Community discussions

MikroTik App
 
aurebus
just joined
Topic Author
Posts: 3
Joined: Fri Jul 09, 2021 9:04 pm

Static DNS records

Fri Jul 09, 2021 9:25 pm

Hello,

googling did not help me so I thought this is the place to ask.

my hap ac2 is running 6.48.3. It is the only DNS server for devices on my LAN.
I've configured some static DNS records and these hosts (A-records) are being resolved as I want.
My upstream (DoH) DNS is NextDNS which has logging. It shows that Mikrotik regularly query these hosts which is a big & unpleasant surprise for me.

Why would it go to upstream server if it has them in static? They are different from NextDNS anyway.
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Static DNS records

Sat Jul 10, 2021 2:20 pm

Is the NextDNS DoH upstream configured only on the hAP, or have you got it on the client computers as well? It may be that your clients are querying both in parallel in case one goes down, to avoid the delays inherent in serial querying.

Can you set up packet monitoring on the hAP to show that a DoH query goes out to NextDNS from the hAP when you do a DNS query on the client for one of your local static DNS entries?
 
aurebus
just joined
Topic Author
Posts: 3
Joined: Fri Jul 09, 2021 9:04 pm

Re: Static DNS records

Sat Jul 10, 2021 2:31 pm

Is the NextDNS DoH upstream configured only on the hAP, or have you got it on the client computers as well? It may be that your clients are querying both in parallel
The thing is, NextDNS allows to identify clients, so I am sure this is Mikrotik:

"Identify your devices
Follow the instructions below to identify your devices in Analytics and Logs.

DNS-over-HTTPS

Append the name to the provided URL (the name should be URL encoded).
For "John's Firefox", you would use https://dns.nextdns.io/1a2bc3d4/John's%20Firefox as your DNS-over-HTTPS endpoint."


So I set up my router to identify as 'Mikrotik' and in the logs right now I can see that one of the hostnames in question was requested by:

"Mikrotik a minute ago"
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: Static DNS records

Mon Jul 12, 2021 12:47 pm

So I have a similar setup using NextDNS.
I have added a few static DNS records that end in network.lan so I can assess network assets by name instead of IP.
Clients can ONLY use MT or NextDNS as DNS resolver. Everything else is blocked.
So I did a quick look in the NetxDNS GUI and found nothing. I however downloaded the entire log and hey presto there they are. All my MT DNS resolvers are trying to resolve the internal static records I have added and like you I see them on a regular interval asking. Guess the reason I do not see them in GUI is that they cannot be resolved. I will add all my records to NextDNS as well (as you can do this) and track it some more but this is not how a A record should behave.
Have you created a case for this?
 
aurebus
just joined
Topic Author
Posts: 3
Joined: Fri Jul 09, 2021 9:04 pm

Re: Static DNS records

Mon Jul 12, 2021 8:22 pm

So I have a similar setup using NextDNS.
I have added a few static DNS records that end in network.lan so I can assess network assets by name instead of IP.
...
I will add all my records to NextDNS as well (as you can do this) and track it some more but this is not how a A record should behave.
Have you created a case for this?
Hi,

no, I'm kinda new in interaction with Mikrotik so no case created yet. And thanks for the tip, did not know there is such functionality
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Static DNS records

Mon Jul 12, 2021 8:28 pm

Perhaps that is related to the fact that type=FWD does not work if DoH is enabled... I hope Mikrotik will look into this and fix this/both issues.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Static DNS records  [SOLVED]

Mon Jul 12, 2021 8:48 pm

The DoH function was added to the existing DNS resolver in a completely incorrect way.
Of course the correct thing to do would have been to add it as a next-level resolver the same way as the existing resolvers already were.
But it appears that once you enable DoH, it does not go as a resolver behind the existing static and cache function, but rather it is added in front of it.
So, it is not possible to combine static records with DoH mode. Disable DoH and it will work as you want (first look in cache and static records, and only query the configured resolvers when that does not yield a result).
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: Static DNS records

Mon Jul 12, 2021 11:46 pm

Perhaps that is related to the fact that type=FWD does not work if DoH is enabled... I hope Mikrotik will look into this and fix this/both issues.
I wonder if this is part of CNAME issues I have. If you add a CNAME with a public A record it does not resolve. When you query the CNAME it does not lookup the A record and only provides a response if the A record is in the cache.
Will turn off Doh as soon as I have access and test again.
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: Static DNS records

Tue Jul 13, 2021 9:11 am

Nope did not solve the CNAME issue I have (and have a case for at MT).
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Static DNS records

Tue Jul 13, 2021 10:03 am

Yes, the resolver really needs to be ditched and replaced with a working opensource resolver (there are several)....

Who is online

Users browsing this forum: akakua and 61 guests