Community discussions

MikroTik App
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Local DNS - not on Mikrotik but on WinSrv

Wed Apr 20, 2022 2:21 pm

Is anyone else running a local DNS on a local ip segment such as 192.168.1.* and care to let me in on how you configured it in WebFig?
I stumbled over DNS being a requirement for my VMWare solution so I might try to do it on the Router before messing with it on a server...

Router specified on my signature.

Or maybe I should rather do it on the Switch?

Switch specified in signature.

The manual has some basics explained, but not really any good how-to's.
https://wiki.mikrotik.com/wiki/Manual:IP/DNS
Last edited by SecCon on Fri Apr 29, 2022 4:38 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 2:31 pm

DNS is very easily accomplished on the MT, basically it provides a cache function for frequently visited sites is my impression.
Im a winbox guy so cannot help with webconfig.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 2:40 pm

Im a winbox guy so cannot help with webconfig.
I can use both, so feel free to elaborate dear Anav... albeit the cache function is not really what I am after, I need to specify a local DNS server with two local IP entries and then the whole shebang with anav1.workstation.llama and anav2.workstation.llama ... etc...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 2:51 pm

This is exactly how my DNS Servers, on production, are set:
/ip dns
set allow-remote-requests=yes cache-max-ttl=30m cache-size=81920KiB max-concurrent-queries=1000 \
    max-concurrent-tcp-sessions=40 servers=1.1.1.1,8.8.8.8
With that settings, actually only 40892 KiB of memory is occupied.

Default values:
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-concurrent-queries=100 max-concurrent-tcp-sessions=20 \
    max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \
    servers="" use-doh-server="" verify-doh-cert=no

What I have changed and why:
allow-remote-requests=yes obviously for activate the service
cache-max-ttl=30m (from 1w to 30m) do not want too old DNS records...
cache-size=81920KiB (from 2MiB to 80MiB) the RB1100Dx4 have 1GB of ram...
max-concurrent-queries=1000 (from 100 to 1000) for 4000 users are sufficient.
max-concurrent-tcp-sessions=40 (from 20 to 40) TCP is rarely used, 40 for 4000 users are sufficient.
servers=1.1.1.1,8.8.8.8 for specify what servers must be used.

And obviously on Border Firewall, on another machine, no one on Internet can reach the DNS service on that machine...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 3:48 pm

Whats the point in caching for 30 minutes?? How many websites get old after 30 minutes.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 3:53 pm

Be more precise, for you is too high or too low?

For example

TTL are from authoritative DNS, not my DNS

:resolve www.playstation.com

30 minutes:
www.playstation.com -> www.playstation.com-v2.edgekey.net

4 minutes:
www.playstation.com-v2.edgekey.net -> www.playstation.com-v2.edgekey.net.glob ... akadns.net

20 minutes:
www.playstation.com-v2.edgekey.net.glob ... akadns.net -> e2790.dscx.akamaiedge.net

20 seconds:
e2790.dscx.akamaiedge.net -> 23.77.212.145
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 5:12 pm

While i appreciate any insight, I am after LOCAL DNS SERVER and how to set that up.

Not google....
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 5:26 pm

Ops, misunderstanded your post, like @anav....

Please provide a DETAILED description of what you want from your local DNS.

Hint: use a VM with "bind" is better...
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 6:09 pm

So what would be a detailed description?

Humm... I am currently reducing server load as much as possible and adding a vmachine for bind or dnsmasq is not my first option. I would like the network equipment to handle all the network related settings, in principle. I think I have enough juice in my MT devices for that. Not even running Dude yet, but I do run Lansweeper on my FS server which is fulfilling some monitoring things.

As for description, I can't use the ISP DNS, I tried in WinSrv, did not work. Let me tell you what I need it for. I am setting up a vCenter to handle virtual machines and experimenting with perhaps an AD and other things. The requirement for these are at the very least, local DNS server entries, or they won't work. I can't even install vCenter if I don't specify a DNS. Since I am not interested in configuring a Google or Cloudflare DNS, it make no sense since I have nothing that goes towards Internet, I am looking at a local DNS that should be enough for the requirements of an AD and vCenter.

Now, how would I translate that in networking terms? Local DNS on 192.168.1.101 and 192.168.1.102 which I use to do local lookups and can use as alias management so I can type "lansweeper" in my browser instead of 192.198.1.10:44444. Yes, I can of course also edit my local .host file to accomplish that, but then I would have to edit all .host files on all computers and that's not a great idea. I need of course to set fixed IP's on a few devices and servers for this to work and that is not really an issue.

I am trying to explain, I will give more information if asked.

The first question with a quick answer would be if I do this on the Switch or on the Router? My guess would be on the Switch, since it is closer to the devices and currently runs just about nothing but the ports.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 6:14 pm

The MikroTik DNS do not act a real DNS server, but like a DNS proxy.
Do not accept DNS registration from devices,
but if you add a static DNSs like
server.local = 172.16.0.1
vm2.local = 172.16.0.2
etc.
and set on all the device on the local LAN, manually or by DHCP, to use mikrotik DNS, you do the trick.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Wed Apr 20, 2022 8:45 pm

RouterOS as poor man's DNS server is possible, as long as you don't need it to act as authoritative one (mark answers as authoritative, have SOA records for hosted domains, provide zone transfers, ...) and the few supported record types are enough for you.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Thu Apr 21, 2022 10:00 am

"Poor mans DNS" ? "Beggars DNS"?

