Hi Sindy, are you saying that the no matter what the OP sets for DNS in the router it will alwasy use WAN1?
What I am saying is nothing more than that the router's own processes such as NTP client, DNS proxy etc. cannot be told to use other routing table than "main" by means of the VRF configuration
You can use /ip route rule
rows and /ip firewall mangle
rules to make router-originated packets use other routing tables, but that's beyond the "VRF only" setup.
I understand if one sets DNS to MT cache DNS or to LANIP the router will use WAN1 regardless.
Correct (in this context where WAN1 is a default gateway interface for routing table "main").
But by external do you mean set DNS to 220.127.116.11 for example in DHCP settings?
In this case DNS request on LAN2 would go out WAN2 and head for 18.104.22.168???
Exactly. Because for the router, such packet to 22.214.171.124:53 is nothing special, just another packet to be forwarded.
Okay lets say one never discovered the VRF functionality.
How would the OP configure the router use routing rules..........???
The point is that routing rules (and/or mangle rules) alone are not enough. These rules are used to force a particular routing table to use to the packet, but you first have to build
the routing tables to be used. This is no deal for static routes, you just add routing-mark=xyz
to route's parameters when adding it, but dynamically added routes (on all kinds of L3 PPP interfaces and/or on DHCP clients attached to L2 interfaces, which is the vast majority of WANs in the SOHO environment), are always added to the routing table which is a default one for the interface, i.e. the one indicated by the /ip route vrf
row or the "main" one. So to move (or duplicate) these routes into another routing table than the one implied by the interface, you need scripting, so yet another can of worms.
So to achieve the same behavior like using VRF, you need
- a script triggered by the dynamic assignment of IP configuration to WAN2, which creates (or updates, so the script must distinguish between the two cases) a default route in the desired routinig table (i.e. labeled with the desired routing-mark) with the gateway IP assigned by the dynamic configuration protocol.
- /ip firewall mangle rules which assign the desired routing-mark to packets coming in via WAN2 or LAN2:
/ip firewall mangle
add chain=prerouting in-interface=WAN2 action=mark-routing new-routing-mark=xxx
add chain=prerouting in-interface=LAN2 action=mark-routing new-routing-mark=xxx
- an /ip route rule preventing packets bearing a particular routing-mark from reverting to use of routing table main if no route with the required routing-mark is available (which happens e.g. when WAN2 or LAN2 are down): routing-mark=xxx action=lookup-only-in-table table=xxx
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.