Conditional Forwarding + Mikrotik?

Expected Behaviour:

Pi-Hole to be able to resolve PTR

Actual Behaviour:

Pi-Hole is not able to resolve PTR

Debug Token:

https://tricorder.pi-hole.net/ya6gercssf

I've configured Conditional Forwarding in Pi-Hole (192.168.25.10). Set my Mikrotik IP (192.168.25.2) and the local domain name ("lan").

In Mikrotik DHCP settings, Pi-Hole is set as the Primary DNS Server and the specific network has the Domain configured as "lan".

But I still can't see names properly resolved in Pi-Hole.

Doing a dig @192.168.25.2 HOSTNAME does not bring the FQDN/Hostname from the DHCP Server.

Any hints? I guess Mikrotik doesn't support this...

Thanks,
anthonws.

Welcome to the Pi-hole community, anthonws.

Your debug log looks healthy, and it also shows you are using Beta 5.0.
Reverse lookups for IPv4 addresses should work.

That dig command does not trigger a reverse lookup, but will ask your Mikrotik at 192.168.25.2 for the IP address of a given hostname.

Let's try to confirm or reject that assumption.

To reverse lookup a hostname for a given IP address through your default DNS server (i.e. Pi-hole), use

dig -x <host-ip-address> +short

where +short will just give you the names.

To force the query through a specific DNS server (e.g. your Mikrotik):

dig @192.168.25.2 -x <host-ip-address> +short

What's the output of these commands for the same existing host-ip-address?

Thanks for the reply!

The suggested command doesn't return anything

I've confirmed and the IP's that I tried to resolve, are properly populated in the DHCP Lease table of the Mikrotik.

Thanks,
anthonws.

That would put the blame on your Mikrotik, then.

I am not familiar with that router, so cannot provide any direct support.
Other routers may display similar behaviour until configured to enable automatic DNS population from DHCP entries or to enable a different on-device DHCP server (e.g. Ubiquiti ER-X can switch to dnsmasq).

You should consult your router's manual and online support fourms to get help on this matter.

Alternatively, since you are running Pi-hole v5, you could manually set Custom DNS entries to make it aware of your preferred hostnames.

Have you set the Mikrotik to enable DNS queries (Allow Remote Requests)? By default it won't respond to external queries.

I'm running RouterOS v6.46.4 on a RB4011iGS+, conditional forwarding from Pi-hole to the RouterBoard for internal .lan name resolution.

Hi Dan!

I have that option enabled. But I'm not using the router as the DNS server itself. Both in DNS settings and DHCP settings, the DNS server is Pi-Hole.

Should I set the clients to connect via the Mikrotik DNS (192.168.25.2), which in turn will send those requests to Pi-Hole (192.168.25.10)?

BTW; which version of ROS are you running?

Thnaks,
anthonws.

My RB is the DHCP server for my network. I lease to clients with the Pi-hole IP as the DNS server, and Pi-hole is set to conditionally forward my local domain to the RB.

Having the clients use the RB's DNS server will mean that Pi-hole will only see 192.168.25.2 as the source IP address. The web interface will not be able to show you any information on individual clients.

My net, 88.2 is Pi-hole, 88.1 is the RB.

dschaper@Mariner-10:~$ dig router.lan @192.168.88.2

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> router.lan @192.168.88.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 66
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;router.lan.                    IN      A

;; ANSWER SECTION:
router.lan.             790     IN      A       192.168.88.1

;; Query time: 2 msec
;; SERVER: 192.168.88.2#53(192.168.88.2)
;; WHEN: Mon Apr 27 09:12:45 PDT 2020
;; MSG SIZE  rcvd: 55

dschaper@Mariner-10:~$ dig router.lan @192.168.88.1

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> router.lan @192.168.88.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38790
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;router.lan.                    IN      A

;; ANSWER SECTION:
router.lan.             86400   IN      A       192.168.88.1

;; Query time: 0 msec
;; SERVER: 192.168.88.1#53(192.168.88.1)
;; WHEN: Mon Apr 27 09:12:50 PDT 2020
;; MSG SIZE  rcvd: 44

Thanks once again for your reply! Really appreciate it!

