Community discussions

MikroTik App
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

feature request: dns-names instead of ip-addresses

Sat Oct 02, 2004 10:16 am

imho it would be helpful to have the opportunity of entering dns-names instead of ip-addresses in destination-fields, e.g. configuring tunnel-, ppp-type-clients. of course only if dns-cresolver is configured.

most operating systems allow this too for there vpn-clients and it becomes essential for use with dyn-dns based destinations, were the ip-address changes regularly.

(probably this could be done by some scripting, but i would prefer the simple method)

regards
matthias
 
sako
just joined
Posts: 8
Joined: Thu Jul 01, 2004 3:02 am

DNS names

Sun Oct 03, 2004 12:22 am

This is unsecure, coz dns names can be spoofed.
Second con is that in case of dns failure, the system will not be configured properly during restart.
Just my 2 cents :)
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Re: DNS names

Sun Oct 03, 2004 1:04 am

This is unsecure...
yes, right, but i didn't say to change everything from ip-addresses to dns-names, only to have the option to use dns-names too.

(by now, mikrotik ros is mostly unusable for dyn-dns based connections, and due to t-dsl we have lots of them in germany...)
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Sun Oct 03, 2004 10:14 am

This feature request has been posted several times. The main problem always is the discussion, when name resolution should occur: When entering a DNS name into a configuration (one-time resolution, then storing the ip address) - which is more for convenience issues while configuring. Or during "runtime", i.e. every time a rule or whatever containing a DNS name is used. This would be necessary for your request ("dyn-dns vpn"), but would potentially put a huge DNS resolution burden on the RouterOS system. Or something in between like the second option above but caching DNS resolution results for some time.
At that point discussions always stopped, if I remember correctly...
Best regards,
Christian Meis
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Sun Oct 03, 2004 1:04 pm

yes, this is a usual question for dns. but there is a solution already: TTLs

any resolver has to respect them.

e.g. dyn-dns.org sets a ttl of 60s, cisco NAT sets a TTL of 0s (which is RFC compliant too).

regards.
matthias
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Mon Oct 04, 2004 10:47 am

Of course that's right. But we have seen problems arising from servers with wrong configuration and giving those supposed-to-be-dynamic records normal (high) TTL.
Just wanted to point out to the possible problems associated with using DNS names here...
Best regards,
Christian Meis
 
changeip
Forum Guru
Forum Guru
Posts: 3824
Joined: Fri May 28, 2004 5:22 pm

Wed Oct 06, 2004 1:34 am

We've provided a mikrotik script in one of the forums here that will update your ddns records when an interface receives a different IP address. This is working well and we have a few clients using it at this time. Mikrotik supports the RFC ddns updates - but none of the current ddns providers support this update method. We've written the script to allow you to find your routers using a ddns name instead of trying to find the dhcp'ed address you receive on dsl / cable. It watches the interface IP address and sends an email to our ddns proxy account to perform the update, just as any other http client would.

Sam
ChangeIP.com
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Wed Oct 06, 2004 8:59 am

We've provided a mikrotik script in one of the forums
...
yes, i have seen this script, but i dont think it helps for the task i had in mind.
to explain: in germany there is a growing number of highspeed connections (3mbit) over telekom dsl, it is quite cheap so a lot of business customers do use it. together with VPN-techiques it is easy to build up a company network, but no static ip-addresses on the WAN are provided, i.e. the router must be able to build up VPN-tunnels with (dynamic) DNS names on both tunnel endpoints.

i am using draytek routers for that task (they are cheap and good) for years but they lack the cpu power, firewall- and QoS-features mikrotik ROS has. (their wireless features are poor, too). but their ability to build up various VPN-types with dynamic adressing is a feature i liked to see on the mikrotik ROS.

would it be possible to write a skript, building up a vpn-connection based on a just-in-time from DNS-resolved ip-addresses?

on the other hand, the resolver is build in yet, hence it should not be to complicated to make DNS names usable.

regards.
matthias
 
RaynMan
newbie
Posts: 34
Joined: Fri May 28, 2004 11:54 am
Location: Durban, South Africa

Wed Oct 06, 2004 4:21 pm

I can see a use for it my side as well...

