Community discussions

MikroTik App
 
mode
newbie
Topic Author
Posts: 37
Joined: Sun Jun 03, 2018 12:12 am

new DNS FWD not working

Wed Dec 01, 2021 2:05 pm

Hi,

i am using DNS forwarding for a specific domain using the well known srcnat and dstnat rules with layer 7 regex.

This ist working fine but i want to replace it with the new dns fwd feature.

I did a simple test that is not working:
[admin@MikroTik] > ip
[admin@MikroTik] /ip> dns
[admin@MikroTik] /ip dns> static 
[admin@MikroTik] /ip dns static> add regexp=".*\\.example\\.com\$" forward-to=10.0.0.1
10.0.0.1 is not existing, so i expected example.com not be resolved. But it still is resolved.

C:\Users\mode>nslookup example.com 192.168.6.1
Server:  mikrotik.local
Address:  192.168.6.1

Nicht autorisierende Antwort:
Name:    example.com
Addresses:  2606:2800:220:1:248:1893:25c8:1946
          93.184.216.34
Any idea why?
DoH is not enabled on the mikrotik.

BR

mode
 
spynappels
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Oct 25, 2021 12:32 pm
Location: Northern Ireland
Contact:

Re: new DNS FWD not working  [SOLVED]

Wed Dec 01, 2021 2:23 pm

I suspect the regex itself is wrong.

Putting it into a few online regex testers, the double backslash (\\) is causing the backslash to be interpreted literally, using single backslashes allows the . to be evaluated literally, but then the .* at the beginning means example.com itself doesn't match.

.*\.example\.com$ matches www.example.com but not example.com, at least on regex101.com. I've not had an opportunity to test it myself on ROS yet.

Edit: The following appears to match both example.com and www.example.com, it was actually the first \. that meant only subdomains would match, not the naked domain itself:
.*example\.com$
 
mode
newbie
Topic Author
Posts: 37
Joined: Sun Jun 03, 2018 12:12 am

Re: new DNS FWD not working

Wed Dec 01, 2021 2:53 pm

ok perfect. First you have to flush the dns cache on the mikrotik when testing.

Then i changed the regex from
.*\.example\.com$
to
.*example\.com$

After this, the domain without subdomain is affected too. Thanks a lot!
 
spynappels
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Oct 25, 2021 12:32 pm
Location: Northern Ireland
Contact:

Re: new DNS FWD not working

Wed Dec 01, 2021 3:11 pm

No problem, glad to be able to help.
 
mode
newbie
Topic Author
Posts: 37
Joined: Sun Jun 03, 2018 12:12 am

Re: new DNS FWD not working

Wed Dec 01, 2021 3:16 pm

And as already known as soon as you enter a DoH Server in DNS Settings, the FWD does not work anymore. Hope that will be fixed soon...
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: new DNS FWD not working

Wed Dec 01, 2021 4:35 pm

Please note that ".*example\.com$" also matches "anotherexample.com", which is a completely different domain.
You could use something like this:
^(.*\.)?example\.com$
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: new DNS FWD not working

Wed Dec 01, 2021 4:38 pm

And as already known as soon as you enter a DoH Server in DNS Settings, the FWD does not work anymore. Hope that will be fixed soon...
Me too... But after all that time I am not very optimistic on this topic...
 
mode
newbie
Topic Author
Posts: 37
Joined: Sun Jun 03, 2018 12:12 am

Re: new DNS FWD not working

Wed Dec 01, 2021 4:41 pm

Clever Idea. So (.*\.) must be found 0 or 1 times?
- > 0 times without Subdomain
-> 1 times with Subdomain

This should be used as example in the wiki https://wiki.mikrotik.com/wiki/Manual:IP/DNS instead of ".*\\.example\\.com\$" used there. Because the ^ is missig there too.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: new DNS FWD not working

Wed Dec 01, 2021 4:57 pm

Clever Idea. So (.*\.) must be found 0 or 1 times?
- > 0 times without Subdomain
-> 1 times with Subdomain
Exactly.
Because the ^ is missig there too.
The example is fine if you expect a subdomain. As any number of any character (.*) is matched there is no point in adding a match on the beginning (^). You could even drop the former, this does the same:
\.example\.com$
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: new DNS FWD not working

Wed Dec 01, 2021 11:35 pm

It would have been so nice if MikroTik did it the same way as everyone else does. Simply let users say that example.com and everything under it should be forwarded to selected server or servers, for redundancy, without completely unnecessary regexps, let it play along with DoH, etc. I'm huge fan of RouterOS, but some of their decisions are really weird. Still, even current state is at least a step in the right direction. Hopefully it's not the last one.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Jan 21, 2014 10:03 pm

Re: new DNS FWD not working

Tue Oct 25, 2022 1:55 pm

And as already known as soon as you enter a DoH Server in DNS Settings, the FWD does not work anymore. Hope that will be fixed soon...
Me too... But after all that time I am not very optimistic on this topic...
I was investigating that specific issue and I'm running 7.6, so I think it is still current, is it ?
 
infabo
Long time Member
Long time Member
Posts: 621
Joined: Thu Nov 12, 2020 12:07 pm

Re: new DNS FWD not working

Tue Apr 18, 2023 11:08 pm

Static FWD entry does not work together with DoH. Yes, learned the hard way too. This MT DoH is indeed acting weird. It forwards all DNS requests to upstream DoH server, even if there exist static DNS entries locally in ROS. Most of my static entries do work, because my upstream DNS (nextdns) can't resolve "home.arpa" domains. Really weird and I can't see a reason why they are handling it so.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: new DNS FWD not working

Tue Apr 18, 2023 11:40 pm

Who is online

Users browsing this forum: Bing [Bot], jvanhambelgium and 78 guests