MIKROTIK 7.1rc6 192.168.88.1
ADGUARD 192.168.88.250
PC 192.168.88.101
Mikrotik DNS Forwarder is AdGuard
/ip dns set allow-remote-requests=yes servers=192.168.88.250
AdGuard doing DoH to Cloudflare
PROBLEMS:
1. if my pc dns is AdGuard, I can bypass isp sensor perfectly
if my pc dns is mikrotik, it will use ISP dns, eventhough I already set my mikrotik dns forwarder to AdGuard
Anyone know where my problem is
tq
UPDATE1:
-tried to modify netwatch to change dhcp server dns server insted of mikrotik dns server forwarder
viewtopic.php?t=144577
DNS forwarder to AdGuard
Last edited by nbctcp on Wed Nov 17, 2021 9:30 am, edited 1 time in total.
-
-
vecernik87
Forum Veteran
- Posts: 882
- Joined:
Re: DNS forwarder to AdGuard
Very likely your router gets dynamic DNS from your ISP.
Check your status. If you see dynamic servers - that is the reason.
If you found your dynamic DNS servers, you can disable this by setting in your setting.
Check your
Code: Select all
/ip dns printIf you found your dynamic DNS servers, you can disable this by setting
Code: Select all
use-peer-dns=noCode: Select all
/ip dhcp-client
Re: DNS forwarder to AdGuard
So you want both clients and the MT use the local AdGuard server?
For clients use /ip dhcp network to configure the DNS server. Makes no sense (to me) to use the MT as DNS server in between.
For MT use the forwarder (that you already configured) AND make sure that on the DHCP client (assuming you use that for your WAN interface) the Use Peer DNS is deactivated.
For clients use /ip dhcp network to configure the DNS server. Makes no sense (to me) to use the MT as DNS server in between.
For MT use the forwarder (that you already configured) AND make sure that on the DHCP client (assuming you use that for your WAN interface) the Use Peer DNS is deactivated.
Re: DNS forwarder to AdGuard
1. dns peer in dns server already disabled
/ip/dhcp-client> /ip dns/print
servers: 192.168.88.250
dynamic-servers:
2. reason I use mikrotik as dns server so that I can use netwatch in case adguard server down it will change dns server forwarder to isp dns
/ip/dhcp-client> /ip dns/print
servers: 192.168.88.250
dynamic-servers:
2. reason I use mikrotik as dns server so that I can use netwatch in case adguard server down it will change dns server forwarder to isp dns
So you want both clients and the MT use the local AdGuard server?
For clients use /ip dhcp network to configure the DNS server. Makes no sense (to me) to use the MT as DNS server in between.
For MT use the forwarder (that you already configured) AND make sure that on the DHCP client (assuming you use that for your WAN interface) the Use Peer DNS is deactivated.
Re: DNS forwarder to AdGuard [SOLVED]
...get rid of the ISP-DNS alltogether....as said, disable in DHCP-client to ISP and in MT DNS settings.
In MT Router, for DHCP-Server to your local clients set DNS-Servers as A: Adguard-IP (...88.250) and B: MT-IP (...88.1)
In MT DNS, set forwarded DNS to the same list (well, the plain IP based ones) as configured in Adguard.
In any case, enable forward drop rule for DNS traffic from clients/to outside/WAN (except adguard IP) not directed towards adguard or MT
In MT set port forwarding Rule to forward all DNS traffic to Adguard-IP
In netwatch enable/disable said port forwarding rule for DNS traffic (udp:53) from clients to adguard when up/down.
This way, when adguard down, you will still get DNS from your chosen upstream DNS, and "only" loose adblock/save-search features until adguard IP is up again.
When Adguard up, client requests to MT router (client has two DNS options to choose from, as delivered per DHCP) will be forwarded to Adguard
In MT Router, for DHCP-Server to your local clients set DNS-Servers as A: Adguard-IP (...88.250) and B: MT-IP (...88.1)
In MT DNS, set forwarded DNS to the same list (well, the plain IP based ones) as configured in Adguard.
In any case, enable forward drop rule for DNS traffic from clients/to outside/WAN (except adguard IP) not directed towards adguard or MT
In MT set port forwarding Rule to forward all DNS traffic to Adguard-IP
In netwatch enable/disable said port forwarding rule for DNS traffic (udp:53) from clients to adguard when up/down.
This way, when adguard down, you will still get DNS from your chosen upstream DNS, and "only" loose adblock/save-search features until adguard IP is up again.
When Adguard up, client requests to MT router (client has two DNS options to choose from, as delivered per DHCP) will be forwarded to Adguard