Shouldn't be too difficult to add the ability to use name addresses with a disclaimer saying it's all at your own risk.

Or perhaps support a couple of the more popular Dynamic DNS companies out there?

I'm seeing quite a few of the budget type 'Broadband Routers' supporting this already (so far all are only supporting DynDNS) so it can't be a lot of code to add...

Anyways...I have a horrible hack-like solution already, but something more elegant would be nice ;)
 
changeip
Forum Guru
Forum Guru
Posts: 3824
Joined: Fri May 28, 2004 5:22 pm

Wed Oct 06, 2004 6:17 pm

I know exactly what you mean ... even in the ddns update script that we wrote we could not specify the mail server by name, we have to hard code the IP address of the sending SMTP server. I know that the the routeros can resolve names so it should be easy to add ... and i tried parsing it using a script but could not get it working. Ie, ping host.domain.tld -> then grab the resolved IP and use it in a variable.

We're not talking about doing reverse DNS lookups on log entries, etc - just specifying a hostname to use on outbound connections to vpns, mail servers, etc. I think I posted this request a few months back already.

Sam
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Wed Oct 06, 2004 6:20 pm

OK, finally I'll join this feature request alliance :D ...
Best regards,
Christian Meis
 
cjk
just joined
Posts: 4
Joined: Mon Oct 18, 2004 7:35 pm
Location: Luxembourg
Contact:

on board

Mon Oct 18, 2004 7:50 pm

i would like to see this feature too which should be quite easy to implement .
 
User avatar
eugenevdm
Member Candidate
Member Candidate
Posts: 208
Joined: Tue Jun 01, 2004 12:23 pm
Location: Stellenbosch, South Africa
Contact:

Wed Dec 01, 2004 5:32 pm

I also believe this would be a great feature in a growing world of non-ip based servers / clients. Can really be usefull for VPN.
The Snowball Effect
Superior Internet Solutions
 
edzix
Member
Member
Posts: 335
Joined: Thu Jul 01, 2004 3:01 pm
Location: Latvia

Wed Dec 01, 2004 7:00 pm

have you tried to enter a DNS name and, before accepting this, press Tab button? Maybe this is what you're looking and waiting for.

Edgars
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Wed Dec 08, 2004 10:56 am

have you tried to enter a DNS name and, before accepting this, press Tab button?
i tried this of course. all i got is an error, stating a non zero ip-address is needed. tried with pptp and ip-tunnel.

regards.
  matthias
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Dec 08, 2004 1:05 pm

:put [:resolve www.example.com]
Doesn't it say you something? :)
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Wed Dec 08, 2004 1:21 pm

:put [:resolve www.example.com]
Doesn't it say you something? :)
i am not sure. does it mean i can resolve a dns name in a script? does it mean too, i could configure dns-name-based vpn-connections only by scripting? (or can i put the command into the ip-address field?)

thx.
  matthias
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Dec 08, 2004 1:28 pm

1) Certainly, yes.
2)
/ip address add address=([:resolve www.example.com] . "/24") interface ether2
/ip address print
Flags: X - disabled, I - invalid, D - dynamic
#   ADDRESS            NETWORK         BROADCAST       INTERFACE
7   192.0.34.166/24    192.0.34.0       192.0.34.255       ether2
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Mon Dec 13, 2004 11:21 am

i tried a simple VPN (using PPTP) with DNS-name instead of ip-address, but afaik it cant't not work this way.

