Community discussions

 
User avatar
rushlife
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

feature request ADVANCED DNS Server

Thu Jan 07, 2016 12:39 pm

+1 for advanced DNS server

I love mikrotik and I use it every day but standard DNS feature is simply poor.
I definitely need built-in advanced DNS in new ROS.
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: feature request ADVANCED DNS Server

Thu Jan 07, 2016 4:14 pm

Current RouterOS can't do much with DNS, that's for sure. But I don't think it's helpful to ask for "advanced DNS" without providing further details. That can mean a lot of different things.

IMHO there are two possible ways:

1) Don't try to make RouterOS a full-featured DNS server. Just add few additional features like more types of static records and per-domain forwarding. No more L7 hacks for basic stuff. It's simple, easy to implement, useful and should make a lot of users happy.

2) Provide full-featured DNS server as separate package, with all possible features (master/slave authoritative server, recursive resolver, dynamic updates, DNSSEC, ...). But it's a lot of work and target audience is limited, compared to 1). Instead of creating something from scratch, they would probably have to integrate something like BIND (but rather something else then BIND itself, as it doesn't have the best history).

I wouldn't say "no" to 2), but given the current state of things, the priority should be 1).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: feature request ADVANCED DNS Server

Thu Jan 07, 2016 4:50 pm

I wouldn't say "no" to 2), but given the current state of things, the priority should be 1).
You're right to say that there are other areas that need attention.
And I wholeheartedly agree that they should probably add the ability to specify RR type in the static DNS entries.
I'd say they need CNAME, AAAA, and PTR the most.

-----: BEGIN RANT :------

I would say "no" to 2. If someone needs a full DNS server then they should set up a Bind server or whatever daemon they like - do it on a WRT virtual if it really, really, really must be kept all on a single device. There comes a point in time when reality must be faced - this is a router operating system, not a server operating system.

There's a huge difference between a basic lightweight implementation of a protocol to fill a few niche needs (dns cache / static-only httpd to server "access denied" pages, etc), and fully-featured server packages. There are many things that need fixing in ROS that are core routing things (IPv6 needs lots of love, bugs in routing protocols, etc.). And I think a worldwide holiday would be declared if they implemented IGMP snooping on the bridge and atheros switch chips.

RouterOS can't be everything for everyone. I've seen feature requests for print server functionality.... really?

It's easy to get caught up by how feature-rich and powerful a Mikrotik can be, but remember that it is actually a router before it's anything else. It doesn't need to be a SQL cluster node. It doesn't need to be a bitcoin mining node. It doesn't need to be a print server. It doesn't need to be a web server or a DVR for your security cameras or anything else.

There's something that can do all of that - it's called Linux.

(drops the microphone on the floor)

------: END RANT :------
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: feature request ADVANCED DNS Server

Thu Jan 07, 2016 9:23 pm

You can do everything with Linux, but RouterOS gives it to you in such nice user/admin friendly package. It comes with some limitations, but mostly it's worth it. It's only natural to want to push the limits a little further and get the same comfort for more services. The question whether something belongs to RouterOS or not, now that even whole network monitoring system is included... can you really say that DNS server does not belong? :)

I see no problem with few extensions to what we have now. The basics are already there, it does not require much effort to add the rest. I myself would like to see two:

1) Per-domain forwarding. When you have some internal domain handled by your server, but don't want to depend on it completely for DNS, i.e. if it happens to go down, you still want to be able to use public internet. You could use router as DNS cache, use ISP's resolvers by default, but define an exception that queries for company.lan should be send to your server. A proper alternative to old L7 hack.

2) Allow to set static records of *any* type. Few most popular can have specific WinBox dialogs/CLI options. The rest can be supported using generic syntax (DNS server does not need to understand all records it serves, you can sometimes see unknown types in current DNS cache and it's no problem at all). You can stop here and it will make many people happy.
But as bonus (I'm not actually asking for this, just saying that it's nothing complicated), you can add a simple option to send replies for selected domains marked as authoritative and you have proper DNS server, even though it would be just a very basic one. Add AXFR transfers for master/slave operation and you'll start to get out of scope of simple extensions. No, what I wanted to write was that you'd have everything you need for basic server, if you don't require anything special like DNSSEC.

Real full-featured DNS server is a different story. And there's also difference between authoritative server and resolver. Authoritative server with all bells and whistles is not needed by most people. Resolver could be more interesting, e.g. if you want to validate DNSSEC by yourself in the name of security (you might not trust ISP or fear evil hackers between ISP and you), it would be nice thing to have. You can get dedicated machine, but why couldn't your shiny new $3000 CCR handle such relatively simple task.

