Mikrotik local DNS hiba (lezárva)

Hálózatok egyéb

Sziasztok!

Mikrotik Routerboard RB951G-2Hnd-vel a következő problémám van: Routerként használom, minden jól megy, csak a DHCP szerver által kiosztott neveket a kliensekről érkező kérésekre nem találja, külső nevekkel nincs gond.
Konfigurációja:

# aug/26/2016 08:02:41 by RouterOS 6.36.2
# software id = Z7QI-7Z9W
#
/interface bridge
add admin-mac=XXXXXXXXXXXXXX auto-mac=no name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=hungary disabled=no distance=indoors frequency=auto mode=\
ap-bridge preamble-mode=long ssid=XXXXXXXXX wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
"XXXXXXXXXXXX" wpa2-pre-shared-key="XXXXXXXXXXX"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.5.100-192.168.5.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp authoritative=yes disabled=no interface=bridge-local \
name=default
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip settings
set accept-redirects=yes accept-source-route=yes rp-filter=strict \
tcp-syncookies=yes
/interface l2tp-server server
set use-ipsec=yes
/interface sstp-server server
set default-profile=default-encryption
/interface wireless access-list
add mac-address=XXXXXXXXXX
/ip address
add address=192.168.5.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.5.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway use-peer-dns=no
/ip dhcp-server lease
add address=192.168.5.100 client-id=XXXXXXXXXXX mac-address=\
XXXXXXXXXX server=default
add address=192.168.5.177 mac-address=XXXXXXXXXXX server=default
/ip dhcp-server network
add address=192.168.5.0/24 comment="default configuration" dns-server=\
192.168.5.1 gateway=192.168.5.1 netmask=24 ntp-server=192.168.5.1 \
wins-server=192.168.5.1
/ip dns
set allow-remote-requests=yes servers=192.168.5.1,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.5.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established,related
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.5.0/24
set ssh port=2022
set api address=192.168.5.0/24
set winbox address=192.168.5.0/24
set api-ssl address=192.168.5.0/24
/ip traffic-flow
set interfaces=bridge-local
/ppp secret
add name=vpn
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name=Home
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=148.6.0.1 secondary-ntp=193.225.118.129
/system routerboard settings
set init-delay=0s
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=wlan1
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=wlan1

Esetleg valaki tud segíteni?
Kösz, Nagy Péter

  • 3465 megtekintés

( informer v | 2016. 09. 05., h – 16:40 )

Ezt most, hogy? "/ip dns
set allow-remote-requests=yes servers=192.168.5.1,8.8.8.8,8.8.4.4"
Ezek a forwarders-ek. Ne add meg Önnmagad, csak a google-t.

Ezzel menni fog, (ill google). Vastagot modosítsd! 

# Creates static DNS entres for DHCP clients in the named DHCP server.
# Hostnames passed to DHCP are appended with the zone.

# Set the first two variables according to your installation.
:local dhcpserver "***dhcp szerver neve***"
:local zone "***local dns, pl azenhalozatom.local***"

# Set the TTL to the scheduler frequency for this script.
:local ttl "00:05:00"

# Clear old static DNS entries matching the zone and TTL.
/ip dns static
:foreach dnsrecord in=[find where name ~ (".*\\.".$zone) ] do={
	:local fqdn [ get $dnsrecord name ]
	:local hostname [ :pick $fqdn 0 ( [ :len $fqdn ] - ( [ :len $zone ] + 1 ) ) ]
	:local recordttl [get $dnsrecord ttl]
	:if ( $recordttl != $ttl ) do={
		:log debug ("Ignoring DNS record $fqdn with TTL $recordttl")
	} else={
		/ip dhcp-server lease
		:local dhcplease [ find where host-name=$hostname and server="$dhcpserver"]
		:if ( [ :len $dhcplease ] > 0) do={
			:log debug ("DHCP lease exists for $hostname in $dhcpserver, keeping DNS record $fqdn")
		} else={
			:log info ("DHCP lease expired for $hostname, deleting DNS record $fqdn")
			/ip dns static remove $dnsrecord
		}
	}
}

# Create or update static DNS entries from DHCP server leases.
/ip dhcp-server lease
:foreach dhcplease in=[find where server ~ ("$dhcpserver")] do={
	:local hostname [ get $dhcplease host-name ]
	:if ( [ :len $hostname ] > 0) do={
		:local dhcpip [ get $dhcplease address ]
		:local fqdn ( $hostname . "." . $zone )
		/ip dns static
		:local dnsrecord [ find where name=$fqdn ]
		:if ( [ :len $dnsrecord ] > 0 ) do={
			:local dnsip [ get $dnsrecord address ]
			:if ( $dnsip = $dhcpip ) do={
				:log debug ("DNS record for $fqdn to $dhcpip is up to date")
			} else={
				:log info ("Updating DNS record for $fqdn to $dhcpip")
				/ip dns static remove $dnsrecord
				/ip dns static add name=$fqdn address=$dhcpip ttl=$ttl
			}
		} else={
			:log info ("Creating DNS record for $fqdn to $dhcpip")
			/ip dns static add name=$fqdn address=$dhcpip ttl=$ttl
		}
	}
}

Mindenhonnan (MikroTik tanfolyamok, fórumok) azt sikerült kiszednem, hogy a MikroTik valóban alapból nem tudja a DHCP neveket a DNS-éből kiszolgálni. A javasolt szkriptek után nekem a Windowsos kliensek nem kapják meg a nem Windowsos címeket, még nem sikerült kiderítenem, hogy miért.

Addig maradok a külön Linux szerveren futó dnsmasq-nál.

Köszönöm mindenkinek a segítségét.
Nagy Péter