Manual:IP/DNS: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
← Older editNewer edit →
No edit summary
Line 17: Line 17:
==DNS Cache Setup==
==DNS Cache Setup==


*Submenu level: '''/ip dns'''
<p id="shbox"><b>Sub-menu:</b> <code>/ip dns</code></p>


====Description====
DNS facility is used to provide domain name resolution for router itself as well as for the clients connected to it.


DNS facility is used to provide domain name resolution for router itself as well as for the clients connected to it.
====Properties====
 
{{Mr-arg-table-h
|prop=Property
|desc=Description
}}
 
{{Mr-arg-table
|arg=allow-remote-requests
|type=yes {{!}} no
|default=no
|desc=Specifies whether to allow network requests
}}
 
{{Mr-arg-table
|arg=cache-max-ttl
|type=time
|default=1w
|desc=Maximum time-to-live for cache records. In other words, cache records will expire unconditionally after cache-max-ttl time. Shorter TTL received from DNS servers are respected.
}}
 
{{Mr-arg-table
|arg=cache-size
|type=integer[64..4294967295]
|default=2048
|desc=Specifies the size of DNS cache in KiB
}}
 
{{Mr-arg-table
|arg=max-concurrent-queries
|type=integer
|default=100
|desc=
}}
 
{{Mr-arg-table
|arg=max-concurrent-tcp-sessions
|type=integer
|default=20
|desc=
}}
 
{{Mr-arg-table
|arg=max-udp-packet-size
|type=integer [50..65507]
|default=4096
|desc=Maximum size of allowed UDP packet.
}}
 
{{Mr-arg-table
|arg=query-server-timeout
|type=time
|default=2s
|desc=
}}
 
{{Mr-arg-table
|arg=query-total-timeout
|type=time
|default=10s
|desc=
}}
 
{{Mr-arg-table-end
|arg=servers
|type=list of IPv4/IPv6 addresses
|default=
|desc=List of DNS server IPv4/IPv6 addresses
}}
 
Read-only Properties
 
{{Mr-arg-table-h
|prop=Property
|desc=Description
}}
 
{{Mr-arg-ro-table
|arg=cache-used
|type=integer
|desc=Shows the currently used cache size in KiB
}}
 
{{Mr-arg-ro-table-end
|arg=dynamic-server
|type=IPv4/IPv6 list
|desc=List of dynamically added DNS server from different services, for exammple, DHCP.
}}


====Property Description====


{| cellpadding="2"
!width="300px" style="background:#cccccc; border-bottom:1px solid gray;"| Property
!width="450px" style="background:#cccccc; border-bottom:1px solid gray;"| Desciption
|-
|style="border-bottom:1px solid gray;" valign="top"|'''allow-remote-requests''' (''yes | no; default: no'')
|style="border-bottom:1px solid gray;" valign="top"|specifies whether to allow network requests
|-
|style="border-bottom:1px solid gray;" valign="top"|'''cache-max-ttl''' (''time; default: 1w'')
|style="border-bottom:1px solid gray;" valign="top"|specifies maximum time-to-live for cache records. In other words, cache records will expire unconditionally after cache-max-ttl time. Shorter TTL received from DNS servers are respected
|-
|style="border-bottom:1px solid gray;" valign="top"|'''cache-size''' (''integer: 512..10240; default:&nbsp;2048KiB'')
|style="border-bottom:1px solid gray;" valign="top"|specifies the size of DNS cache in KiB
|-
|style="border-bottom:1px solid gray;" valign="top"|'''cache-used''' (''read-only: integer'')
|style="border-bottom:1px solid gray;" valign="top"|displays the current cache size in KiB
|-
|style="border-bottom:1px solid gray;" valign="top"|'''servers''' (''IPv4/IPv6 address list; default: 0.0.0.0'')
|style="border-bottom:1px solid gray;" valign="top"|comma seperated list of DNS server IP addresses
|}
<br>
{{ Note|Prior RouterOS v4.6 DNS servers in CLI was set up using fields ''primary-dns'' and ''secondary-dns'' starting from mentioned version these two fields are replaced with one field ''servers'' where all DNS server IP addresses should be listed}}
<br>
<br>
{{Note|If the property use-peer-dns under /ip dhcp-client is set to yes then primary-dns under /ip dns will change to a DNS address given by DHCP Server. }}


{{Note| If '''''allow-remote-requests''''' is used make sure that you limit access to your server over TCP and UDP protocol.}}
{{Note| If '''''allow-remote-requests''''' is used make sure that you limit access to your server over TCP and UDP protocol.}}

Revision as of 15:07, 2 February 2018

Applies to RouterOS: v4.6

DNS cache is used to minimize DNS requests to an external DNS server as well as to minimize DNS resolution time. This is a simple DNS cache with local items.

Specifications

  • Packages required: system
  • License required: Level1
  • Submenu level: /ip dns
  • Standards and Technologies: DNS
  • Hardware usage: Not significant

Description

A MikroTik router with DNS feature enabled can be set as a DNS server for any DNS-compliant client. Moreover, MikroTik router can be specified as a primary DNS server under its dhcp-server settings. When the remote requests are enabled, the MikroTik router responds to TCP and UDP DNS requests on port 53.

