Page 1 of 1

feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 12:39 pm
by rushlife
+1 for advanced DNS server

I love mikrotik and I use it every day but standard DNS feature is simply poor.
I definitely need built-in advanced DNS in new ROS.

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 4:14 pm
by Sob
Current RouterOS can't do much with DNS, that's for sure. But I don't think it's helpful to ask for "advanced DNS" without providing further details. That can mean a lot of different things.

IMHO there are two possible ways:

1) Don't try to make RouterOS a full-featured DNS server. Just add few additional features like more types of static records and per-domain forwarding. No more L7 hacks for basic stuff. It's simple, easy to implement, useful and should make a lot of users happy.

2) Provide full-featured DNS server as separate package, with all possible features (master/slave authoritative server, recursive resolver, dynamic updates, DNSSEC, ...). But it's a lot of work and target audience is limited, compared to 1). Instead of creating something from scratch, they would probably have to integrate something like BIND (but rather something else then BIND itself, as it doesn't have the best history).

I wouldn't say "no" to 2), but given the current state of things, the priority should be 1).

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 4:50 pm
by ZeroByte
I wouldn't say "no" to 2), but given the current state of things, the priority should be 1).
You're right to say that there are other areas that need attention.
And I wholeheartedly agree that they should probably add the ability to specify RR type in the static DNS entries.
I'd say they need CNAME, AAAA, and PTR the most.

-----: BEGIN RANT :------

I would say "no" to 2. If someone needs a full DNS server then they should set up a Bind server or whatever daemon they like - do it on a WRT virtual if it really, really, really must be kept all on a single device. There comes a point in time when reality must be faced - this is a router operating system, not a server operating system.

There's a huge difference between a basic lightweight implementation of a protocol to fill a few niche needs (dns cache / static-only httpd to server "access denied" pages, etc), and fully-featured server packages. There are many things that need fixing in ROS that are core routing things (IPv6 needs lots of love, bugs in routing protocols, etc.). And I think a worldwide holiday would be declared if they implemented IGMP snooping on the bridge and atheros switch chips.

RouterOS can't be everything for everyone. I've seen feature requests for print server functionality.... really?

It's easy to get caught up by how feature-rich and powerful a Mikrotik can be, but remember that it is actually a router before it's anything else. It doesn't need to be a SQL cluster node. It doesn't need to be a bitcoin mining node. It doesn't need to be a print server. It doesn't need to be a web server or a DVR for your security cameras or anything else.

There's something that can do all of that - it's called Linux.

(drops the microphone on the floor)

------: END RANT :------

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 9:23 pm
by Sob
You can do everything with Linux, but RouterOS gives it to you in such nice user/admin friendly package. It comes with some limitations, but mostly it's worth it. It's only natural to want to push the limits a little further and get the same comfort for more services. The question whether something belongs to RouterOS or not, now that even whole network monitoring system is included... can you really say that DNS server does not belong? :)

I see no problem with few extensions to what we have now. The basics are already there, it does not require much effort to add the rest. I myself would like to see two:

1) Per-domain forwarding. When you have some internal domain handled by your server, but don't want to depend on it completely for DNS, i.e. if it happens to go down, you still want to be able to use public internet. You could use router as DNS cache, use ISP's resolvers by default, but define an exception that queries for company.lan should be send to your server. A proper alternative to old L7 hack.

2) Allow to set static records of *any* type. Few most popular can have specific WinBox dialogs/CLI options. The rest can be supported using generic syntax (DNS server does not need to understand all records it serves, you can sometimes see unknown types in current DNS cache and it's no problem at all). You can stop here and it will make many people happy.
But as bonus (I'm not actually asking for this, just saying that it's nothing complicated), you can add a simple option to send replies for selected domains marked as authoritative and you have proper DNS server, even though it would be just a very basic one. Add AXFR transfers for master/slave operation and you'll start to get out of scope of simple extensions. No, what I wanted to write was that you'd have everything you need for basic server, if you don't require anything special like DNSSEC.

Real full-featured DNS server is a different story. And there's also difference between authoritative server and resolver. Authoritative server with all bells and whistles is not needed by most people. Resolver could be more interesting, e.g. if you want to validate DNSSEC by yourself in the name of security (you might not trust ISP or fear evil hackers between ISP and you), it would be nice thing to have. You can get dedicated machine, but why couldn't your shiny new $3000 CCR handle such relatively simple task.