Yeah, al righty... so can any of you guys step through the cmd's for this achievement, and elaborate on how I can use alias wih it? The DHCP version...
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2984
Joined: Mon Apr 08, 2019 1:16 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Thu Apr 21, 2022 11:20 am

"alias" is a static CNAME type record to be entered in MT DNS

An alias/CNAME record where the A record is on a different DNS server is often a problem. (e.g. even for a Fortigate, it does not resolve)
And ... Microsoft AD has very special requirements for the DNS server.
 
jult
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sat Dec 26, 2020 1:16 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Thu Apr 21, 2022 12:14 pm

We've been using Pihole with Unbound for years on an old openwrt box. I think you could even run openwrt on some mikrotik devices, and then install pihole with unbound.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Thu Apr 21, 2022 2:27 pm

/ip dns static
add address=192.168.88.10 name=anav1.workstation.llama
add address=192.168.88.20 name=anav2.workstation.llama
add address=2001:db:0:88::20 name=anav2.workstation.llama type=AAAA
add address=192.168.88.2 name=mail1.server.llama
add address=192.168.88.3 name=mail2.server.llama
add mx-exchange=mail1.server.llama mx-preference=10 name=mail.llama type=MX
add mx-exchange=mail2.server.llama mx-preference=20 name=mail.llama type=MX
add address=192.168.88.5 name=jabber1.server.llama
add name=_xmpp-server._tcp.chat.llama srv-port=5269 srv-priority=1 srv-target=jabber1.server.llama srv-weight=0 type=SRV
add name=_xmpp-client._tcp.chat.llama srv-port=5222 srv-priority=1 srv-target=jabber1.server.llama srv-weight=0 type=SRV
You get the idea.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Thu Apr 21, 2022 2:35 pm

/ip dns static
add address=192.168.88.10 name=anav1.workstation.llama
add address=192.168.88.20 name=anav2.workstation.llama
add address=2001:db:0:88::20 name=anav2.workstation.llama type=AAAA
add address=192.168.88.2 name=mail1.server.llama
add address=192.168.88.3 name=mail2.server.llama
add mx-exchange=mail1.server.llama mx-preference=10 name=mail.llama type=MX
add mx-exchange=mail2.server.llama mx-preference=20 name=mail.llama type=MX
add address=192.168.88.5 name=jabber1.server.llama
add name=_xmpp-server._tcp.chat.llama srv-port=5269 srv-priority=1 srv-target=jabber1.server.llama srv-weight=0 type=SRV
add name=_xmpp-client._tcp.chat.llama srv-port=5222 srv-priority=1 srv-target=jabber1.server.llama srv-weight=0 type=SRV
You get the idea.
Yeah I think i do. Obvioulsy changing llama for "anav" :lol: and removing the mx-exchange and xmpp entries. Sorry if I am to obvious but that is kinda my mindset. I need to get things explained in steps and practice a bit before it sticks.

We'll see how it turns out in regards to DNS requirements for diff systems.

Thanks
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Thu Apr 21, 2022 3:03 pm

If was just example of different record types, use whatever you need.
 
reinerotto
Long time Member
Long time Member
Posts: 520
Joined: Thu Dec 04, 2008 2:35 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Fri Apr 22, 2022 12:52 pm

I think you could even run openwrt on some mikrotik devices, and then install pihole with unbound.
+1
Or to use dnsmasq, or even powerDNS with openwrt, running on some MT devices.
Done that.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Fri Apr 22, 2022 5:28 pm

After some additional reading I have come to determine I will need a better solution than posted by @Sob . I will configure my WinSrv to handle it, since it will be running regardless.
I am however grateful for the suggestions posted and should I set up some Linux I might very well consider bind or dnsmasq, but not relevant at this time and with current configuration.

Now to find a tutorial and some reading for that.
 
User avatar
SecCon
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Mon May 03, 2021 10:52 am

Re: I think I should be able to run a local DNS on my Mikrotik Router but I can't find how to set it up...

Fri Apr 29, 2022 4:37 pm

So after some tribulations I set up a WinSrv to handle this and it seems to be working.

Image
Image from a virtual w10 machine.

Had issues understanding the logic and explanation, or rather the lack of it, in diverse how-to's and books. Thing is once you setup a DNS on WinSrv it takes the current IP of that WinSrv and add that as one of the DNS servers, then it automatically added another free IP from the 192.168.1.0/24 DHCP pool (I think) giving above result. Now, changing these IP's to a custom dedicated range may be desirable, but as of yet not essential.


// also changed the topic title to better reflect latest content//
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Local DNS - not on Mikrotik but on WinSrv

Fri Apr 29, 2022 7:02 pm

I am using my Windows Server (domain controller) as the DNS server on my main home LAN. For all other LANs, the Mikrotik is the DNS server.

Who is online

Users browsing this forum: 0xAA55, lurker888, pazuwu, pmcsill, rarlup, svh79, Wovka and 50 guests