Hello Dear Users,
I am trying to setup a Adguard Home in mikrotik Conainer as the main DNS server in my home network. I have still couples of problems with it, but first of all I would like you to take a look at my configuration and see what mistakes I've made. It seem in adguard home query log that most of the DNS queries comes from 10.10.70.1 as a client, which is not true, as this it the docker network.
I am trying to setup a Adguard Home in mikrotik Conainer as the main DNS server in my home network. I have still couples of problems with it, but first of all I would like you to take a look at my configuration and see what mistakes I've made. It seem in adguard home query log that most of the DNS queries comes from 10.10.70.1 as a client, which is not true, as this it the docker network.
Code:
/ip addressadd address=10.10.10.1/24 interface=main_vlan_10 network=10.10.10.0add address=192.168.88.1/24 interface=ether2-mgmt network=192.168.88.0add address=10.10.20.1/24 interface=iot_vlan_20 network=10.10.20.0add address=10.10.30.1/24 interface=work_vlan_30 network=10.10.30.0add address=10.10.40.1/24 interface=surveillance_vlan_40 network=10.10.40.0add address=10.10.50.1/24 interface=guest_vlan_50 network=10.10.50.0add address=192.168.0.1/24 interface=ether3 network=192.168.0.0add address=10.10.70.1/24 interface=Dockers network=10.10.70.0/ip dnsset allow-remote-requests=yes servers=10.10.70.2/ip firewall address-listadd address=10.10.10.100 list=allowed_to_routeradd address=0.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=172.16.0.0/12 comment=RFC6890 list=not_in_internetadd address=192.168.0.0/16 comment=RFC6890 list=not_in_internetadd address=10.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=169.254.0.0/16 comment=RFC6890 list=not_in_internetadd address=127.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=224.0.0.0/4 comment=Multicast list=not_in_internetadd address=198.18.0.0/15 comment=RFC6890 list=not_in_internetadd address=192.0.0.0/24 comment=RFC6890 list=not_in_internetadd address=192.0.2.0/24 comment=RFC6890 list=not_in_internetadd address=198.51.100.0/24 comment=RFC6890 list=not_in_internetadd address=203.0.113.0/24 comment=RFC6890 list=not_in_internetadd address=100.64.0.0/10 comment=RFC6890 list=not_in_internetadd address=240.0.0.0/4 comment=RFC6890 list=not_in_internetadd address=10.10.10.0/24 list=all_vlansadd address=10.10.20.0/24 list=all_vlansadd address=10.10.30.0/24 list=all_vlansadd address=10.10.40.0/24 list=all_vlansadd address=10.10.50.0/24 list=all_vlansadd address=10.10.70.0/24 list=all_vlans/ip firewall filteradd action=accept chain=input comment="accept established,related,untracker" connection-state=established,related,untrackedadd action=accept chain=input src-address-list=allowed_to_routeradd action=accept chain=input protocol=icmpadd action=drop chain=input comment="drop invalid connections" connection-state=invalid log-prefix=input_dropadd action=drop chain=input comment="drop everything else" in-interface=pppoe-out_orange_ftth log-prefix=drop_input_alladd action=fasttrack-connection chain=forward comment="fast-track for established,related" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="accept established,related,untracked" connection-state=established,related,untrackedadd action=accept chain=forward comment="accept new conection from main to iot vlan" connection-state=new in-interface=main_vlan_10 out-interface=\ iot_vlan_20add action=accept chain=forward comment="allow dns over upd from vlans to adguard" dst-address=10.10.70.2 dst-port=53 protocol=udp src-address-list=\ all_vlansadd action=accept chain=forward comment="allow dns over tcp from vlans to adguard" dst-address=10.10.70.2 dst-port=53 protocol=tcp src-address-list=\ all_vlansadd action=accept chain=forward comment="allow access to adguard web interface from main vlan" dst-address=10.10.70.2 dst-port=80 protocol=tcp src-address=\ 10.10.10.0/24add action=drop chain=forward comment="drop invalid connections" connection-state=invalidadd action=drop chain=forward comment="drop tries to reach not public addresses from LAN" dst-address-list=not_in_internet in-interface=LAN log=yes \ out-interface=!LANadd action=drop chain=forward comment="drop access to clients behind NAT from WAN" connection-nat-state=!dstnat connection-state=new in-interface=\ pppoe-out_orange_ftth log=yesadd action=drop chain=forward comment="drop all trafic between vlans" dst-address-list=all_vlans log=yes log-prefix=drop_between_vlans src-address-list=\ all_vlansadd action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp protocol=icmpadd action=drop chain=forward comment="drop incoming from internet which is not public IP" in-interface=pppoe-out_orange_ftth src-address-list=\ not_in_internetadd action=drop chain=forward comment="drop packets from LAN that do not have LAN IP" in-interface=LAN src-address=!10.10.10.0/24 src-address-list=""add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmpadd action=accept chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmpadd action=accept chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmpadd action=accept chain=icmp comment="host unreachable fragmentation required" icmp-options=3:4 protocol=icmpadd action=accept chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmpadd action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmpadd action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp/ip firewall natadd action=masquerade chain=srcnat out-interface=pppoe-out_orange_ftth/interface listadd name=listBridge/interface list memberadd disabled=yes interface=LAN list=listBridgeadd interface=ether2-mgmt list=listBridgeadd interface=main_vlan_10 list=listBridgeadd interface=Dockers list=listBridge/interface vethadd address=10.10.70.2/24 gateway=10.10.70.1 gateway6="" name=veth1-adguard/interface bridgeadd name=Dockersadd frame-types=admit-only-vlan-tagged name=LAN vlan-filtering=yes/interface bridge portadd bridge=LAN frame-types=admit-only-vlan-tagged interface=ether4add bridge=LAN frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1-trunk-switchadd bridge=LAN frame-types=admit-only-vlan-tagged interface=ether8-trunk-ap-kitchenadd bridge=LAN frame-types=admit-only-vlan-tagged interface=ether7add bridge=LAN frame-types=admit-only-vlan-tagged interface=ether6add bridge=LAN frame-types=admit-only-vlan-tagged interface=ether5-trunk-ap-officeadd bridge=Dockers interface=veth1-adguard/interface bridge vlanadd bridge=LAN comment=main_vlan_10 tagged=LAN,ether4,ether5-trunk-ap-office,ether6,ether7,ether8-trunk-ap-kitchen,sfp-sfpplus1-trunk-switch vlan-ids=10add bridge=LAN comment=iot_vlan_20 tagged=ether4,ether5-trunk-ap-office,ether6,ether7,ether8-trunk-ap-kitchen,sfp-sfpplus1-trunk-switch,LAN vlan-ids=20add bridge=LAN comment=work_vlan_30 tagged=ether4,ether5-trunk-ap-office,ether6,ether7,ether8-trunk-ap-kitchen,sfp-sfpplus1-trunk-switch,LAN vlan-ids=30add bridge=LAN comment=surveillance_vlan_40 tagged=ether4,ether6,ether7,LAN,sfp-sfpplus1-trunk-switch vlan-ids=40add bridge=LAN comment=guest_vlan_50 tagged=ether4,ether5-trunk-ap-office,ether6,ether7,ether8-trunk-ap-kitchen,sfp-sfpplus1-trunk-switch,LAN vlan-ids=50Statistics: Posted by nieprzem — Sat Jun 01, 2024 2:16 pm