DNS Cache Setup

Sub-menu: /ip dns

DNS facility is used to provide domain name resolution for router itself as well as for the clients connected to it.

Properties

Property Description
allow-remote-requests (yes | no; Default: no) Specifies whether to allow network requests
cache-max-ttl (time; Default: 1w) Maximum time-to-live for cache records. In other words, cache records will expire unconditionally after cache-max-ttl time. Shorter TTL received from DNS servers are respected.
cache-size (integer[64..4294967295]; Default: 2048) Specifies the size of DNS cache in KiB
max-concurrent-queries (integer; Default: 100)
max-concurrent-tcp-sessions (integer; Default: 20)
max-udp-packet-size (integer [50..65507]; Default: 4096) Maximum size of allowed UDP packet.
query-server-timeout (time; Default: 2s)
query-total-timeout (time; Default: 10s)
servers (list of IPv4/IPv6 addresses; Default: ) List of DNS server IPv4/IPv6 addresses

Read-only Properties

Property Description
cache-used (integer) Shows the currently used cache size in KiB
dynamic-server (IPv4/IPv6 list) List of dynamically added DNS server from different services, for exammple, DHCP.



Note: If allow-remote-requests is used make sure that you limit access to your server over TCP and UDP protocol.


Example

To set 159.148.60.2 as the primary DNS server and allow the router to be used as a DNS server, do the following: 

[admin@MikroTik] ip dns> set servers=159.148.60.2 \
\... allow-remote-requests=yes
[admin@MikroTik] ip dns> print
                servers: 159.148.60.2
  allow-remote-requests: yes
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 7KiB
[admin@MikroTik] ip dns>

Cache Monitoring

  • Submenu level: /ip dns cache

Description

This menu provides a list with all address (DNS type "A") records stored on the server

Property Description

Property Desciption
address (read-only: IP address) IP address of the host
name (read-only: name) DNS name of the host
ttl (read-only: time) remaining time-to-live for the record

All DNS Entries

  • Submenu level: /ip dns cache all

Description

This menu provides a complete list with all DNS records stored on the server

Property Description

Property Desciption
data (read-only: text) DNS data field. IP address for type "A" records. Other record types may have different contents of the data field (like hostname or arbitrary text)
name (read-only: name) DNS name of the host
ttl (read-only: time) remaining time-to-live for the record
type (read-only: text) DNS record type

Static DNS Entries

  • Submenu level: /ip dns static

Description

The MikroTik RouterOS has an embedded DNS server feature in DNS cache. It allows you to link the particular domain names with the respective IP addresses and advertize these links to the DNS clients using the router as their DNS server. This feature can also be used to provide fake DNS information to your network clients. For example, resolving any DNS request for a certain set of domains (or for the whole Internet) to your own page.

The server is capable of resolving DNS requests based on POSIX basic regular expressions, so that multiple requets can be matched with the same entry. In case an entry does not conform with DNS naming standards, it is considered a regular expression and marked with ‘R’ flag. The list is ordered and is checked from top to bottom. Regular expressions are checked first, then the plain records.

Property Description

Property Desciption
address (IP address) IP address to resolve domain name with
name (text) DNS name to be resolved to a given IP address.
regex (text) DNS regex
ttl (time) time-to-live of the DNS record

Notes

Reverse DNS lookup (Address to Name) of the regular expression entries is not possible. You can, however, add an additional plain record with the same IP address and specify some name for it.

Remember that the meaning of a dot (.) in regular expressions is any character, so the expression should be escaped properly. For example, if you need to match anything within example.com domain but not all the domains that just end with example.com, like www.another-example.com, use name=".*\\.example\\.com"

Regular expression matching is significantly slower than of the plain entries, so it is advised to minimize the number of regular expression rules and optimize the expressions themselves. Example

To add a static DNS entry for www.example.com to be resolved to 10.0.0.1 IP address: 

[admin@MikroTik] ip dns static> add name=www.example.com address=10.0.0.1
[admin@MikroTik] ip dns static> print
Flags: D - dynamic, X - disabled, R - regexp
 #     NAME               ADDRESS                                 TTL
 0     www.example.com    10.0.0.1                                1d
[admin@MikroTik] ip dns static>

Or use regex to match DNS requests: 

[admin@MikroTik] ip dns static> add regexp="[*example*]" address=10.0.0.2

For more information how to use regex, read wiki page below.

Flushing DNS cache

  • Command name: /ip dns cache flush

Command Description

Command Desciption
flush clears internal DNS cache

Example

[admin@MikroTik] ip dns> cache flush
[admin@MikroTik] ip dns> print
              servers: 159.148.60.2
    allow-remote-requests: yes
               cache-size: 2048 KiB
            cache-max-ttl: 1w
               cache-used: 10 KiB
[admin@MikroTik] ip dns>

See Also

Retrieved from "https://wiki.mikrotik.com/index.php?title=Manual:IP/DNS&oldid=30617"