Community discussions

 
Mikrouser123
just joined
Topic Author
Posts: 5
Joined: Sun Jan 27, 2019 9:24 pm

dhcp - dns problem

Sun Jan 27, 2019 9:40 pm

Hello,

i have a problem with dhcp/dns.

dhcp works / dns (externally) works.
for the lan dns does not work.

if i ask the mikrotik dns - it works
nslookup mylandevice 192.168.88.1 - works
nslookup mylandevice - does not work

in my dns config i can see, that the correct dns server (my mikrotik) is bound to the wlan interface.


so i think, the problem is, that the mikrotik is not set globally as dns server, just at the wlan interface.
here my config:
/ip dhcp-server
add address-pool=dhcp88 disabled=no interface=Bridge_Lan_good name=\
dhcp_lan_good
/ip dhcp-server lease
add address=192.168.88.190 client-id=1:3c:... mac-address=\
3C:... server=dhcp_lan_good
add address=192.168.88.189 client-id=1:c4:... mac-address=\
C4:... server=dhcp_lan_good
add address=192.168.88.186 client-id=1:... mac-address=\
84:.... server=dhcp_lan_good
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 domain=mydomain gateway=\
192.168.88.1 netmask=24

thanks in advance
 
razortas
newbie
Posts: 36
Joined: Tue Nov 20, 2012 1:07 am

Re: dhcp - dns problem

Tue Feb 05, 2019 6:03 am

Hi, Do you have External DNS server listed under IP-DNS on 88.1 and allow remote requests enabled.
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 585
Joined: Fri Nov 10, 2017 8:19 am

Re: dhcp - dns problem

Tue Feb 05, 2019 6:20 am

obviously,
allow-remote-requests
is enabled because without that,
nslookup mylandevice 192.168.88.1
wouldn't work.

It might be easier to understand your situation if you show your
ipconfig -all
and
route print
on your computer as well as
/export hide-sensitive
on your router.
Feel free to find&replace any personal info.
As you keep mentioning "wlan interface" I suspect you might have multiple interfaces active at your computer. that might explain why some other DNS server is active and your nslookup does not resolve local hostnames unless you specify IP of your router.
 
