0

It seems that my router (Mikrotik RB2011UiAS) is somehow hijacking DNS request that have the subdomain "router" in them and forwards them to itself.

router.google.com, router.amazon.com, you name it, even things like router11.google.com, I always end up at the web interface of my router (192.168.0.1).

It's definitely not a computer configuration issue, I'm observing the same problem from several different devices, including mobile.

I don't really know how to correct this. Mikrotik is just acting as a DNS forwarder, it receives DNS server entries from the internet provider through DHCP, so there are no custom DNS settings. And I think it's safe to say that the servers of my provider are not responsible for the issue.

Any idea what I can do about this?

vic
  • 973
  • 1
  • 9
  • 21
  • Does the router intercept DNS requests destined for other resolvers (e.g. `8.8.8.8`)? If not, you could configure the devices to use statically configured resolver. – Torin Dec 05 '18 at 14:37
  • Not sure I understand. The devices are only using the router for resolving addresses, so it's not possible that any of the devices would send out a request for another resolver. Where exactly would I check if my router is intercepting DNS requests? – vic Dec 05 '18 at 14:41
  • 3
    Maybe don't use the Mikrotik as your DNS server? – joeqwerty Dec 05 '18 at 14:43
  • How you would check depends on what OS you're running, if you have `dig` available, you could try `dig @8.8.8.8 router.example.com`. – Torin Dec 05 '18 at 14:44
  • Post your config. `/ip dns export` and `/ip firewall nat export` – Cha0s Dec 05 '18 at 16:21

1 Answers1

1

It seems that the default RouterOS settings, for my router at least, intercept DNS requests with the word "router" in them.

It does so by applying a so called static DNS entry with a regex value of "router". How to add or remove such an entry is described in the official Mikrotik Wiki here. In case the link no longer works, in Webfig, open IP > DNS > Static to see all entries that will be handled by the embedded DNS server.

Removing the entry solved the problem eventually, albeit not immediately on all devices, even though I flushed their respective DNS caches. I assume this has to do with the TTL of that DNS entry that was set to 1 day. But if anyone has more insight into this, please share.

Update: To not make things more complicated than they are, I didn't mention that I have an internal DNS resolver that uses the Mikrotik router as a forwarder. I forgot to flush the cache of this resolver after removing the DNS entry in RouterOS. After flushing the cache of the resolver, and yet again flushing the cache of the device OS, and flushing the cache of the applications (i.e. Firefox), everything works fine now, no more interceptions.

vic
  • 973
  • 1
  • 9
  • 21
  • 1
    The default configuration or ROS does not contain a regex static dns entry. You can confirm this yourself by checking the default config for RB2011 with `/system default-configuration print`. The default entry is `static add name=router.lan address=192.168.88.1` not `static add regexp=router address=192.168.88.1`. In other words, someone changed this. It doesn't come like that by default. – Cha0s Dec 05 '18 at 16:55
  • 1
    For the caching issue you mention, simply flush the ROS cache with `/ip dns cache flush` Also try restarting the browser. Browsers keep their own DNS cache. – Cha0s Dec 05 '18 at 16:58
  • @Cha0s Yes, I can see that. Is it possible though that this default configuration changed? After all, my router is already several years old and I'm upgrading the base system regularly. And I can assure you, I didn't make this DNS entry - and no one else has access to it. Also, I don't have the entry for "router.lan". Which is why I'm guessing Mikrotik indeed used to do this via regexp earlier. – vic Dec 05 '18 at 17:05
  • 1
    Prior to v6.40 the default static entry was 'router'. After v6.40 it was renamed to 'router.lan'. But this change applies only to newly installed routers with the default configuration. Upgrading from – Cha0s Dec 06 '18 at 07:19