But as I wrote before, simple extensions first. MikroTik can save full-featured DNS server for later, when they fix all bugs, add all more important features, dominate the router world and have nothing better to do. :)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: feature request ADVANCED DNS Server

Thu Jan 07, 2016 9:44 pm

The question whether something belongs to RouterOS or not, now that even whole network monitoring system is included... can you really say that DNS server does not belong?
Yeah - you have a point there, but I've kind of felt like running NMS from a router is a bit 'strange' but hey, it's there and it only took a little more than half a decade to get any work done to it. :lol:

Things like this (and Userman - another 'outside the box' package) are interesting additions to ROS, and I think Mikrotik's intent is for packages like these to be run on dedicated boxes that only function as the Dude or Userman.
But as I wrote before, simple extensions first. MikroTik can save full-featured DNS server for later, when they fix all bugs, add all more important features, dominate the router world and have nothing better to do. :D
In the mean time - low capacity, fully featured DNS appliance sounds like a Raspberry Pi to me...... ;)
(or a WRT image - certainly there's one posted)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: feature request ADVANCED DNS Server

Thu Jan 07, 2016 9:56 pm

What I am actually missing are zones or DNS instances, assigned to specific interfaces or even requester IP ranges. And of course, static CNAME, MX and AAAA entries.
This would allow e.g. to resove internal requests to internal hosts (and maybe put the loopback issues at rest), while allowing external requests to be resolved to public IPs. And this would maybe allow to disable forwards on external interfaces, while keeping it for the internal ones, and other nice use cases.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: feature request ADVANCED DNS Server

Thu Jan 07, 2016 10:11 pm

At the very least, they need to let you define CNAME, PTR, and AAAA records in the Mikrotik. The thing already knows how to cache and serve up such records anyway - at least they could add the ability to specify RR type in the UI.

I'm guessing they didn't want to have to validate more input types than IPv4 addresses. It seems that free-form string with the "don't mess up" disclaimer would be enough, right? If you specify something bad, then the clients' failure to function should be some clue that there is garbage in the DNS entries.....
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: feature request ADVANCED DNS Server

Thu Jan 07, 2016 10:42 pm

You can already add AAAA, just enter IPv6 address. But together with A (and automatic PTR) that's it so far.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: feature request ADVANCED DNS Server

Thu Jan 07, 2016 11:15 pm

You can already add AAAA, just enter IPv6 address. But together with A (and automatic PTR) that's it so far.
:shock:

(hand smacks forehead)

Why did I never try that?


Just for fun I tried to specify a CNAME kind of record in the same way (entered a hostname as the IP) - it resolved the hostname and created the A & PTR records for that name.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: feature request ADVANCED DNS Server

Sun Jan 10, 2016 4:39 pm

yea, both DNS for IPv6 and DNSSec can be cool/useful in ROS.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: feature request ADVANCED DNS Server

Sun Jan 10, 2016 5:53 pm

i think actual dns on ROUTEROS accomplish the role of a local cache for dns queries

if you need to get full dns implementation the only thing you need to do is to put a little and inexpensive linux box as the root of your dns infrastructure, this plus your mikrotiks doing cache can do a very good scalable dns solution

or use opendns or norton dns to custom your dns behavior

i think routeros must focus on polishing wireless routing and networking functionalities to deal with serious competition.
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: feature request ADVANCED DNS Server

Thu Jan 14, 2016 7:52 pm

i think actual dns on ROUTEROS accomplish the role of a local cache for dns queries

if you need to get full dns implementation the only thing you need to do is to put a little and inexpensive linux box as the root of your dns infrastructure, this plus your mikrotiks doing cache can do a very good scalable dns solution
or use opendns or norton dns to custom your dns behavior
i think routeros must focus on polishing wireless routing and networking functionalities to deal with serious competition.
but even as "local cache" its need support of such features, ironically. to do it properly in those tech-aware/depnding environment/solutions.
generally some networkers - avoid NS on routers, simply because security issues and just forward DNS traffic.
(which is important partialy both because broken/outdated/vulnerable/bloated code in some of them or incomplete implementations(especially in security context and "becoming essential" things like IPv6 native support "from top to down")
ironically - that start becomeing common for some security-conscient companies - for Linux and Windows hosts aswell.
(mostly because DNS implementation - remain as insecure as in all router and "caching" feats - seriously simplify exploitation)
also as "local cache" built-in DNS services - lack management options. to easier tweak/manage options, overrides(both for A, PTR, MX resources, TTL(both directions in many styles) and to enable/disable certain things in DNS traffic/configuration itself.
would you miss ability to tune "old-fashioned" DNS traffic in "passive" style(ie 53<->53) for example. in firmwares with open config(either they use bind, dnsmasq, nsd, djb(my favorite aside unbound) or other things code with combinations between) - you can simply edit config and fire it up/restart again.
someone - would probably like something else for DNS aswell, likely. its remain untouched in ROS for really long time.
personally i would like to see improved performance of it(compared to bypassing DNS - difference is staggering, sometimes :(

