Community discussions

MikroTik App
 
fragtion
Member Candidate
Member Candidate
Topic Author
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Built-in DNS Client fails via VRF?

Wed Nov 03, 2021 3:05 pm

Hi

Assume fresh configuration with ether1 and ether2 connected to the same switch...

1. Assign 192.168.1.2/24 gw 192.168.1.1 to ether1 (assume 192.168.1.1 is our WAN on another router altogether)
2. Assign 192.168.0.1/24 to ether2, which we'll use to telnet/winbox into this mikrotik
3. Assign ether1 to a new VRF, let's call it "gw".
4. Add new route as follows: /ip route add dst-address=1.1.1.1/32 gateway=192.168.1.1@gw routing-table=main
5. Mikrotik can now access the internet normally, eg ping 1.1.1.1 without specifying "vrf=gw" and receives replies
6. Prepare the DNS client: /ip dns/set servers=1.1.1.1
6. Try to resolve with the DNS client
[admin@RouterOS] > /resolve google.com
failure: dns server failure
[admin@RouterOS] >

Conclusion:
It seems as if mikrotik's DNS client doesn't recognize INPUT traffic coming to it from the VRF interface, although that traffic appears in the log if I enable input logs, eg:
input: in:(unknown 152) out:(unknown 0), src-mac 04:4f:4c:8e:f0:db, proto UDP 1.1.1.1:53->102.168.1.2:36084, len 71

I presume this is somewhat expected right now, and related to these posts?
viewtopic.php?t=135663
viewtopic.php?t=103898
viewtopic.php?t=50147

Any pointers welcome

I'm using v7.1rc5

Thnx
 
marcodmb
just joined
Posts: 7
Joined: Sat Feb 12, 2022 1:57 pm

Re: Built-in DNS Client fails via VRF?

Fri Sep 30, 2022 8:37 pm

Same issue here... any hints? RouterOS 7.5
 
xxrentnerxx
just joined
Posts: 5
Joined: Fri Jan 14, 2022 12:20 am

Re: Built-in DNS Client fails via VRF?

Sat Oct 01, 2022 11:51 pm

same under 7.6beta10

each of my WAN is in a own VRF.

main VRF traffic is balanced via PCC into the two VRF. Traffic entering a WAN-VRF from main VRF is connection-marked, to be routed back into main directly. Every works perfectly except traffic initiated by the router itself.

using a secondary mini RB as workaround currently (DNS, NTP and IPSec)
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: Built-in DNS Client fails via VRF?

Sun Oct 02, 2022 6:28 am

instead of
/resolve google.com

try this:
:put [:resolve google.com]

Who is online

Users browsing this forum: adrianmartin16, Ahrefs [Bot], Bing [Bot], rogerioqueiroz, russman and 81 guests