Mikrouser123
just joined
Topic Author
Posts: 5
Joined: Sun Jan 27, 2019 9:24 pm

Re: dhcp - dns problem

Wed Feb 06, 2019 9:43 pm

# feb/06/2019 20:29:40 by RouterOS 6.43.8
# software id = 63G5-EFIY
#
# model = RB4011iGS+5HacQ2HnD
# serial number = xyz
/interface bridge
add fast-forward=no name=Bridge_A
add name=Bridge_B
add fast-forward=no name=Bridge_C
add fast-forward=no name=Bridge_D
add fast-forward=no name=Bridge_E
add fast-forward=no name=bridge_internet
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
xxxxxxx
/interface wireless
set [ find default-name=wlan2 ] band=2ghz-g/n channel-width=20/40mhz-eC disabled=no frequency=auto mode=ap-bridge name=MySSID2 nv2-security=enabled security-profile=Oxxx ssid=xxx
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=germany frequency=auto frequency-mode=regulatory-domain mode=ap-bridge name=xxx nv2-security=enabled security-profile=\
xxxx ssid=xxxx wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=xxx master-interface=xxx multicast-buffering=disabled name=xxx security-profile=xxx ssid=xxx \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip dhcp-server option
add code=6 name=OpenDNS value="'192.168.88.1'"
add code=119 name=domain-search-option value="'mydomain.local'"
/ip dhcp-server option sets
add name=lan_dhcp_set options=OpenDNS
/ip pool
add name=dhcpA ranges=192.168.88.100-192.168.88.200
add name=dhcpB ranges=192.168.89.2-192.168.89.254
/ip dhcp-server
add address-pool=dhcpA disabled=no interface=Bridge_D name=dhcp_lan_good
add address-pool=dhcpB disabled=no interface=Bridge_C name=dhcpB
/interface bridge port
add bridge=Bridge_D interface=ether2 trusted=yes
add bridge=Bridge_D interface=ether3 trusted=yes
add bridge=Bridge_D interface=ether4 trusted=yes
add bridge=Bridge_D interface=ether5 trusted=yes
add bridge=Bridge_D interface=ether6 trusted=yes
add bridge=bridge_internet interface=ether10
add bridge=Bridge_D interface=MySSID1
add bridge=Bridge_D interface=MySSID2
add bridge=Bridge_D interface=ether7
add bridge=Bridge_D interface=ether8
add bridge=Bridge_C interface=china_internet
/interface detect-internet
set detect-interface-list=all internet-interface-list=LAN lan-interface-list=LAN wan-interface-list=WAN
/interface wireless access-list
add interface=MySSID2 mac-address=xyz vlan-mode=no-tag
add interface=MySSID2 mac-address=xyz vlan-mode=no-tag
/ip address
add address=192.168.87.1/24 comment="default configuration" interface=ether1 network=192.168.87.0
add address=192.168.90.1/24 interface=ether9 network=192.168.90.0
add address=192.168.88.1/24 interface=Bridge_D network=192.168.88.0
add address=192.168.89.1/24 interface=china_internet network=192.168.89.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge_internet
/ip dhcp-server lease
add address=192.168.88.190 client-id=xxxx mac-address=xxxx server=dhcp_lan_good
add address=192.168.88.189 client-id=xxxx mac-address=xxxx server=dhcp_lan_good
add address=192.168.88.186 client-id=xxxx mac-address=xxxx server=dhcp_lan_good
add address=192.168.89.253 mac-address=xxxx server=dhcpB
add address=192.168.88.193 mac-address=xxxx server=dhcp_lan_good
add address=192.168.88.184 client-id=xxxx mac-address=xxxx server=dhcp_lan_good
/ip dhcp-server network
add address=192.168.88.0/24 dhcp-option-set=lan_dhcp_set dns-server=192.168.88.1 domain=mydomain.local gateway=192.168.88.1 netmask=24
add address=192.168.89.0/24 dhcp-option=domain-search-option dns-server=192.168.88.1 gateway=192.168.89.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.88.1
/ip dns static
add address=192.168.178.1 name=fritzbox_dns
add address=192.168.88.10 name=mynas.mydomain.local
add address=192.168.88.184 name=hp.mydomain.local
/ip firewall filter
add action=reject chain=forward dst-address=192.168.88.0/24 reject-with=icmp-network-unreachable src-address=192.168.89.0/24
/ip firewall nat
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address=192.168.88.0/24
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 src-address=192.168.89.0/24
/ip route
add distance=1 gateway=192.168.178.1
add distance=1 dst-address=192.168.88.0/24 gateway=Bridge_E pref-src=192.168.88.2 scope=10
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=MyRouterName
/system leds
add interface=MySSID2 leds=MySSID2_signal1-led,MySSID2_signal2-led,MySSID2_signal3-led,MySSID2_signal4-led,MySSID2_signal5-led type=wireless-signal-strength
add interface=MySSID2 leds=MySSID2_tx-led type=interface-transmit
add interface=MySSID2 leds=MySSID2_rx-led type=interface-receive
/system script
add dont-require-permissions=no name=dns_dhcp owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":do {\r\
\n:if (\$leaseBound=1) do={\r\
\n :local HostName [/ip dhcp-server lease get number=[find where mac-address=\$leaseActMAC] host-name];\r\
\n if ([:len \$HostName]=0) do={:log error message=\"host-name Not Available\";:error};\r\
\n :local Domain [/ip dhcp-server network get number=[find where \$leaseActIP in address] domain];\r\
\n if ([:len \$Domain]=0) do={:log error message=\"domain Not Available\";:error};\r\
\n :do {/ip dns static\r\
\n remove numbers=[find where name=(\$HostName . \".\" . \$Domain)];\r\
\n add name=(\$HostName . \".\" . \$Domain) address=\$leaseActIP ttl=600s;\r\
\n } on-error={:log error message=\"Adding FQDN Failed\"}\r\
\n}\r\
\n:if (\$leaseBound=0) do={\r\
\n :do {/ip dns static\r\
\n remove numbers=[find where address=\$leaseActIP];\r\
\n } on-error={:log error message=\"Removing FQDN Failed\"}\r\
\n} } on-error={:log error message=\"lease-script failed...\"}"
/tool sniffer
set filter-ip-address=192.168.88.199/32 filter-ipv6-address=::/0


best regards
 
Mikrouser123
just joined
Topic Author
Posts: 5
Joined: Sun Jan 27, 2019 9:24 pm

Re: dhcp - dns problem

Thu Feb 07, 2019 7:28 pm

Here my windows ipconfig /all:

Hostname : myhosthame
Primary dns-Suffix: myCompanyDNSSuffix
Node type: Hybrid
DNS-Suffix search list: my-company's search list without mydomain.local!!!