so far DNSSec support is sparse/broken, because incomplete implementation and lot of complex workarounds, necessary to make it working in most platforms.
partially cause since TCP Cookie Transactions - removed from kernel again(due same issues/reasons, ie incompletion/buggy status), long ago.
https://en.wikipedia.org/wiki/TCP_Cookie_Transactions

almost just like how SCTP - require both timestamps and ECN support(presently disabled in RouterOS).
 
onlineuser
Member Candidate
Member Candidate
Posts: 213
Joined: Thu Aug 06, 2015 12:10 pm

Re: feature request ADVANCED DNS Server

Thu Mar 01, 2018 6:22 pm

A lightweight DNS server like "maradns" would be fine for Mikrotik devices.
The configuration could be done through text files like on any OpenWRT device.

Why such a service will not be offered by Miktrotik? ;-)
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: feature request ADVANCED DNS Server

Thu Mar 01, 2018 7:48 pm

I think the problem is not to obtain the required software. There are more than enough open source DNS servers/resolvers available.
(if anything, the problem would be to select one instead of ending in a religious discussion which one to use and which one to absolutely avoid)

It would likely be more work to make the RouterOS configuration front-end.
I have often wondered what is going on behind that. Is there a very powerful "configuration interpreter" that does all he command-line, web and API
interpretation and is table-driven to support the commands we see and write the Unix-style text confguration that most of the used software needs?
Or is it all custom C/C++ programming that is to be done for each new feature being added?

It is difficult to know without some explanation by MikroTik employees, and I have not encountered that yet on this forum.

Depending on the situation, it could be quite easy to add a new package that simply consists of installing an existing open-source program,
and creating the configuration tables for it. But it could also be a lot of work. We don't know.
 
onlineuser
Member Candidate
Member Candidate
Posts: 213
Joined: Thu Aug 06, 2015 12:10 pm

Re: feature request ADVANCED DNS Server

Fri Mar 02, 2018 11:37 am

Such of these features would make Mikrotik more popular and additional hardware would not be necessary.

All of us trust on RB software although we do not know anything about the source code and possible backholes. Here the OpenWrt was the better solution but the UI is clearer and easier (faster) to use.
 
User avatar
doneware
Trainer
Trainer
Posts: 539
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: feature request ADVANCED DNS Server

Sat Mar 03, 2018 12:37 am

this: https://tools.ietf.org/html/draft-tale- ... lientid-01

i know the draft already expired. tbh we're talking about a 7 yr old feature that is in dnsmasq since 2011.
this is hell of a tool to get stuff under control.
#TR0359
 
onlineuser
Member Candidate
Member Candidate
Posts: 213
Joined: Thu Aug 06, 2015 12:10 pm

Re: feature request ADVANCED DNS Server

Thu Sep 27, 2018 4:45 pm

Are there any news about this feature request?
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: feature request ADVANCED DNS Server

Thu Sep 27, 2018 5:58 pm

I believe that MikroTik is preparing full-featured DNS server package as Christmas surprise. To be released a year or two after RouterOS v7.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
jondavy
Member Candidate
Member Candidate
Posts: 128
Joined: Tue May 12, 2009 11:14 pm
Location: Brasil

Re: feature request ADVANCED DNS Server

Thu Sep 27, 2018 11:32 pm

I believe that MikroTik is preparing full-featured DNS server package as Christmas surprise. To be released a year or two after RouterOS v7.
Wow, that would be great!!
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: feature request ADVANCED DNS Server

Fri Sep 28, 2018 1:15 am

I guess I should have added some fitting smiley like this one: :twisted:

Because in reality, there are some problems with my optimistic vision. It's not exactly true, at best I can go for "I want to believe". And also, I'm probably not the only one who uses "release date of RouterOS v7" as original synonym for "never". I'm pretty sure that it will change eventually, but don't hold your breath. That's for v7, DNS is yet another matter.

Truth is, I don't really think there's enough demand to warrant development of DNS server for RouterOS. If they would integrate some existing software, maybe. But it looks like they (for quite some time already) prefer do make things themselves.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
onlineuser
Member Candidate
Member Candidate
Posts: 213
Joined: Thu Aug 06, 2015 12:10 pm

Re: feature request ADVANCED DNS Server

Wed Jul 17, 2019 10:17 pm

Dear Mikrotik developer

are there any news about this feature?

Who is online

Users browsing this forum: No registered users and 103 guests