Community discussions

MikroTik App
 
stefanosp
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Mar 01, 2011 1:01 pm
Location: Northern Italy

DoH overrides DNS Static RegEx

Wed Sep 08, 2021 2:08 am

I've found (in 6.48.4 and in LongTerm 6.47.10) that if I setup a DoH server (in my case, NextDNS), DNS static entries of type "FWD" stops working

If I remove DoH server and setup a "normal" DNS server (like 1.1.1.1), DNS FWD static entries work normally.

is this normal behavior? if yes, is there a workaround to make DoH and DNS FWD work together? Thank you
 
stefanosp
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Mar 01, 2011 1:01 pm
Location: Northern Italy

Re: DoH overrides DNS Static RegEx

Mon Sep 13, 2021 11:17 pm

would anyone have any ideas to help me please? :)

Thank you
 
dhoulbrooke
Trainer
Trainer
Posts: 65
Joined: Sun Apr 19, 2015 7:24 am
Location: Whakatāne, New Zealand

Re: DoH overrides DNS Static RegEx

Tue Sep 14, 2021 11:40 am

Unfortunately yes this is the expected behaviour:

Currently, DoH is not compatible with FWD-type static entries, in order to utilize FWD entries, DoH must not be configured.

https://help.mikrotik.com/docs/display/ ... HTTPS(DoH)
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH overrides DNS Static RegEx

Tue Sep 14, 2021 6:51 pm

I am suffering this issue as well...
Would be nice if Mikrotik could repair it.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: DoH overrides DNS Static RegEx

Tue Sep 14, 2021 7:49 pm

The problem is the FWD itself...
If DoH is used, is a nonsense use unsigned FWD replies...

Is why on help page is clearly indicated...
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH overrides DNS Static RegEx

Tue Sep 14, 2021 11:30 pm

I can forward to DNS servers that are in my LAN or accessible via VPN... No leakage of sensitive information there.
 
stefanosp
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Mar 01, 2011 1:01 pm
Location: Northern Italy

Re: DoH overrides DNS Static RegEx

Thu Sep 16, 2021 10:58 pm

I can forward to DNS servers that are in my LAN or accessible via VPN... No leakage of sensitive information there.
exactly my setup.

I found the entry in the Help Page at https://help.mikrotik.com/docs/display/ROS/DNS

The term "Currently" makes me hope for the future.
 
stefanosp
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Mar 01, 2011 1:01 pm
Location: Northern Italy

Re: DoH overrides DNS Static RegEx

Sat Sep 18, 2021 7:52 pm

To bypass the problem, I'm using 2 Routerboards in the same LAN

in the first router, DNS is configured with FWD entries and /ip dns set servers=<the second MIkrotik's IP>
in the second one, DNS is configured with DoH.

It works.
 
Florian
Member Candidate
Member Candidate
Posts: 117
Joined: Sun Mar 13, 2016 9:45 am
Location: France

Re: DoH overrides DNS Static RegEx

Sat Sep 18, 2021 9:14 pm

To bypass the problem, I'm using 2 Routerboards in the same LAN

in the first router, DNS is configured with FWD entries and /ip dns set servers=<the second MIkrotik's IP>
in the second one, DNS is configured with DoH.

It works.
I do that too, but tbh it should work with only one device :D
 
j4c3k
just joined
Posts: 1
Joined: Thu Sep 09, 2021 2:35 pm

Re: DoH overrides DNS Static RegEx

Mon Nov 22, 2021 4:24 pm

I'm also facing this issue. RouterOS v7. It's already few releases happen... I hope it will be fixed soon...
 
mode
newbie
Posts: 37
Joined: Sun Jun 03, 2018 12:12 am

Re: DoH overrides DNS Static RegEx

Tue Jun 21, 2022 11:23 am

Any progress on this?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: DoH overrides DNS Static RegEx

Tue Jun 21, 2022 3:23 pm

Sadly: No.

Who is online

Users browsing this forum: arm920t, Bing [Bot], ccrsxx, Semrush [Bot] and 56 guests