Community discussions

 
User avatar
m4t7e0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Jun 09, 2015 12:17 am
Contact:

DNS Who is primary?

Thu May 16, 2019 12:54 pm

Hi dear i have a question for all DNS Expert!
For a temporany solution i have to CNAME a single domain for allow hotspot (and it redirect all 53 upd to isself before autentication) redirection to my own page. Unfortunatelly it can't be an "A" record.

So i create my own DNS server as proxy of googledns with an exception for mydomain.com[existing public DNS] (who have to be CNAME to hsdomain.com) and mikrotik put it as DNS default DNS, with googlse DNS Servers.

My ownDNS is reachable only via VPN and this VPN is connected by URL (different form mydomain.com) and also no is possible to edit it to IP.
servers: 10.255.255.254,8.8.8.8,8.8.4.4
              dynamic-servers: 192.168.0.1
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 2048KiB
                cache-max-ttl: 1w
                   cache-used: 40KiB
The question is which DNS mikrotik are using first?
How i can force to use myown DNS before use ask on secondary DNS and in the same time have the secondary dns for solve the VPN connection url?

There is some trick?
At the moment i just thiked to user netwatch for ping dns via VPN and when it start to be reachable, remove ths dns list with only vpn, and also schedule to add it back on reboot.

Any different solution? (is a temporany solution and i will using it for 20 days)
 
Sob
Forum Guru
Forum Guru
Posts: 4182
Joined: Mon Apr 20, 2009 9:11 pm

Re: DNS Who is primary?

Thu May 16, 2019 6:55 pm

Mixing resolvers like this doesn't work reliably. RouterOS starts with first server, moves to next one on failure and keeps using it until another failure, when it moves to next one again (or to first if it was on last).

Proper solution would be either ability to add also static CNAME records, or support for DNS forwarders, so you could tell router that all queries for mydomain.com should go to 10.255.255.254. Unfortunately, RouterOS has neither. Forwarders can be in some cases solved using L7 hack, but it's not pretty and doesn't work for everything.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
m4t7e0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Jun 09, 2015 12:17 am
Contact:

Re: DNS Who is primary?

Thu May 16, 2019 7:50 pm

Mixing resolvers like this doesn't work reliably. RouterOS starts with first server, moves to next one on failure and keeps using it until another failure, when it moves to next one again (or to first if it was on last).

Proper solution would be either ability to add also static CNAME records, or support for DNS forwarders, so you could tell router that all queries for mydomain.com should go to 10.255.255.254. Unfortunately, RouterOS has neither. Forwarders can be in some cases solved using L7 hack, but it's not pretty and doesn't work for everything.
thanks
Mixing resolvers like this doesn't work reliably. RouterOS starts with first server, moves to next one on failure and keeps using it until another failure, when it moves to next one again (or to first if it was on last).
How i possible to order it... looks not possible
 
Sob
Forum Guru
Forum Guru
Posts: 4182
Joined: Mon Apr 20, 2009 9:11 pm

Re: DNS Who is primary?

Thu May 16, 2019 9:43 pm

You're right, you can't do it like this.

You can check if the L7 hack could help you, i.e. you would remove 10.255.255.254 from "/ip dns" and you'd only redirect selected queries there with L7.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
m4t7e0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Jun 09, 2015 12:17 am
Contact:

Re: DNS Who is primary?

Fri May 17, 2019 8:18 pm

You're right, you can't do it like this.

You can check if the L7 hack could help you, i.e. you would remove 10.255.255.254 from "/ip dns" and you'd only redirect selected queries there with L7.
Great Guide, but it doesent work before the hotspot authentication...


UPDATE 19:29:
i change the chain in NAT not as "dstnat" but in "pre-hotspot" and also added the ip of DNS inside the walledgarden.... Next week i will do some other test!..
looks great!

Who is online

Users browsing this forum: No registered users and 17 guests