It looks like I have exactly the same settings/configuration as you, but it's not working.

I can query the router from the pi-hole, but it doesn't provide any results.

image1052×540 21.6 KB

image798×327 28.7 KB

Wondering if it's a ROS 6.47 beta bug... I'll ask in the Mikrotik forum.

What does your DNS tab look like for static DNS?

Ah, that's the problem. MTik DHCP server doesn't automatically populate the DNS static entries with client names. Needs some "tricks". Check the script attached (modify for your local domain name preference.)

Screenshot_2020-04-27 MikroTik - DHCP Server defconf at admin router lan - Webfig v6 46 4 (stable) on RB4011iGS (arm)732×1203 38.3 KB

# When "1" all DNS entries with IP address of DHCP lease are removed
:local dnsRemoveAllByIp "1"
# When "1" all DNS entries with hostname of DHCP lease are removed
:local dnsRemoveAllByName "1"
# When "1" addition and removal of DNS entries is always done also for non-FQDN hostname
:local dnsAlwaysNonfqdn "1"
# DNS domain to add after DHCP client hostname
:local dnsDomain "lan"
# DNS TTL to set for DNS entries
:local dnsTtl "00:15:00"
# Source of DHCP client hostname, can be "lease-hostname" or any other lease attribute, like "host-name" or "comment"
:local leaseClientHostnameSource "lease-hostname"

:local leaseComment "dhcp-lease-script_$leaseServerName_$leaseClientHostnameSource"
:local leaseClientHostname
:if ($leaseClientHostnameSource = "lease-hostname") do={
  :set leaseClientHostname $"lease-hostname"
} else={
  :set leaseClientHostname ([:pick \
    [/ip dhcp-server lease print as-value where server="$leaseServerName" address="$leaseActIP" mac-address="$leaseActMAC"] \
    0]->"$leaseClientHostnameSource")
}
:local leaseClientHostnameShort "$leaseClientHostname"
:local leaseClientHostnames "$leaseClientHostname"
:if ([:len [$dnsDomain]] > 0) do={
  :set leaseClientHostname "$leaseClientHostname.$dnsDomain"
  :if ($dnsAlwaysNonfqdn = "1") do={
    :set leaseClientHostnames "$leaseClientHostname,$leaseClientHostnameShort"
  }
}
:if ($dnsRemoveAllByIp = "1") do={
  /ip dns static remove [/ip dns static find comment="$leaseComment" and address="$leaseActIP"]
}
:foreach h in=[:toarray value="$leaseClientHostnames"] do={
  :if ($dnsRemoveAllByName = "1") do={
    /ip dns static remove [/ip dns static find comment="$leaseComment" and name="$h"]
  }
  /ip dns static remove [/ip dns static find comment="$leaseComment" and address="$leaseActIP" and name="$h"]
  :if ($leaseBound = "1") do={
    :delay 1
    /ip dns static add comment="$leaseComment" address="$leaseActIP" name="$h" ttl="$dnsTtl"
  }
}

Screenshot_2020-04-27 MikroTik - DNS at admin router lan - Webfig v6 46 4 (stable) on RB4011iGS (arm)765×310 12.6 KB

Hum. I feel like a bit of facepalm moment

Well, I'll test it right away and will inform you of the results!

Thanks!

I wouldn't call it facepalm, I'm used to every other DHCP server knowing how to update DNS as well. I got caught in the same exact situation you're in now.

I was trying to hint at that possibility:

My only confirmed example is a Ubiquiti's Edge Router that uses ISC DHCP by default and can be switched to use dnsmasq instead.

Maybe this is related to ISC DHCP and thus to routers running it?
What DHCP server does Mikrotik run?

Their own, they don't steal GPL code and resell it like Ubiquiti.

Edit: I know, show your sources: When companies use the GPL against each other, our community loses - Conservancy Blog - Software Freedom Conservancy

Bugger, that ruins my theory for a least common denominator

Your linke makes for an interesting read - any progression with SF conservancy's own GPL enforcement actions against Ubiquiti and Cambium?

Everything working like a treat! Thank you both for you kind help!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.