But as I wrote before, simple extensions first. MikroTik can save full-featured DNS server for later, when they fix all bugs, add all more important features, dominate the router world and have nothing better to do. :)

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 9:44 pm
by ZeroByte
The question whether something belongs to RouterOS or not, now that even whole network monitoring system is included... can you really say that DNS server does not belong?
Yeah - you have a point there, but I've kind of felt like running NMS from a router is a bit 'strange' but hey, it's there and it only took a little more than half a decade to get any work done to it. :lol:

Things like this (and Userman - another 'outside the box' package) are interesting additions to ROS, and I think Mikrotik's intent is for packages like these to be run on dedicated boxes that only function as the Dude or Userman.
But as I wrote before, simple extensions first. MikroTik can save full-featured DNS server for later, when they fix all bugs, add all more important features, dominate the router world and have nothing better to do. :D
In the mean time - low capacity, fully featured DNS appliance sounds like a Raspberry Pi to me...... ;)
(or a WRT image - certainly there's one posted)

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 9:56 pm
by docmarius
What I am actually missing are zones or DNS instances, assigned to specific interfaces or even requester IP ranges. And of course, static CNAME, MX and AAAA entries.
This would allow e.g. to resove internal requests to internal hosts (and maybe put the loopback issues at rest), while allowing external requests to be resolved to public IPs. And this would maybe allow to disable forwards on external interfaces, while keeping it for the internal ones, and other nice use cases.

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 10:11 pm
by ZeroByte
At the very least, they need to let you define CNAME, PTR, and AAAA records in the Mikrotik. The thing already knows how to cache and serve up such records anyway - at least they could add the ability to specify RR type in the UI.

I'm guessing they didn't want to have to validate more input types than IPv4 addresses. It seems that free-form string with the "don't mess up" disclaimer would be enough, right? If you specify something bad, then the clients' failure to function should be some clue that there is garbage in the DNS entries.....

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 10:42 pm
by Sob
You can already add AAAA, just enter IPv6 address. But together with A (and automatic PTR) that's it so far.

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 07, 2016 11:15 pm
by ZeroByte
You can already add AAAA, just enter IPv6 address. But together with A (and automatic PTR) that's it so far.
:shock:

(hand smacks forehead)

Why did I never try that?


Just for fun I tried to specify a CNAME kind of record in the same way (entered a hostname as the IP) - it resolved the hostname and created the A & PTR records for that name.

Re: feature request ADVANCED DNS Server

Posted: Sun Jan 10, 2016 4:39 pm
by Zorro
yea, both DNS for IPv6 and DNSSec can be cool/useful in ROS.

Re: feature request ADVANCED DNS Server

Posted: Sun Jan 10, 2016 5:53 pm
by chechito
i think actual dns on ROUTEROS accomplish the role of a local cache for dns queries

if you need to get full dns implementation the only thing you need to do is to put a little and inexpensive linux box as the root of your dns infrastructure, this plus your mikrotiks doing cache can do a very good scalable dns solution

or use opendns or norton dns to custom your dns behavior

i think routeros must focus on polishing wireless routing and networking functionalities to deal with serious competition.

Re: feature request ADVANCED DNS Server

Posted: Thu Jan 14, 2016 7:52 pm
by Zorro
i think actual dns on ROUTEROS accomplish the role of a local cache for dns queries

if you need to get full dns implementation the only thing you need to do is to put a little and inexpensive linux box as the root of your dns infrastructure, this plus your mikrotiks doing cache can do a very good scalable dns solution
or use opendns or norton dns to custom your dns behavior
i think routeros must focus on polishing wireless routing and networking functionalities to deal with serious competition.
but even as "local cache" its need support of such features, ironically. to do it properly in those tech-aware/depnding environment/solutions.
generally some networkers - avoid NS on routers, simply because security issues and just forward DNS traffic.
(which is important partialy both because broken/outdated/vulnerable/bloated code in some of them or incomplete implementations(especially in security context and "becoming essential" things like IPv6 native support "from top to down")
ironically - that start becomeing common for some security-conscient companies - for Linux and Windows hosts aswell.
(mostly because DNS implementation - remain as insecure as in all router and "caching" feats - seriously simplify exploitation)
also as "local cache" built-in DNS services - lack management options. to easier tweak/manage options, overrides(both for A, PTR, MX resources, TTL(both directions in many styles) and to enable/disable certain things in DNS traffic/configuration itself.
would you miss ability to tune "old-fashioned" DNS traffic in "passive" style(ie 53<->53) for example. in firmwares with open config(either they use bind, dnsmasq, nsd, djb(my favorite aside unbound) or other things code with combinations between) - you can simply edit config and fire it up/restart again.
someone - would probably like something else for DNS aswell, likely. its remain untouched in ROS for really long time.
personally i would like to see improved performance of it(compared to bypassing DNS - difference is staggering, sometimes :(

