Hello!

I use static DNS ( /ip dns static). It is usable and works perfect!
When I do special DNS for Local network (/ip dhcp-server network) I can't use my static-names anymore (from mentioned local network of course).
Why is that?
How can I resolve this situation?

Thank You!

Hmmm not sure what you are getting at??

I use IP servers on the internet and allow remote requests.
If there are any subnets I have (vlans etc) that I wish to have specific DNS servers I simply
replace the dhcp-network-setting from
network ............... gateway ............. dns server
From
192.68.50.0/24 ..... 192.168.50.1 ..... 192.168.50.1 To
To
192.68.50.0/24 ..... 192.168.50.1 ..... 8.8.4.4 (google for example)

If you want clients to see records from "/ip dns static", they have to use your router as their DNS resolver. If you put different DNS server in DHCP server config, which doesn't have same records as you have in "/ip dns static", clients can't see them.

So try to write a little more about what you want to achieve and maybe we'll find a way.

I do the same
I mean DNS Static names as an exceptions.
For example /ip dns static:
name=receiver.muz address=192.168.10.5
name=decoder.tv address=192.168.10.6
name=mikrotik.com address=192.168.10.7 ))

But in case as You wrote

replace the dhcp-network-setting from
network ............... gateway ............. dns server

I can't use DNS static names behind configured Network.

If you put different DNS server in DHCP server config, which doesn't have same records as you have in "/ip dns static", clients can't see them.

Yes, it's true. But it's illogical (imho).
How can I resolve it?

No, it's very logical. They are different servers. If you give some info to one and then tell clients to ask another for that info, it simply doesn't have it and can't give the answer you want.

Is there a reason why you put different dns server in "/ip dhcp-server network" instead of router's address?

No, it's very logical. They are different servers. If you give some info to one and then tell clients to ask another for that info, it simply doesn't have it and can't give the answer you want.

Is there a reason why you put different dns server in "/ip dhcp-server network" instead of router's address?

In my case, it is because I suspected that smart devices and also a PS4 were having issues with cached MT dns???

Absolutely agree!
It's illogical that Network with own DNS server hasn't an exceptions (static names).

@anav: Why not, but then you can't complain about those devices not being able to resolve static names from your router's "/ip dns static".

@alexbob: How would you expect it to work? You specifically tell clients to use external server, so that's where they ask. Should your router magically step in when they ask for certain names, intercept the query and answer instead? Not that it would be completely impossible, but it's not how it's done.

@sob, hahaha where did you ever get the impression I use static DNS settings, such a cwazee idea LOL. I lowwwwthhheee (loathe) static DNS, gives me the heebeejeebies, the unmitigated gall to suggest I use them.......... xcuse me while I wipe my eyes for having read it!!

@anav: Ok, let's try different wording, what I meant was that if you'd have some static records, and you'd give dhcp clients some other dns resolver than your router, then you could not be surprised that those clients don't see your static records. I wasn't suggesting that you necessarily have any. If you had, you'd have already complained before the author of this thread did.

But if anyone really wants to do this, it is possible to intercept dns queries for specific hostnames and redirect them to local resolvers with L7 matcher like this: So even if client uses external resolver, it can still get some locally configured addresses. But it's not nice solution. I don't know what idiom English uses for something like this, where I live we have "to scratch yourself behind right ear with your left leg", which means doing something overcomplicated and unnecessary. But some people may like it like that, I guess.

@Sob Thx. But I would refrain from using Layer 7 protocol expressions.

@anav

How would you expect it to work?

This is exactly what I think is useful.

Same question, how would you expect it to work? And I don't mean the magic button in user interface, but what should it really do technically? I don't know how to explain it better, but if you're telling clients to use 77.88.8.7 and 77.88.8.3, those servers have no idea about what you set in "/ip dns static". Packets with queries don't go to router (where a service running on router would get them) but through router, so basically there would have to be some equivalent of L7 matcher internally, only you wouldn't see it.

Correct way is:

The mad musings of a Mikrotik user obsessed with the minutia in life (should I use in-interface or destination address - I know I will flip a coin 200 times and take the PCC average based on.......)

"Yeah John, I am perfecting this forum technique I call (Bait and Run) .... I find the craziest whackjobs asking questions in a forum. I spin them up and then sucker in experts to try and sort it out and they get themselves tied into pretzel knots trying to explain router setups to people off their meds and of course they turn blue then purple and then I split to find another thread with potential............"

Oh hi Sob! Lovely day for tennis!

I don't think this question goes necessarily into bait category. I could imagine legitimate uses for something like this, to have different DNS resolver instances on router for different DHCP servers, independent on each other.

You could have limited LAN1 using DNS 192.168.88.1 (= on router), with upstream resolvers that filter some stuff (e.g. some porn block). And then unlimited LAN2 using 192.168.89.1 (= on same router), with regular non-filtering upstream resolvers. And it would be independent, so if you wanted local static records, you could add them only to selected instance. It would be useful and I'm sure many people would like it.

Bad news is that current RouterOS doesn't support anything like this and chances to have it added are I'd say very low, and that's optimistic view.

I would put a solved box around your last post and move on.

But I would refrain from using Layer 7 protocol expressions.

Why refrain from this?

I do as Sob suggested. At my office, my Mikrotik maintains a VPN to my clients. Using L7, I intercept DNS packets and redirect them to the client's internal DNS server. Now, any PC from my office can remote into any workstation via DNS. A user calls for support, they read their computer name off a sticker, I connect to their screen via ComputerName.ClientName.local

I don't like it either, whole L7 matching is more hack than proper tool (but that's an opinion anyone is free to disagree with).

If you use it as substitute for conditional forwarders (a feature MikroTik didn't implement even ten years after it was requested, even though it's nothing special, I'd say it's pretty basic thing), it mostly works and usually you have just one domain, so it's one rule and that's it. Not great, but not too bad.

In this case I understand that hostnames with different domains would be used, so there would be L7 filter for each, which makes it a really messy solution.