Community discussions

 
anav
Forum Guru
Forum Guru
Topic Author
Posts: 2835
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Basic DNS Question

Sun Apr 28, 2019 5:19 pm

If I have my raspberry Pi on vlan xx.

I am thinking of putting the rasperry pi Actual IP on vlan xx into the DHCP NEtwork Settings for all the other subnets (vlans).

DO I NEED to make an accompanying firewall forward rule.
Add all vlan subnets allow access to PI IP for ports 53 tcp/udp
OR !!!
Not required, as it is implied that the router will automatically create the necessary ip routing because its stated in the DHCP Networks settings????
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
mkx
Forum Guru
Forum Guru
Posts: 2468
Joined: Thu Mar 03, 2016 10:23 pm

Re: Basic DNS Question

Sun Apr 28, 2019 5:31 pm

Router won't do anything automagically just because some IP address is mentioned in DHCP server setup (it doesn't add any additional setup for DNS server 8.8.8.8, so why should your rPI be any different?).

So yes, you have to add any routes/firewall rules to make it work.
BR,
Metod
 
anav
Forum Guru
Forum Guru
Topic Author
Posts: 2835
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Basic DNS Question

Sun Apr 28, 2019 5:56 pm

Done thanks.............
So if I have no DNS servers pointing to the router (ie no network address setup with the gatewayIP as DNS IP)
Assuming
a. I no longer require IP DNS remote requests at all..... (be it for PI server itself, or for all the subnets that use 8.8.8.8 or Pi server IP for DHCP networks DNS settings) ???
b. I no longer require any Dynamic servers in IP DNS.
c. I no longer require firewall rule to allow any local access to input chain for port 53,
d. any subnet assigned a public DNS network such as 8.8.8.8 simply needs a forward rule for access to the internet and nothing specific for port 53??
e. any subnet assigned PI server as DNS simply needs a forward chain rule to access pi Server (but only for port 53 tcp/udp).
f. the pi- server needs access to the internet.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
mkx
Forum Guru
Forum Guru
Posts: 2468
Joined: Thu Mar 03, 2016 10:23 pm

Re: Basic DNS Question

Mon Apr 29, 2019 12:23 pm

a) b) c) If all your LAN (any subnet) clients use other DNS servers (either rPI or internet servers), then you can disable remote DNS access on your router and remove/disable associated firewall filter rules. You just have to point RB itself at some DNS server so it can resolve download.mikrotik.com ;-)
d) if you allow unrestricted internet access to those subnets, you don't need anything special for DNS
e) yup
f) for DNS service TCP/UDP port 53 is enough. But rPI might need something else, depending on the setup
BR,
Metod
 
anav
Forum Guru
Forum Guru
Topic Author
Posts: 2835
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Basic DNS Question

Mon Apr 29, 2019 4:19 pm

a) b) c) If all your LAN (any subnet) clients use other DNS servers (either rPI or internet servers), then you can disable remote DNS access on your router and remove/disable associated firewall filter rules. You just have to point RB itself at some DNS server so it can resolve download.mikrotik.com ;-)
d) if you allow unrestricted internet access to those subnets, you don't need anything special for DNS
e) yup
f) for DNS service TCP/UDP port 53 is enough. But rPI might need something else, depending on the setup
Made my day, all yesses........... I must have my hat on the right way these days........
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
mkx
Forum Guru
Forum Guru
Posts: 2468
Joined: Thu Mar 03, 2016 10:23 pm

Re: Basic DNS Question

Mon Apr 29, 2019 8:59 pm

Made my day, all yesses.......
I'm such a nice person. Not everybody notices it at first glance though ........
BR,
Metod

Who is online

Users browsing this forum: No registered users and 13 guests