We’re on a mission to build the best free learning platform where any IT professional can learn a new skill or solve a challenging problem through the help of the tutorials and how-to-guides on this website. To help keep the lights ON at billysoftacademy please donate.
How To Use A Mikrotik Router As A DNS Server And Add Static DNS Records For Internal Servers In Your LAN Network.
In order to complete this tutorial successfully the following items are required. Please ensure to have these items available before taking implementation action on this tutorial:
1) A mikrotik router or the cloud hosted router running routeros version
2) A mikrotik user account with access rights to make DNS changes.
3) The winbox application and / or the winbox mobile app
4) A laptop or desktop running Windows 7 64 bit or newer.
1) Download the Winbox desktop app, open it and login to the mikrotik router
2) Click on IP > DNS SERVER, set a default DNS lookup address and allow remote requests
3) Learn how to add static DNS entry for network applications such as a web server and an email server.
4) Learn how to protect the mikrotik DNS Server from DDOS attacks.
Step 1: Download The Winbox App And Login To A Mikrotik Router.
1) A mikrotik device can be configured using an SSH console, its built it web based configuration tool, the winbox desktop and mobile apps. The most populator configuration tool for mikrotik is the Winbox application. Click HERE to download winbox from the official mikrotik download page.
Once downloaded, open Winbox and click on the Neighbours tab. You should see the Mac address and IP address of all Mikrotik routers on your LAN. Double click on the IP address of the router you would like to configure then type in your username and password and click on CONNECT.
3) If you run a self hosted email server, web server or remote desktop server it is a good idea to add static DNS entries to those servers so end users can simply connect using an easy to remember domain name.
To add a static DNS entry click on the STATIC button and click on the ADD button. On the NEW DNS STATIC ENTRY window type in a fully qualified domain name, select the type of DNS record that you are adding on the TYPE dropdown menu and type in the IP address that you would like to map the domain name to.
Mikrotik DNS supports almost all types of DNS records such as A, AAAA , MX , TXT, SRV, NXDOMAIN records and more.
4) The next step is to add a Mikrotik firewall rule that forces all LAN devices to direct all DNS queries to the Mikrotik DNS server. To do this click on the NEW TERMINAL button on the WINBOX navigation bar and type the following commands.
ip firewall nat add chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 to-address=192.168.55.1 comment=”DIRECT ALL DNS REQUESTS TO MIKROTIK INTERNAL DNS SERVER.”
*replace the to-address with the LAN address of the mikrotik router.
6) The next step is to protect the Mikrotik DNS Server by adding firewall rules to block incoming DNS requests on the WAN or internet facing interface. This can help to prevent DNS flooding attacks from malicious attackers on the web. Run the following commands:
ip firewall filter.
add action=drop chain=input dst-port=53 protocol=udp
add action=drop chain=input dst-port=53 protocol=tcp