this is the running configuration:
interface pptp-client pr
                                                                     
Flags: X - disabled, R - running 
 0 X  name="pptp-client" mtu=1460 mru=1460 connect-to=x.y.129.62 user="test" password="******" profile=default add-default-route=no allow=mschap2,mschap1 
then i tried with dns-name:
interface pptp-client set 0 connect-to=[:resolve pptp-server.domain.de]                

interface pptp-client pr
                                                                     
Flags: X - disabled, R - running 
 0 X  name="pptp-client" mtu=1460 mru=1460 connect-to=x.y.129.62 user="test" password="******" profile=default add-default-route=no allow=mschap2,mschap1 
as one can see, the resolve-command just puts the current ip-address into the config-line. this does not solve the problem, as the address will change many times a day and has to be resolved every time the connection activates.

i could see a work-around by writing a scheduler, checking for the current ip-address and changing the config if necessary. this might work with a few vpn-connections but with tens or hundreds it adds way to much complexity just to work around the simple direct usage of dns-name in the configuration. (many cheap routers can do this already).

thx.
   matthias

[/code]
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24749
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Dec 13, 2004 11:23 am

of course this is a cheap workaround and mikrotik will work on a solution in upcoming versions
No answer to your question? How to write posts
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Mon Dec 13, 2004 12:34 pm

of course this is a cheap workaround and mikrotik will work on a solution in upcoming versions
thanks, that sounds good to me!

   matthias
 
edzix
Member
Member
Posts: 335
Joined: Thu Jul 01, 2004 3:01 pm
Location: Latvia

Mon Dec 13, 2004 1:35 pm

Mag,

how did you try it with Tab button? Maybe DND settings are incorrect in your router. Try, for example:

/ip address add address=www.example.com<press Tab now>

the line will be substituded with:

/ip address add address=1.1.1.1/

where 1.1.1.1 is IP of http://www.example.com in this example.

Edgars
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Mon Dec 13, 2004 1:51 pm

I can confirm this is working on the console - at least, if you have configured DNS servers under "/ip dns" (of course)...
Best regards,
Christian Meis
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24749
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Dec 13, 2004 2:48 pm

edzix - you don't get the idea. the ip address changes all the time, your TAB solution doesn't work here. you will have to change the rule all the time by yourself.

we will make a solution where the DNS names will be resolved within some intervals, configured in DNS Settings or somewhere else.

problem could be with dns names that resolve to multiple IP's, but I hope people will use this for services like no-ip.com and not enter yahoo.com (which really does resolve to multiple ip's).
No answer to your question? How to write posts
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Mon Dec 13, 2004 3:23 pm


how did you try it with Tab button? Maybe DND settings are incorrect in your router. Try, for example:
you are right, i tried the winbox, terminal is of course working.

but the problem is still (as written before) that the ip-address is changing on an irregular basis.

thx.
   matthias
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Mon Dec 13, 2004 3:36 pm

OK, so everyone is agreeing what the problem is and Normunds said they'll fix it (or better: add this feature).

Looks like we could start asking when this will become available :D ...
Any chance for 2.9?
Best regards,
Christian Meis
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24749
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Dec 13, 2004 4:00 pm

not funny :) maybe 2.9 some beta. i can't promise because we just agreed that there exists this problem, i still can't confirm 100% that this will make it into routeros. it depends on how hard it is to make etc. we'll see
No answer to your question? How to write posts
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Mon Dec 13, 2004 4:13 pm

Normunds, take it easy 8) ...
From my side it would be a welcome addition, but is not that important in our current setups...
Best regards,
Christian Meis
 
User avatar
stephenpatrick
Forum Veteran
Forum Veteran
Posts: 703
Joined: Fri Aug 20, 2004 12:26 pm
Location: UK
Contact:

Mon Dec 13, 2004 4:43 pm

Yes most operating systems allow this, and it's a nice feature,

.. but what about current generation commercial routers (Cisco etc) -
Do they offer this feature?

I guess I'm asking is such a feature "ahead" or "catching up with" current commercial routers. It always helps when talking to customers to have a long list of advantages :)

Regards

Stephen
CableFree - Wireless Excellence - Microwave, E-band Radios, Free Space Optics, High performance Radios & Routers
http://www.cablefree.net

Who is online

Users browsing this forum: BartoszP, rickstinson and 178 guests