Community discussions

MikroTik App
 
ejuser
just joined
Topic Author
Posts: 4
Joined: Sat Aug 28, 2021 5:19 pm

Router OS - VLAN - DNS traffic

Wed Sep 01, 2021 3:54 am

Hello I am new to RouterOS but familiar with VLANs in OpenWRT/EdgeOS.

I have created 2 vlans in mikrotik RB4011 eth10 port. When I populate the DNS server as public - I could get the DNS working on VLAN clients. But when I leave it blank(for DNS) - it uses the WAN DNS servers as DNS servers.

In OpenWRT/EdgeOS :
VLAN 10 - 192.168.10.0/24 - Gateway -192.168.10.1 - DNS 192.168.10.1
VLAN 20 - 192.168.20.0/24 - Gateway -192.168.20.1 - DNS 192.168.20.1

In OpenWRT - Allow tcp/udp traffic from VLAN to LAN on port 53 and this would make the dns queries work from vlan clients.

In Mikrotik:
- If I specificy the DNS server as public dns server like 8.8.8.8 - DNS queries work fine.
- If I leave the DNS server as blank - it uses the DNS servers of the WAN interface.
My preference is to use 192.168.10.1 (in turn the same router - which uses the nextdns as name resolution and I can't get this nextdns working on vlan clients with the above restriction). Assuming there seems to be a missing firewall rule for DNS look ups from VLAN -> router.

Could you please help on what is the correct way to go about this?

Thanks
 
ejuser
just joined
Topic Author
Posts: 4
Joined: Sat Aug 28, 2021 5:19 pm

Re: Router OS - VLAN - DNS traffic

Wed Sep 01, 2021 8:49 am

I could solve this problem by these rules.

[admin@RB4011] > /ip firewall filter add place-before=5 chain=input action=accept protocol=udp in-interface=all-vlan dst-port=53 log=no log-prefix=""
[admin@RB4011] > /ip firewall filter add place-before=5 chain=input action=accept protocol=tcp in-interface=all-vlan dst-port=53 log=no log-prefix=""
[admin@RB4011] >

reference links:
viewtopic.php?t=149968
viewtopic.php?t=102537
viewtopic.php?t=67879

However unable to use winbox when connected through VLAN - even after opening the port - 8291/tcp. Not sure if there is any other port needed for this.

Thanks

Who is online

Users browsing this forum: Bing [Bot], diasdm, MrBrick, Sailwebwifi, SMARTNETTT and 64 guests