Assume fresh configuration with ether1 and ether2 connected to the same switch...
1. Assign 192.168.1.2/24 gw 192.168.1.1 to ether1 (assume 192.168.1.1 is our WAN on another router altogether)
2. Assign 192.168.0.1/24 to ether2, which we'll use to telnet/winbox into this mikrotik
3. Assign ether1 to a new VRF, let's call it "gw".
4. Add new route as follows: /ip route add dst-address=1.1.1.1/32 gateway=192.168.1.1@gw routing-table=main
5. Mikrotik can now access the internet normally, eg ping 1.1.1.1 without specifying "vrf=gw" and receives replies
6. Prepare the DNS client: /ip dns/set servers=1.1.1.1
6. Try to resolve with the DNS client
[admin@RouterOS] > /resolve google.com
failure: dns server failure
[admin@RouterOS] >
Conclusion:
It seems as if mikrotik's DNS client doesn't recognize INPUT traffic coming to it from the VRF interface, although that traffic appears in the log if I enable input logs, eg:
input: in:(unknown 152) out:(unknown 0), src-mac 04:4f:4c:8e:f0:db, proto UDP 1.1.1.1:53->102.168.1.2:36084, len 71
I presume this is somewhat expected right now, and related to these posts?
viewtopic.php?t=135663
viewtopic.php?t=103898
viewtopic.php?t=50147
Any pointers welcome
I'm using v7.1rc5
Thnx