1

We have DNS server on our Mikrotik (RouterOS 6.36).

[admin@xxx] /ip dns> print 
                servers: 10.0.10.3,8.8.8.8
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             cache-size: 10240KiB
          cache-max-ttl: 1w
             cache-used: 243KiB
[admin@xxx] /ip dns>

There is list of DNS servers where it should ask. I would expect that it asks first 10.0.10.3 if the record is not found than ask 8.8.8.8?

The problem is, that 10.0.10.3 is our internal DNS server with some local addresses. These are not available on 8.8.8.8

When I have both server listed the nslookup for the address fails. When I remove the google one (8.8.8.8) and leave only our internal it works.

Why is the order of the servers not respected on RouterOS ?

I tried to make the order 10.0.10.3,8.8.8.8 or 8.8.8.8, 10.0.10.3 , it doesn't matter.

Any ideas? Thanks

pagep
  • 137
  • 1
  • 9

3 Answers3

7

If you have internal names that need to be resolved, then you shouldn’t have any external DNS servers defined. Create a second internal DNS server for HA and list it along with the other internal server and list those two in your internal router config.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • I though that the external DNS servers would be used as back-up in case the internal ones fails? – pagep Nov 28 '17 at 12:57
  • 2
    Yes, but that's not how it works. You really need two internal servers both having the local zones. They both can individually use a list of external servers as forwarders, giving you the redundancy you need. – Esa Jokinen Nov 28 '17 at 13:15
3

When there is a list of nameservers, it does not work as you think: the second one is only queried if the first one did not reply at all. If the first nameserver did reply saying record not found aka NXDOMAIN then the search stops here, later nameservers are not used.

It would generally advise against mixing internal private nameservers and public ones, that will certainly create strange interactions.

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
0

If you have only a handful of local hostnames then you can add them as static entries on the Mikrotik and replace your internal DNS server with the Mikrotik completely. When a client sends some DNS query to the Mikrotik the router will check its static entries first and if no hit then it'll ask the configured external DNS server.

To add some static entries:

/ip dns static add name="laptop2.local" address=192.168.1.10 ttl=1d
/ip dns static add name="desktop1.local" address=192.168.1.11 ttl=1d
/ip dns static add name="server8.local" address=192.168.1.20 ttl=1d

You can even use regular expressions. For example if you have a single internal webserver with multiple virtual www hosts:

/ip dns static add regexp="\w*\.webserver\.local" address=192.168.1.21 ttl=1d
bcs78
  • 372
  • 4
  • 9
  • Thanks for advice but unfortunate this is not possible. If we had only 1 office location behind 1 router we wouldn't need DNS server. We have several offices, VPN etc – pagep Jul 05 '18 at 21:35