Community discussions

MikroTik App
 
seyamico
just joined
Topic Author
Posts: 9
Joined: Mon Jul 02, 2018 11:49 am

DNS request coming from gateway IP

Fri Jul 30, 2021 7:40 am

Hi, I have a Pi-Hole server up and running on a linux machine.

I have 2 LAN Subnets on 2 ports which are -

ether1=10.10.10.1/24 and ether2=10.10.9.1/24

Both of the subnet is assigned for an individual DHCP server which gateways are 10.10.10.1 and 10.10.9.1

Pi-Hole Server is sitting under ether1 Interface, which IP is 10.10.10.5. I have configured this IP as my DNS server accross all of my devices using DHCP Server

For better understanding, here's my network diagram

Image

my NAT Rules are -

add action=masquerade chain=srcnat src-address=10.10.10.0/24
add action=masquerade chain=srcnat src-address=10.10.9.0/24

I checked the DNS logs, every requests are coming from 10.10.10.1 and 10.10.9.1.

I can't understand what's wrong with my configuration. I need requests from the Device IP's not from their Gateway IP's
Last edited by seyamico on Fri Jul 30, 2021 8:54 am, edited 2 times in total.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: DNS request coming from gateway IP

Fri Jul 30, 2021 8:33 am

If your end devices are configured to use the gateway-IP as DNS then this is normal and you will never see requests from individual LAN devices.
You have the correct DNS-settings in your DHCP-config ? Please post some relevant config pieces for DHCP etc and conceptual drawing if the Pihole is sitting on some special separate network or something. What is the LAN-IP of the Pihole etc,etc,etc
 
seyamico
just joined
Topic Author
Posts: 9
Joined: Mon Jul 02, 2018 11:49 am

Re: DNS request coming from gateway IP

Fri Jul 30, 2021 8:53 am

If your end devices are configured to use the gateway-IP as DNS then this is normal and you will never see requests from individual LAN devices.
You have the correct DNS-settings in your DHCP-config ? Please post some relevant config pieces for DHCP etc and conceptual drawing if the Pihole is sitting on some special separate network or something. What is the LAN-IP of the Pihole etc,etc,etc
I have updated the post with some more details.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: DNS request coming from gateway IP

Fri Jul 30, 2021 9:00 am

Adapt your masq-rules and include the outgoing ISP interface ??
Without specifying the exiting "Internet" interface it will probably do a bit more more snat/masq where you don't want it.

You want traffic from/between 10.10.10.x and 10.10.9.x to flow without any translation/nat/masq actions I guess, just "routed".
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: DNS request coming from gateway IP

Fri Jul 30, 2021 9:55 am

Adapt your masq-rules and include the outgoing ISP interface ??

I agree that masquerade rules should include outgoing ISP interface. But if masq rules are changed that way, you can probably only keep one and omit specifying the src-address. This way router will masq anything going out of ISP interface, no matter what original src-address of packet was. Hence single rule would be enough.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DNS request coming from gateway IP

Fri Jul 30, 2021 1:30 pm

If you only have one WAN connection
add action=masquerade chain=src-nat in-interface=wanconnectionport

DHCP server-network DNS setting for the the user network should be the IP address of the pi-hole device.
Ensure the user subnet has access tot he pi-hole device in forward chain.
Ensure the pi-hole device and the users have access to the internet
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: DNS request coming from gateway IP

Fri Jul 30, 2021 1:37 pm

add action=masquerade chain=src-nat in-interface=wanconnectionport
ehm...

/ip fire nat
add action=masquerade chain=srcnat out-interface=<WAN-interface> src-address=10.10.0.0/16
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DNS request coming from gateway IP

Fri Jul 30, 2021 9:11 pm

I Dont have source addresses on both my masquerade rules.
How on earth have I survived this long??

/ip firewall nat
add action=masquerade chain=srcnat comment="SCR_NAT FOR LAN - FibreOP" \
ipsec-policy=out,none out-interface=vlanbell
add action=masquerade chain=srcnat comment="SCR_NAT for LAN - Cable" \
ipsec-policy=out,none out-interface=Eastlink_eth7


what the heck is this trickery 10.10.0.0/16 ??
to clever for your own good LOL

Why not just go right to 10.0.0.0/8
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: DNS request coming from gateway IP

Sat Jul 31, 2021 7:19 pm

For spoofing reason... must be use the shortest interval possbile, or at least more than one rule for each net

User use (only?)
10.10.10.x and 10.10.9.x

for both 10.10.0.0/16 if 9 and 10 is used, probably also 1,2,3,4 etc.

10.0.0.0/8 is too big and "fast" unique subnet for both are 10.10.0.0/16

the real short for 9 + 10 only are 10.10.8.0/22

Who is online

Users browsing this forum: Ahrefs [Bot], BinaryTB, rplant and 70 guests