WLAN Adapter connection:

connection specific dns-suffix: mydomain.local
DHCP: yes
Autoconfiguration: yes
IPv4 address: 192.168.88.x
DNS-Server: 192.168.88.1 (the correct one)


Here my linux system in the same net:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether xyz
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 84:a6:c8:20:51:0c brd ff:ff:ff:ff:ff:ff
inet 192.168.88.193/24 brd 192.168.88.255 scope global dynamic noprefixroute wlan0
valid_lft 427sec preferred_lft 427sec
inet6 xyz:6781/64 scope link noprefixroute
valid_lft forever preferred_lft forever


systemd-resolve --status
Global
DNS Servers: 192.168.88.1
DNS Domain: mydomain.local
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test

Link 4 (docker0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

Link 3 (wlan0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.88.1
DNS Domain: mydomain.local

Link 2 (eth0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

best regards
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 585
Joined: Fri Nov 10, 2017 8:19 am

Re: dhcp - dns problem

Fri Feb 08, 2019 3:39 am

this is definitely wrong and must be fixed:
/ip dns set allow-remote-requests=yes servers=192.168.88.1
Parameter "servers" in
/ip dns
is supposed to hold list of DHCP servers, where your mikrotik will send requests. This list is also passed to DHCP-clients, in case you didn't fill parameter "dns-server" in relevant
/ip dhcp-server networks
entry - that does not apply to you because you have filled it
Obviously, router should not send requests to itself - that is a loop and can lead to some unexpected results - fix it immediately. You can fill in some public/upstream DNS servers or you can leave it empty. In both cases, router will dynamically append DNS from your upstream router, because you have
use-peer-dns=yes
implied in your
/ip dhcp-client


This also seems strange because you don't have 192.168.88.2 address assigned to your router:
/ip route add distance=1 dst-address=192.168.88.0/24 gateway=Bridge_E pref-src=192.168.88.2 scope=10
In addition should already have dynamic route for 192.168.88.0/24 created by
/ip address add address=192.168.88.1/24 interface=Bridge_D network=192.168.88.0

However, due to the distance, it should not get active anyway, so despite being strange, it should not cause issues.

Other than that, I do not see something clearly wrong (but I might missed something)

In terms of your computer config, I can't see much either because that is not a original output of
ipconfig -all
and
route print
(lets focus on windows only, I am not very good at linux networking)
The reason I asked for those commands is to understand this: If you have 192.168.88.1 set as default DNS on your computer, then
nslookup mylandevice
and
nslookup mylandevice 192.168.88.1
should return exactly same result.
If they don't return same result, then most likely
nslookup mylandevice
is not requesting data from same DNS server and the command actually shows which server it requests data from (and if thats not enough, packet sniffer will prove what is really happening). If that is the case, then it would mean your PC has multiple DNS set, not just 192.168.88.1 . That is typical situation when you play with some virtual machines etc... virtual adapter gets higher priority (because ethernet has priority over wifi) and if there is a DNS (even not-working) assigned to the virtual adapter, windows will keep asking that to that one...

Now forgive me my attitude, but it is quite challenging to help people, when they keep hiding info which they consider irrelevant. In this specific case, I am missing exact result of following commands from your windows PC:
-
nslookup mylandevice
- you told us it does not work but it is not clear what exactly was the result. Exact result will answer questions like "what DNS server was requested?", "was there no response (server unavailable) or negative response (server available but unable to resolve the hostname)?"
-
ipconfig -all
- you presented us short excerpt of the result. I am more than certain that original looked different - had more network adapters and more info per each adapter. (sure, hide your MAC and IPv6 if you are woried about security)
-
route print
- this was ignored completely, yet it is pretty important info, in cases where multiple routes/networks may be available.

As said previously - I might miss something and other users of this forum may point it out later. However, if nobody else replies, most likely there is not enough info provided...
 