so far DNSSec support is sparse/broken, because incomplete implementation and lot of complex workarounds, necessary to make it working in most platforms.
partially cause since TCP Cookie Transactions - removed from kernel again(due same issues/reasons, ie incompletion/buggy status), long ago.
https://en.wikipedia.org/wiki/TCP_Cookie_Transactions

almost just like how SCTP - require both timestamps and ECN support(presently disabled in RouterOS).

Re: feature request ADVANCED DNS Server

Posted: Thu Mar 01, 2018 6:22 pm
by onlineuser
A lightweight DNS server like "maradns" would be fine for Mikrotik devices.
The configuration could be done through text files like on any OpenWRT device.

Why such a service will not be offered by Miktrotik? ;-)

Re: feature request ADVANCED DNS Server

Posted: Thu Mar 01, 2018 7:48 pm
by pe1chl
I think the problem is not to obtain the required software. There are more than enough open source DNS servers/resolvers available.
(if anything, the problem would be to select one instead of ending in a religious discussion which one to use and which one to absolutely avoid)

It would likely be more work to make the RouterOS configuration front-end.
I have often wondered what is going on behind that. Is there a very powerful "configuration interpreter" that does all he command-line, web and API
interpretation and is table-driven to support the commands we see and write the Unix-style text confguration that most of the used software needs?
Or is it all custom C/C++ programming that is to be done for each new feature being added?

It is difficult to know without some explanation by MikroTik employees, and I have not encountered that yet on this forum.

Depending on the situation, it could be quite easy to add a new package that simply consists of installing an existing open-source program,
and creating the configuration tables for it. But it could also be a lot of work. We don't know.

Re: feature request ADVANCED DNS Server

Posted: Fri Mar 02, 2018 11:37 am
by onlineuser
Such of these features would make Mikrotik more popular and additional hardware would not be necessary.

All of us trust on RB software although we do not know anything about the source code and possible backholes. Here the OpenWrt was the better solution but the UI is clearer and easier (faster) to use.

Re: feature request ADVANCED DNS Server

Posted: Sat Mar 03, 2018 12:37 am
by doneware
this: https://tools.ietf.org/html/draft-tale- ... lientid-01

i know the draft already expired. tbh we're talking about a 7 yr old feature that is in dnsmasq since 2011.
this is hell of a tool to get stuff under control.

Re: feature request ADVANCED DNS Server

Posted: Thu Sep 27, 2018 4:45 pm
by onlineuser
Are there any news about this feature request?

Re: feature request ADVANCED DNS Server

Posted: Thu Sep 27, 2018 5:58 pm
by Sob
I believe that MikroTik is preparing full-featured DNS server package as Christmas surprise. To be released a year or two after RouterOS v7.

Re: feature request ADVANCED DNS Server

Posted: Thu Sep 27, 2018 11:32 pm
by jondavy
I believe that MikroTik is preparing full-featured DNS server package as Christmas surprise. To be released a year or two after RouterOS v7.
Wow, that would be great!!

Re: feature request ADVANCED DNS Server

Posted: Fri Sep 28, 2018 1:15 am
by Sob
I guess I should have added some fitting smiley like this one: :twisted:

Because in reality, there are some problems with my optimistic vision. It's not exactly true, at best I can go for "I want to believe". And also, I'm probably not the only one who uses "release date of RouterOS v7" as original synonym for "never". I'm pretty sure that it will change eventually, but don't hold your breath. That's for v7, DNS is yet another matter.

Truth is, I don't really think there's enough demand to warrant development of DNS server for RouterOS. If they would integrate some existing software, maybe. But it looks like they (for quite some time already) prefer do make things themselves.

Re: feature request ADVANCED DNS Server

Posted: Wed Jul 17, 2019 10:17 pm
by onlineuser
Dear Mikrotik developer

are there any news about this feature?