Hi Friends
I use a Mikrotik hap ac2. I want to remove dynamic DNS server. I read this forum and found a solution from Mikrotik Support:
Disable dhcp-clients "user-peer-dns" function:
/ip dhcp-client set 0 use-peer-dns=no

/interface lte apn set use-peer-dns=no

and then digit: 0

I did it but the dynamic DNS server was not removed.
Could you suggest the right way?

removed from where? pc, smartphone or on DNS page of RouterBOARD configuration?

I want to remove address of the DNS server of the Internet provider from the DNS page of RouterBOARD configuration.

If you connect with your ISP wiht pppoe or with a DCHP-client uncheck the Box 'use Peer DNS' (Winbox) or set (terminal).

Just remove check mark from "Use Peer DNS" in DHCP client config on RouterOS like here:
.

Try to paste on terminal this...

I did it but it doesnt help to remove dynamic DNS

Have you restarted the connection also?

Yes of cause

Any sort of VPN active?

Maybe ensure no entries in dynamic servers and remote is NOT checked off?

Yes of cause

At this point, put the result of on forum.

Remove sensitive data, like serial number, real ip, email, username and passwords (ignore MAC addresses, are not sensitive until the "hacker" is not inside your house...)

Do not remove what you think is unuseful, just censore.

MikroTik RouterOS 6.49.6 (c) 1999-2022 http://www.mikrotik.com/

[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments

[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options

/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@MikroTik] > /export hide-sensitive
# may/14/2022 09:46:16 by RouterOS 6.49.6
# software id = 71ZR-70ZS
#
# model = RBD52G-5HacD2HnD
# serial number = XXXXXXXXXXXXXX
/interface bridge
add admin-mac=74:4D:28:BF:66:CB auto-mac=no comment=defconf name=bridge
/interface l2tp-client
add connect-to=public-vpn-134.opengw.net disabled=no name=VPN use-ipsec=yes use-peer-dns=exclusively user=vpn
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n channel-width=20/40mhz-XX country=russia3 disabled=no distance=indoors frequency=auto \
hw-protection-mode=rts-cts installation=indoor mode=ap-bridge ssid="Lugovaya 1-1-48" wireless-protocol=802.11
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country="united states3" disabled=no disconnect-timeout=5s distance=\
indoors frequency=auto hw-protection-mode=rts-cts installation=indoor mode=ap-bridge scan-list=5100-5300 ssid="Lugovaya 1-1-48" wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.2.4-192.168.2.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface pptp-client
add allow=mschap1,mschap2 connect-to=XX.XX.XX.XX disabled=no keepalive-timeout=disabled name=pptp-out1 profile=default user=user2
/routing bgp instance
set default as=64512 ignore-as-path-len=yes router-id=XX.XX.XX.XX
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip accounting
set enabled=yes threshold=1600
/ip address
add address=192.168.2.1/24 comment=defconf interface=bridge network=192.168.2.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.2.0/24 comment=defconf gateway=192.168.2.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list
add address=2ip.ru list=VPN
add address=rutracker.org list=VPN
add address=svoboda.org list=VPN
add address=meduza.io list=VPN
/ip firewall filter
add action=accept chain=input comment="Remote access to Mikrotik Igor" dst-port=8291 protocol=tcp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=VPN new-routing-mark=To_VPN passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="Igor VPN" out-interface=VPN
/ip route
add distance=1 gateway=VPN routing-mark=To_VPN
add distance=1 dst-address=192.168.0.0/24 gateway=172.16.30.1
add distance=1 dst-address=192.168.1.0/24 gateway=172.16.30.1
add distance=1 dst-address=192.168.3.0/24 gateway=172.16.30.1
/ip service
set www address=192.168.2.0/24
/ip smb
set domain=XXXXXXXXX enabled=yes
/ip smb shares
set [ find default=yes ] disabled=yes
add directory=/disk1 name=disk1
/ip smb users
add name=admin read-only=no
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/routing filter
add action=accept chain=bgp_in comment="Set nexthop to VPN" set-in-nexthop-direct=VPN
/system clock
set time-zone-name=Europe/Moscow
/tool graphing interface
add interface=ether1
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] >

So this was right: viewtopic.php?t=185914&#p933022

Code: Select all

/interface l2tp-client
set VPN use-peer-dns=no

This works fine.
Thank you all very much.

To me the router is a security nightmare.
(1) add action=accept chain=input comment="Remote access to Mikrotik Igor" dst-port=8291 protocol=tcp

(2) /ip service
set www address=192.168.2.0/24

add action=accept chain=input comment="Remote access to Mikrotik Igor" dst-port=8291 protocol=tcp

See my reply here:
viewtopic.php?p=870631#p870631
As a first rule, you do open internet to access port 8291.......
Should I turn on UPnP on router?
A Trojan horse or virus on a computer inside your network could use UPnP to open a hole in your router's firewall to let outsiders in. So it's a good idea to turn off UPnP when not in use. …

I do use UPnP, but I do monitor it, so I have ok control of every host that uses it,why and when. (using Splunk)