Hi,

I have a L009UiGS and use RouterOS 7.16.2. I want to add a new isolated network for my smart-home gadgets. One reason is because I have an inverter and an EV-wallbox in garage connected to the router via ethernet port (ether2) and I don't want anyone can access private stuff (e.g. NAS) by simply plug-off one of the devices and plugin a computer.

I was able to successfully set this up, but within the new network local DNS is not resonding (pointing to default gateway). Just getting timeouts on "nslookup whatever.com". Routing, NAT, etc. works fine. When using my provider's name-servers instead everything is fine and I can access any internet service (e.g. websites, etc.). I initially setup the router using the standard configuration and in this network, to which all my computers and also NAS is connected, local DNS works fine. I would prefer to use local DNS, because it is updated whenever the public IP lease expires and maybe new name-servers are provided.

This is my setup for the new network:
Changing attribute "dns-server=172.18.0.1" to my ISPs DNS makes it work as hinted above.

It seems like local DNS is not available on 172.18.0.1 or traffic is dropped. I didn't find any configuration on the default network, searching "export compact", which makes DNS explicitly available to the network created by the default configuration.

Has anyone an idea how to fix this?

Thank you,
Stephan

Whitin the small Configuration exemple, I can`t identify the Issue
Is it possible to upload the full Config ?
(/export file=anynameyouwish (minus device serial number, any public WANIP information, keys))

@ConnyMercier: Thank you for supporting me! I'm very new to routers in general and this device in particular (2 month). Find the export attached. I replaced all secrets and identifier.

The default configuration is tagged by "defconf". Additionally, I also added a network for containers (veth1) which suffers the same way: local DNS provided by the default-gateway is not available within the containers. Initially, I though this problem is caused by the container implementation, but maybe there is a common root cause.

Hi,

The default firewall only accepts DNS queries from members of the LAN interface list. Make smarthome a member. This should solve your immediate issue.

You should also remove ether1 from the WAN interface list. (You are not actually receiving internet on ether1, but on the pppoe interface.) Also, set detect internet to none. (It is only known to mess things up in unpredictable ways.)

Please note that by default your router will forward packets between your "home" and "smart" networks, so isolating them (exactly according to your wishes) will take some more configuration in the firewall.

@lurker888: Thank you for those valuable hints ! I will try to apply them and give feedback.

Why are you adding multiple bridges instead of using VLANs? Just use VLANs. That's what they're for. Multiple bridges will slow things down and is not the correct way to go about this.

https://help.mikrotik.com/docs/spaces/R ... 14957/VLAN