Community discussions

MikroTik App
 
ajgnet
newbie
Topic Author
Posts: 35
Joined: Wed Apr 27, 2022 1:57 am

Forward reverse DNS lookups to another server?

Thu Dec 08, 2022 3:03 pm

Hello, I didn't see an option for PTR records in the built-in DNS server. Is there another way to forward all reverse lookups for an IP range to another server? For example:
any reverse lookup for 172.20.0.0/14 should query 192.168.2.1 for resolution
Thank you
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Forward reverse DNS lookups to another server?

Thu Dec 08, 2022 9:21 pm

PTR records are created automatically when you add static A/AAAA, but that may not be what you want. Other than that, recent v7 can do this:
/ip dns static
add name=20.172.in-addr.arpa type=FWD forward-to=192.168.2.1 match-subdomain=yes
add name=21.172.in-addr.arpa type=FWD forward-to=192.168.2.1 match-subdomain=yes
add name=22.172.in-addr.arpa type=FWD forward-to=192.168.2.1 match-subdomain=yes
add name=23.172.in-addr.arpa type=FWD forward-to=192.168.2.1 match-subdomain=yes
But it's broken in both current 7.6 and 7.7 betas.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Forward reverse DNS lookups to another server?

Sat Dec 10, 2022 9:53 pm

I'm still unsure why they just don't allow an explicit "PTR" record – that's been missing for a long time.

Further, the docs are pretty incomplete on DNS...: https://help.mikrotik.com/docs/display/ROS/DNS – they don't even discuss "FWD" (which isn't a standard DNS RR type). But the old wiki does speak on this topic, https://wiki.mikrotik.com/wiki/Manual:I ... NS_Entries , but says:
Reverse DNS lookup (Address to Name) of the regular expression entries is not possible. You can, however, add an additional plain record with the same IP address and specify some name for it.

Re:
/ip dns static
add name=20.172.in-addr.arpa type=FWD forward-to=192.168.2.1 match-subdomain=yes
I didn't even know something like that ever worked, but never tried. Less helpful if it stopped working.

edit: corrected URL, formatting
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Forward reverse DNS lookups to another server?

Sat Dec 10, 2022 11:22 pm

They added match-subdomain (which is great thing) in 7.5 and so far it's CLI-only, so it's easy to miss. Previously subdomains required use of regexp. Then they broke FWD records in 7.6 and later, but fortunately it seems that it's not intentional. So it's going in right direction, but slowly and somehow chaotically.

It's as if there's no clear plan. And if there is, they are keeping it for themselves. It would be nice to provide more info. For example, they added DoH support over two years ago, it has completely inconsistent behavior when it comes to static records (FWDs don't work at all, others work differently) and AFAIK nobody bothered to say anyhing about it, if it's intended or not, if they plan to change it or when, nothing. Or few months ago they added this actually quite interesting cooperation between DNS and firewall's address list, and I'm not aware of any info about it from MikroTik (manual included), except single line in changelog. So kind of surprise "discover what it does" puzzle. I can live with it, but it's weird approach. :)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Forward reverse DNS lookups to another server?

Sun Dec 11, 2022 8:33 pm

So it's going in right direction, but slowly and somehow chaotically.
Agree. I mean I saw the post title here & thought "that's one of 'gotchas' you can't do" with ROS DNS - then saw your example to the contrary. Learn something new everyday... In most places RouterOS actually model the RFCs or "Linux primitives" pretty well, but DNS is kinda of a mess. I largely avoid using it in designing networks since no PTR records prevent using DNS-SD for mDNS. The address-list= is a secret step in the right direction, since "management-by-named-lists" is something RouterOS actually does pretty well, except for DNS. Using a regex, while useful sometimes \\.\\.\\. is hardly a very friendly way to access their otherwise useful "FWD by domain" model.

But does seem the OP's issue is likely doable, soonish, which is good.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19101
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Forward reverse DNS lookups to another server?

Sun Dec 11, 2022 8:46 pm

Thee title, just tells me the person is lost......... like a 360 degree turn ;-P

Who is online

Users browsing this forum: Bing [Bot] and 42 guests