
new router/
keep default config / i
input firewall rules: allow all from Lan and deny from wan
forward firewall rules: allow all from Lan and deny from wan.

Tried basic troubleshooting following google but no luck.
 
erlinden
Member Candidate
Member Candidate
Posts: 173
Joined: Wed Jun 12, 2013 1:59 pm

Re: DNS issue

Wed Aug 29, 2018 10:58 am

Can you share a ipconfig /all? Probably you want to set your MirkoTik as (only) DNS server in the DHCP options.
 
User avatar
victorsoares
Member Candidate
Member Candidate
Posts: 105
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:

Re: DNS issue

Wed Aug 29, 2018 4:32 pm

Do you have any ICPM rules? Try posting your /ip firewall here so we can help you.
MTCNA MTCRE
 
uts
just joined
Topic Author
Posts: 12
Joined: Mon Jul 30, 2018 10:40 am

Re: DNS issue

Fri Aug 31, 2018 10:56 am

Sorry, I was away.
Following is all in the firewall rules.
Recap: Cannot RDP by name or map drives by names. UNC address, when typed to map a drive are now jumping to a browser and going out to the internet (this is a new behaviour). Ping is now working, not sure how it got fixed.

Please note: there seems to be a DHCP v6 server turned on and serving on the Lan as observed under ipconfig/all
IPV6 is not turned on on the router

Thanks for your help.


0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough

1 ;;; ALLOW ESTABLISHED AND RELATED
chain=input action=accept connection-state=established,related log=no log-prefix=""

2 ;;; DENY INVALID
chain=input action=drop connection-state=invalid log=no log-prefix=""

3 ;;; ALLOW INPUT FROM LAN
chain=input action=accept in-interface-list=LAN log=no log-prefix=""

4 ;;; DENY DNS FROM WAN
chain=input action=drop protocol=udp in-interface-list=WAN port=53 log=no log-prefix=""

5 ;;; DENY IGMP FROM WAN
chain=input action=drop protocol=igmp in-interface-list=WAN log=no log-prefix=""

6 ;;; DENY ALL
chain=input action=drop log=yes log-prefix="DENY ALL"

7 ;;; FASTTRACK ESTABLISHED, RELATED
chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""

8 ;;; ALLOW ESTABLISHED, RELATED
chain=forward action=accept connection-state=established,related log=no log-prefix=""

9 ;;; DENY INVALID
chain=forward action=drop connection-state=invalid log=yes log-prefix=""

10 ;;; ALLOW FROM LAN
chain=forward action=accept in-interface-list=LAN log=no log-prefix=""

11 ;;; DENY FROM WAN
chain=forward action=drop in-interface-list=WAN log=no log-prefix=""

12 ;;; DENY DNS FROM WAN
chain=forward action=drop protocol=udp in-interface-list=WAN port=53 log=no log-prefix=""

13 chain=forward action=accept protocol=icmp in-interface-list=LAN log=no log-prefix=""

14 ;;; vlan 4 out to wan
chain=forward action=accept in-interface=vlan4 out-interface=ether1 log=no log-prefix=""

15 ;;; DENY ALL
chain=forward action=drop log=no log-prefix=""
 
mkx
Forum Guru
Forum Guru
Posts: 3185
Joined: Thu Mar 03, 2016 10:23 pm

Re: DNS issue

Fri Aug 31, 2018 11:47 am

Your firewall rule #12 is redundant as rule #11 already drops anything coming in from WAN.

To your main problem: which DNS server are using your LAN clients?
  • If it's your RB, then you need to fill it in with static mappings for all your LAN servers using /ip dns static add .......
  • If it's some other internal DNS server, then you need to check if clients can connect to it (by using direct IP address).
  • If it's some external DNS, then you need to change DHCP server settings to includde IP address of your chosen internal DNS server because external DNS servers surely don't resolve your internal LAN names. If your RB is acting as DHCP server, you need to adjust settings in /ip dhcp-server network. If you have some other DHCP server in your LAN, then change settings there.
BR,
Metod
 
uts
just joined
Topic Author
Posts: 12
Joined: Mon Jul 30, 2018 10:40 am

Re: DNS issue

Sat Sep 01, 2018 7:08 am

Thanks for the reply, I will check and let you know.
 
uts
just joined
Topic Author
Posts: 12
Joined: Mon Jul 30, 2018 10:40 am

Re: DNS issue

Fri Sep 07, 2018 7:57 am

Aplogies for the Delay.

DNS works in most edge systems and couple systems has this issue. However, due to my plate being full, I will put if off for now.

I am sure, one day, in a critical scenario, this will bite me in the butt.

Who is online

Users browsing this forum: No registered users and 43 guests