Community discussions

MikroTik App
 
lijomathew1980
just joined
Topic Author
Posts: 1
Joined: Sat Aug 13, 2022 8:52 am

Name Servers in DNS Static

Sat Aug 13, 2022 9:08 am

I am setting up an internal domain, testlab.local.
I tried using NS record instead of FWD, however, it does not work. There is no resolution and gets an NXDOMAIN
My setup -
Mikrotik Interface -> WAN + LAN 10.10.1.0/24 [for all LAN and Wifi devices, dhcp and dns] + Private 10.11.1.0/24 [Virtual Machines running Windows Servers].
Private Network resolves to DNS of Mikrotik 10.10.1.1. Mikrotik has DNS static entry ["testlab.local"] -> FWD -> pdc.testlab.local [10.11.1.1] / bdc.testlab.local [10.11.1.2]. This works, just that DNS resolution from any device on LAN or Private network is slow. If the static FWDs are disabled, DNS resolution on LAN is very quick, however, loses resolution to testlab.local.
I tried to change the FWD record to NS record and it does not resolve testlab.local

Is there a way to resolve/configure this correctly
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 132
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: Name Servers in DNS Static

Sun Aug 14, 2022 6:21 pm

Export the router settings in text format, delete all private information and put it here in code tags. Without this, no one can help you.

Just in case, I'll show you how I did it. Until I understand, this is what you need or not.

/ip dns set allow-remote-requests=yes cache-max-ttl=5m max-concurrent-queries=500 max-concurrent-tcp-sessions=100 servers=1.0.0.1,1.1.1.1,8.8.8.8,8.8.4.4
/ip dns static add address=172.22.99.254 name=rt-slava.loc
/ip dns static add address=192.168.99.254 name=gw-guest.guest.loc
/ip dns static add forward-to=172.22.1.3 regexp=".*matias\\.loc" type=FWD
/ip dns static add forward-to=172.22.1.2 regexp=".*matias\\.loc" type=FWD
/ip dns static add address=172.22.1.4 name=mail.matias.org
/ip dns static add address=172.22.1.4 name=imap.matias.org
/ip dns static add address=172.22.1.4 name=smtp.matias.org
/ip dns static add address=172.22.1.250 name=esxi-250.matias.loc
/ip dns static add address=172.22.1.251 name=esxi-251.matias.loc
/ip dns static add address=172.22.1.252 name=esxi-252.matias.loc
/ip dns static add address=172.22.1.253 name=esxi-253.matias.loc

There are no problems with DNS name resolution either globally or locally in the domain AD.
 
Railander
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Thu Jun 16, 2016 11:30 pm

Re: Name Servers in DNS Static

Sat Nov 19, 2022 5:13 am

NS records don't seem to be working, tested in v7.6

as a workaround, i ended up using this FWD entry with regexp.
simply type the zone name in the regexp field, put ^* at the very start, put $ at the end, escape every dot with \ and it works like a NS record would (don't add the trailing root dot or it wont work)

if you don't want to risk accidentally including a domain that ends the same as yours (for example, you want to FWD "example.com" but there's an actual internet domain called "livingbyexample.com"), you will instead have to make 2 of these entries, one starting with ^ and another starting with ^*\.

still not as good as a NS record though since this can only forward to IP addresses instead of domain names
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Name Servers in DNS Static

Sat Nov 19, 2022 2:34 pm

I think that you may have wrong expectations regarding static NS records in RouterOS. If you do e.g.:
/ip dns static
add type=NS name=xxx.test ns=a.ns.yyy.test
Then this works:
# host -t NS xxx.test 192.168.80.183
Using domain server:
Name: 192.168.80.183
Address: 192.168.80.183#53
Aliases:

xxx.test name server a.ns.yyy.test.
And that's all it's supposed to do. If you expect that router itself would forward queries for anything.xxx.test to a.ns.yyy.test, then nope, that's not the plan, it's what FWD records are for:
/ip dns static
add type=FWD name=xxx.test forward-to=a.ns.yyy.test match-subdomain=yes
I'd avoid regexp, it was needed in older versions before they added match-subdomain option, but there's no need to use it now, unless you need something special.
 
Railander
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Thu Jun 16, 2016 11:30 pm

Re: Name Servers in DNS Static

Mon Nov 21, 2022 9:49 am

I think that you may have wrong expectations regarding static NS records in RouterOS. If you do e.g.:
/ip dns static
add type=NS name=xxx.test ns=a.ns.yyy.test
Then this works:
# host -t NS xxx.test 192.168.80.183
Using domain server:
Name: 192.168.80.183
Address: 192.168.80.183#53
Aliases:

xxx.test name server a.ns.yyy.test.
And that's all it's supposed to do. If you expect that router itself would forward queries for anything.xxx.test to a.ns.yyy.test, then nope, that's not the plan, it's what FWD records are for:
/ip dns static
add type=FWD name=xxx.test forward-to=a.ns.yyy.test match-subdomain=yes
I'd avoid regexp, it was needed in older versions before they added match-subdomain option, but there's no need to use it now, unless you need something special.
in my case the DNS server is within the same domain i'm trying to point the NS record to, so your example is missing the A record to actually achieve the redirect. this technique is called a "glue record".
not sure why this wouldn't work in RouterOS since it seems to be doing all the basic stuff normal authoritative DNS servers do.

thanks for the match-subdomain tip, i see it is CLI only so why i didn't notice it before.

also, FWD entries seem to not work with DoH enabled... real bummer.
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Name Servers in DNS Static

Mon Nov 21, 2022 2:49 pm

It's definitely not authoritative DNS server (I know that you didn't exactly write that), it's simple caching forwarding resolver that can override some records, nothing more. Some things are inconsistent, e.g. FWD not working with DoH, as you discovered, but it's not the only one. It also seems to lack any plan where it's going. It's getting better, but very slowly, it's clearly low priority for Mikrotik.

As for glue, I'd expect it to work, meaning that it would make sense, because something like ns.domain.tld is more specific record than domain.tld, so it should have priority, that's how DNS normally works. But not in current RouterOS. Although, if you'd be using glue, which is static, you might as well use IP address directly, so it shouldn't be a problem.

Who is online

Users browsing this forum: No registered users and 2 guests