Community discussions

MikroTik App
 
torgr2019
newbie
Topic Author
Posts: 27
Joined: Wed Mar 10, 2021 8:59 pm

accessing local network hosts by host-name.local-domain-name

Tue Mar 23, 2021 12:38 pm

Hi to all,

Very new to Mikrotik.

Very simple network architecture:

WAN = ether1
LAN = bridge (ether2 to ether 10), 2 vlans, (vlan ///10 192.168.10.x/// and vlan 20 ///192.168.20.x///) with the relevant dhcp addresses etc.

No firewall resctrictions.

Everything working fine.

I can access one Windows device that resides in vlan 10 from vlan 20 using the ip address, no problem.

When i am trying using host-names, its not working. Tried to put domain name in the relevant dhcp networks, nothing. Tried static dns entries at ip/dns/static, nothing.

Any ideas?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: accessing local network hosts by host-name.local-domain-name

Tue Mar 23, 2021 2:18 pm

What is setting of dns-server property in /ip dhcp-server network? If it's not your router's IP address, then clients will use other DNS server and will miss configuration from /ip dns static.
 
torgr2019
newbie
Topic Author
Posts: 27
Joined: Wed Mar 10, 2021 8:59 pm

Re: accessing local network hosts by host-name.local-domain-name

Wed Mar 24, 2021 9:18 am

Thank you so much for your reply.

The problem seems to be that i haven't enabled the "allow remote requests".
So with that disabled, only dynamic dns servers from ISP are used (peer dns in dhcp client) despite that i had configured static dns servers in ip/dns and in ip/dhcp/networks. These entries are used ONLY if allow remote requests are enabled.
If that is enabled then the dns query asks the dns server specified there (ip/dns and ip/dhcp/networks). If the mikrotik router is set there then and only then the static dns entries are used!!!

Much complicated really.

The problem is now how can i secure my router from external dns requests when "allow remote requests" is enabled?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: accessing local network hosts by host-name.local-domain-name

Wed Mar 24, 2021 11:01 am

The problem is now how can i secure my router from external dns requests when "allow remote requests" is enabled?

It's firewall rules for chain=input. Default firewall setup (in recent ROS version on SOHO devices) already blocks most connections from WAN, but it really depends on changes to follow philosophy used for default rules (e.g. proper interface list membership etc.).

The buil-tin DNS resolver should be able to combine statically defined entries with replies from upstream DNS servers, but it needs proper configuration:
/ip dns set servers=<comma separated list of remote DNS servers>
 
torgr2019
newbie
Topic Author
Posts: 27
Joined: Wed Mar 10, 2021 8:59 pm

Re: accessing local network hosts by host-name.local-domain-name  [SOLVED]

Wed Mar 24, 2021 11:31 am

The problem is now how can i secure my router from external dns requests when "allow remote requests" is enabled?

It's firewall rules for chain=input. Default firewall setup (in recent ROS version on SOHO devices) already blocks most connections from WAN, but it really depends on changes to follow philosophy used for default rules (e.g. proper interface list membership etc.).

The buil-tin DNS resolver should be able to combine statically defined entries with replies from upstream DNS servers, but it needs proper configuration:
/ip dns set servers=<comma separated list of remote DNS servers>
Yes it is now worked as expected.

To summarize for other friends:
1. In order for the internal DNS resolver to work ==> Ip>DNS Allow remote requests should be enabled. If allow remote requests is disabled then the dns function is coming from peer DNS from DHCP client. This should be enabled at least if "allow remote requests" is disabled, otherwise there is no DNS service.
2. After the enabling of MIkrotik DNS function (with allow remote requests ON), then set static DNS servers in /ip/dhcp/networks and/or ip/dns. Optionally set static dns entries in ip/dns/static after setting static ip addresses for clients in dhcp server.
3. Securing Router from external dns queries with firewall rules (chain input, action drop, udp and tcp 53).

Who is online

Users browsing this forum: Amazon [Bot], cmmike, StupidProgrammer and 23 guests