Community discussions

MikroTik App
 
User avatar
kaherdin
newbie
Topic Author
Posts: 32
Joined: Sat Nov 20, 2021 7:47 am

How to implement check DNS script

Mon Dec 06, 2021 7:07 pm

Hi
How would I go about to implement this script, and where to put it?
I suppose it would need to run with some frequency (times/minute etc)?
I'm new to mikrotik, so please bare with me.

ref: viewtopic.php?t=170487#p833670
:local piholeDNS "192.168.18.2"
:local testDomain "www.google.com"


:if ([/ip firewall nat [find comment="piholeNAT1"] enabled]) do={
    :do {
        :resolve $testDomain server $piholeDNS
    } on-error={
		/ip firewall nat disable [find comment="piholeNAT1"]
		/ip firewall nat disable [find comment="piholeNAT2"]
		/ip firewall nat disable [find comment="piholeNAT3"]
		/ip firewall nat disable [find comment="piholeNAT4"]
    }
} else={
    :do {
        :resolve $testDomain server $piholeDNS
		/ip firewall nat enable [find comment="piholeNAT1"]
		/ip firewall nat enable [find comment="piholeNAT2"]
		/ip firewall nat enable [find comment="piholeNAT3"]
		/ip firewall nat enable [find comment="piholeNAT4"]
    } on-error={}
}
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to implement check DNS script

Mon Dec 06, 2021 7:18 pm

System->Scheduler is the right place. Frequency depends on how quickly you need it to react. I'd say that once a minute is enough, but it's up to you. You also need to assign comments to NAT rules (those from the other thread), because that's what script uses to find them. And you need just two, not four.
 
User avatar
kaherdin
newbie
Topic Author
Posts: 32
Joined: Sat Nov 20, 2021 7:47 am

Re: How to implement check DNS script

Mon Dec 06, 2021 8:03 pm

System->Scheduler is the right place. Frequency depends on how quickly you need it to react. I'd say that once a minute is enough, but it's up to you. You also need to assign comments to NAT rules (those from the other thread), because that's what script uses to find them. And you need just two, not four.
Thanks!
Quick follow up Q;
I find DNS address fields in my MT on two places
A. DHCP\Server\Networks\DNS 
B. DNS\DNS Settings\Servers
Both are today populated with the ip address of my pi-hole... Is this correct?
And, if I pull the plug on my Pi-Hole, witch one of these settings are then the "primary" regarding setting the "new" DNS?

And btw, regarding the NAT rules; What is redundant? It's tcp and udp as I read it.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to implement check DNS script

Mon Dec 06, 2021 8:44 pm

The two places with DNS, first one is configuration of DHCP server, what it gives to clients, and the second one is what router itself uses.

If you want failover for when pi-hole is down, clients shouldn't have its address directly. Give router's address to clients and then either:

a) use NAT to redirect queries from clients to pi-hole
b) use router's DNS config to switch between pi-hole (when available) and backup servers (when not)

The script is for a), but it could be easily adapted for b), just instead of enabling/disabling NAT rules, it would set different servers in "/ip dns servers".

And about the not needed things in script, original has two srcnat rules ("piholeNAT3" and "piholeNAT4") and it enables/disables them too. But it's not really necessary, nothing bad would happen of they stayed enabled. And you don't even need two, the one I posted in other thread is enough.
 
User avatar
kaherdin
newbie
Topic Author
Posts: 32
Joined: Sat Nov 20, 2021 7:47 am

Re: How to implement check DNS script

Mon Dec 06, 2021 9:38 pm

Ok. All seem to work fine!
Thanks @Sob

Btw, can a MT router be given a "local domain name"?

Taken from Pihole, Settings;
You can also specify a local domain name (like fritz.box) to ensure queries to devices ending in your local domain name will not leave your network, however, this is optional. The local domain name must match the domain name specified in your DHCP server for this to work. You can likely find it within the DHCP settings.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to implement check DNS script

Mon Dec 06, 2021 10:16 pm

You can specify domain for clients in dhcp server. But dns resolver in RouterOS doesn't see it as anything special, so it will happily send such queries to upstream resolvers. But in current RouterOS you should be able to use static dns FWD record to always send such queries to pi-hole (and if it's down, there won't be any answer).

Who is online

Users browsing this forum: No registered users and 21 guests