Community discussions

MikroTik App
 
Corvich
just joined
Topic Author
Posts: 1
Joined: Thu Mar 25, 2021 10:30 pm

Bridge Pihole, DNS Difficulties

Thu Mar 25, 2021 10:46 pm

Howdie all, fairly new, and there might be a simple answer but I certainly haven't been able to find one, so this but here we are. I have a MikroTik as the entry point to my network. This is a family router, so the port I use is bridged, with a separate Network and DHCP pool (They're on 192.168.88.0/24 while I'm on 192.168.6.0/24). I have both mine and their bridges on the interface list with the WAN. I have a server running on my network, from which I want to run a PiHole. The problem is DNS. I've currently got my network being routed to a Pihole container on my server, Which is actually sort of working, at least some ads are being blocked, but definitely far from all. I'm thinking that it must be using the default configuration DNS by me putting it in the interface list, but thats just speculation as like I said I'm new, and furthermore I'm not sure how I'd go about sorting that. Any ideas?

For those who ask:


Flags: D - dynamic, X - disabled, R - running, S - slave 

 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      

 0  R  ether1                              ether            1500  1598       9214 08:55:31:9B:0A:C6

 1  RS ether2                              ether            1500  1598       9214 08:55:31:9B:0A:C7

 2  RS ether3                              ether            1500  1598       9214 08:55:31:9B:0A:C8

 3  RS ether4                              ether            1500  1598       9214 08:55:31:9B:0A:C9

 4  RS ;;; ORA Network Devices

       ether5                              ether            1500  1598       9214 08:55:31:9B:0A:CA

 5  RS wlan1                               wlan             1500  1600       2290 08:55:31:9B:0A:CB

 6   S wlan2                               wlan             1500  1600       2290 08:55:31:9B:0A:CC

 7  R  ;;; defconf

       bridge                              bridge           1500  1598            08:55:31:9B:0A:C7

 8  R  ;;; ORA Bridge

       bridge2                             bridge           1500  1598            08:55:31:9B:0A:CA

[admin@MikroTik] /interface> cd .. 

bad command name cd (line 1 column 1)

[admin@MikroTik] /interface> .. 

[admin@MikroTik] > export 

# mar/25/2021 20:45:01 by RouterOS 6.48.1

# software id = CDLH-8UJV

#

# model = RBD52G-5HacD2HnD

# serial number = CDFD0D2B03DF

/interface bridge

add admin-mac=08:55:31:9B:0A:C7 auto-mac=no comment=defconf name=bridge

add admin-mac=08:55:31:9B:0A:CA auto-mac=no comment="ORA Bridge" name=bridge2

/interface ethernet

set [ find default-name=ether5 ] comment="ORA Network Devices"

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country="united kingdom" disabled=no distance=indoors frequency=auto installation=indoor mode=\

    ap-bridge ssid=MikroTik-2GHz wireless-protocol=802.11

set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors frequency=auto installation=indoor mode=\

    ap-bridge ssid=MikroTik-5Ghz wireless-protocol=802.11

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=* wpa2-pre-shared-key=*

/ip pool

add name=dhcp ranges=192.168.88.10-192.168.88.254

add name=ORAPool ranges=192.168.6.10-192.168.6.254

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge name=defconf

add address-pool=ORAPool disabled=no interface=bridge2 name=ORA-dhcp

/interface bridge port

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge2 comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=wlan1

add bridge=bridge comment=defconf interface=wlan2

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface ethernet switch vlan

add independent-learning=no ports=ether1 switch=switch1 vlan-id=200

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=ether1 list=WAN

add interface=bridge2 list=LAN

/ip address

add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

add address=192.168.6.1/24 interface=bridge2 network=192.168.6.0

/ip dhcp-client

add comment=defconf disabled=no interface=ether1 use-peer-dns=no

/ip dhcp-server network

add address=192.168.6.0/24 comment="ORA Network" dns-server=192.168.6.21 gateway=192.168.6.1

add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns

set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip dns static

add address=192.168.88.1 comment=defconf name=router.lan

/ip firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/ip upnp

set enabled=yes

/ip upnp interfaces

add interface=bridge type=internal

add interface=ether1 type=external

/system clock

set time-zone-name=Europe/London

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN
Not that its much outside the default I imagine.
 
aesmith
Member Candidate
Member Candidate
Posts: 264
Joined: Wed Mar 27, 2019 6:43 pm

Re: Bridge Pihole, DNS Difficulties

Fri Mar 26, 2021 11:02 am

Why not share you current DHCP and DNS configuration, assuming they're configured on the Mikrotik ..
/ip dns export
/ip dhcp export
Essentially you have two ways of doing his, you could get your DHCP to dish out the Pihole's IP address as the DNS for all your clients. Or you could configure the Mikrotik as a caching DNS server (which has some benefits) but configured to use the Pihole as it's source.

Who is online

Users browsing this forum: No registered users and 32 guests