Mikrouser123
just joined
Topic Author
Posts: 5
Joined: Sun Jan 27, 2019 9:24 pm

Re: dhcp - dns problem

Sat Feb 09, 2019 5:08 pm

Hello,

sorry for the missing informations - here the ipconfig /all with some fogged personal informations:

Windows-IP-Konfiguration

Hostname . . . . . . . . . . . . : mycompanyhostname
Primäres DNS-Suffix . . . . . . . : ad001.mycompanydomain.net
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : ad001.mycompanydomain.net
ww002.mycompanydomain.net
mycompanydomain.net


Ethernet-Adapter Local Area Connection 3:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
Physikalische Adresse . . . . . . : 00-FF-91-52-E3-C1
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter Local Area Connection* 11:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physikalische Adresse . . . . . . : 00-FF-10-B0-C9-1D
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter Wireless Network Connection:

Verbindungsspezifisches DNS-Suffix: mydomain.local
Beschreibung. . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8260
Physikalische Adresse . . . . . . : xyz
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 192.168.88.181(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Samstag, 9. Februar 2019 15:46:53
Lease läuft ab. . . . . . . . . . : Samstag, 9. Februar 2019 15:56:53
Standardgateway . . . . . . . . . : 192.168.88.1
DHCPv4-Klassen-ID . . . . . . . . . : ad001-id
DHCP-Server . . . . . . . . . . . : 192.168.88.1
DNS-Server . . . . . . . . . . . : 192.168.88.1
NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Drahtlos-LAN-Adapter Wireless Network Connection 2:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physikalische Adresse . . . . . . : 2A-16-AD-B6-24-D9
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter Local Area Connection:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: ad001.mycompanydomain.net
Beschreibung. . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-LM
Physikalische Adresse . . . . . . : xyz
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter VMware Network Adapter VMnet1:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
1
Physikalische Adresse . . . . . . : 00-50-56-C0-00-01
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 192.168.31.1(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . :
DHCPv4-Klassen-ID . . . . . . . . . : ad001-id
NetBIOS über TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter VMware Network Adapter VMnet8:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
8
Physikalische Adresse . . . . . . : 00-50-56-C0-00-08
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 192.168.5.1(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . :
DHCPv4-Klassen-ID . . . . . . . . . : ad001-id
NetBIOS über TCP/IP . . . . . . . : Aktiviert


route print
===========================================================================
Schnittstellenliste
20...xyz ......TAP-Windows Adapter V9
15...xyz ......Juniper Network Connect Virtual Adapter
12...xyz ......Intel(R) Dual Band Wireless-AC 8260
13...xyz ......Microsoft Virtual WiFi Miniport Adapter
11...xyz ......Intel(R) Ethernet Connection (2) I219-LM
22...xyz ......VMware Virtual Ethernet Adapter for VMnet1
23...xyz ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.88.1 192.168.88.181 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
192.168.5.0 255.255.255.0 Auf Verbindung 192.168.5.1 276
192.168.5.1 255.255.255.255 Auf Verbindung 192.168.5.1 276
192.168.5.255 255.255.255.255 Auf Verbindung 192.168.5.1 276
192.168.31.0 255.255.255.0 Auf Verbindung 192.168.31.1 276
192.168.31.1 255.255.255.255 Auf Verbindung 192.168.31.1 276
192.168.31.255 255.255.255.255 Auf Verbindung 192.168.31.1 276
192.168.88.0 255.255.255.0 Auf Verbindung 192.168.88.181 281
192.168.88.181 255.255.255.255 Auf Verbindung 192.168.88.181 281
192.168.88.255 255.255.255.255 Auf Verbindung 192.168.88.181 281
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.31.1 276
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.5.1 276
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.88.181 281
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.31.1 276
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.5.1 276
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.88.181 281
===========================================================================
Ständige Routen:
Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
1 306 ::1/128 Auf Verbindung
1 306 ff00::/8 Auf Verbindung
===========================================================================
Ständige Routen:
Keine
 
Mikrouser123
just joined
Topic Author
Posts: 5
Joined: Sun Jan 27, 2019 9:24 pm

Re: dhcp - dns problem

Sat Feb 09, 2019 5:52 pm

ok i removed servers=192.168.88.1 in dhcp as you suggested

I removed the route with 192.168.88.2

Now the nslookup works from windows - only with fqdn - but that's ok for me.
In linux it does not work - i also think in your direction, that there is some higher ranked dns setting on another network device,
but the wlan and loopback interface are the only ones, that are up.
For me it seems, that the dns server is set at the wlan interface and not globally.

thanks in advance for your help.

Who is online

Users browsing this forum: No registered users and 9 guests