i am using my Microtik Router to forward all DNS requests for *.mydomain.com to a internal DNS Server because i access services trough a vpn and the outfacing dns does not resolve them.
Code: Select all
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
2 ;;; Ext DNS Response
chain=srcnat action=masquerade protocol=udp dst-address=<IP of DNS Server> dst-port=53 log=yes log-prefix="Special DNS"
4 ;;; Ext DNS Request
chain=dstnat action=dst-nat to-addresses=<IP of DNS Server> to-ports=53 layer7-protocol=Special_DNS protocol=udp
src-address=192.168.0.0/24 dst-address-type=local dst-port=53 log=yes log-prefix="Special DNS"
[admin@MikroTik] /ip firewall layer7-protocol> print
# NAME REGEXP
0 Special_DNS mydomain.com
I set the IP of my mikrotik without encryption as fixed and only dns server on the win11 client.
When i try to access an application like test.mydomain.com using chrome, firefox or soapui i get a dns not found error.
Then i try ping test.mydomain.com and this works. After that i can access test.mydomain.com with my applications as long as it stays in dns cache.
UPDATE AT THIS POINT: If i try several times with my application (in this test case 6 refresh in firefox) it suddenly works. I do not understand why...
I know that this is a Windows 11 problem, but it only occurs with mydomain.com forwarded addresses. I also have some local DNS entries like nas.local. These always work fine (resolved by mikrotik).
I suspect that Windows 11 is trying to resolve encrypted DNS on its own, even though a static DNS server without encryption is specified.
Since I'm sure I won't be able to find help in a Win 11 forum with this setup, I'll ask here. I hope someone has an idea. It's no fun to use ping all the time to get the IP resolution to work.
BR
mode