There is RouterOS 5.25, with DNS server enabled.
All clients are confugured to use ROS DNS only.
When "www.microsoft.com" is added to IP/DNS/Static as 10.20.30.40,
nslookup on client workstations returns multiple values - 10.20.30.40 and external ones.
How to suppress external DNS resolution for names presented in static DNS list?
I want to get 10.20.30.40 only.
-
-
SpaceCommander
Frequent Visitor
- Posts: 50
- Joined:
Re: Static DNS record does not suppress external one?
Hi,
Please check your work stations DNS entry. There should be only your router's IP.
Please check your work stations DNS entry. There should be only your router's IP.
-
-
SpaceCommander
Frequent Visitor
- Posts: 50
- Joined:
Re: Static DNS record does not suppress external one?
Yes, it is so, of course.Hi,
Please check your work stations DNS entry. There should be only your router's IP.
Re: Static DNS record does not suppress external one?
Please provide your DNS configuration.
-
-
SpaceCommander
Frequent Visitor
- Posts: 50
- Joined:
Re: Static DNS record does not suppress external one?
Mikrotik Settings:Please provide your DNS configuration.
Code: Select all
[admin@MikroTik] > /ip dns ex
# sep/20/2013 23:17:15 by RouterOS 5.25
# software id = N69E-277L
#
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=4096 \
servers=""
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
add address=10.20.30.40 disabled=no name=microsoft.com ttl=1d
[admin@MikroTik] > /ip dns pr
servers:
dynamic-servers: 8.8.8.8, 8.8.4.4
allow-remote-requests: yes
max-udp-packet-size: 4096
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 452KiB
Code: Select all
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
$ pgrep -fl dns
801 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.0.1 --conf-file=/var/run/nm-dns-dnsmasq.conf --cache-size=0 --proxy-dnssec
$ cat /var/run/nm-dns-dnsmasq.conf
server=192.168.88.1
Code: Select all
$ host microsoft.com
microsoft.com has address 64.4.11.37
microsoft.com has address 65.55.58.201
microsoft.com has address 10.20.30.40
microsoft.com mail is handled by 10 microsoft-com.mail.protection.outlook.com.
$ host microsoft.com 192.168.88.1
Using domain server:
Name: 192.168.88.1
Address: 192.168.88.1#53
Aliases:
microsoft.com has address 65.55.58.201
microsoft.com has address 64.4.11.37
microsoft.com has address 10.20.30.40
microsoft.com mail is handled by 10 microsoft-com.mail.protection.outlook.com.
Re: Static DNS record does not suppress external one?
Hi,
I tested it on my network & working fine. Please try to redirect all dns traffic to router itself.
I tested it on my network & working fine. Please try to redirect all dns traffic to router itself.
Code: Select all
/ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=53 protocol=udp src-address=192.168.88.0/24 to-ports=53-
-
SpaceCommander
Frequent Visitor
- Posts: 50
- Joined:
Re: Static DNS record does not suppress external one?
Hmmm...Hi,
I tested it on my network & working fine. Please try to redirect all dns traffic to router itself.Code: Select all/ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=53 protocol=udp src-address=192.168.88.0/24 to-ports=53
It is very-very strange, but after adding this rule all works fine, as it should be.
And even after disabling this rule, all still works.
Re: Static DNS record does not suppress external one?
Good LuckIt is very-very strange, but after adding this rule all works fine, as it should be.
And even after disabling this rule, all still works.
Re: Static DNS record does not suppress external one?
Client devices tend to have a DNS cache... Be sure in the future to clear the MikroTik's cache as well as the computer you're running the test on.
Who is online
Users browsing this forum: mquan1984 and 133 guests