MikroTik sebagai DNS Server

Hi…

Bermula dari tugas kantor untuk membuat DNS Server untuk mempermudah akses beberapa server/perangkat yang ada dikantor. Misal, untuk akses server monitoring cacti, tidak perlu ketik IP di browser, hanya ketik domain/nama yang kita tentukan sendiri. Jadi saya memutuskan menggunakan mikrotik saja sebagai DNS server.

Ok, kita langsung saja ya…

Untuk Topologinya seperti berikut

Dalam lab ini, saya hanya menunjukan konfigurasi di R1 dan R2 (DNS Server).

KONFIGURASI PADA R1

Karena core router ada DHCP server, maka pada R1 kita buat DHCP Client saja

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=\
no

Set IP pada ether2 dan 3

/ip address
add address=192.168.86.1/24 interface=ether3 network=192.168.86.0
add address=192.168.64.1/24 interface=ether2 network=192.168.64.0

Selanjutnya, buat dhcp server di ether3, untuk mempermudah PC client

/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether3 name=dhcp1

/ip dhcp-server network
add address=192.168.86.0/24 dns-server=192.168.86.1 gateway=192.168.86.1

/ip pool
add name=dhcp_pool0 ranges=192.168.86.2-192.168.86.254

Kemudian, set DNS pada R1 agar mengarah pada R2 (DNS Server)

/ip dns
set allow-remote-requests=yes servers=192.168.64.2

Terakhir, set NAT masquerade agar dapat akses internet

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

KONFIGURASI PADA R2 – DNS SERVER

Set dulu IP nya

/ip address
add address=192.168.64.2/24 interface=ether4 network=192.168.64.0

Selanjutnya, set IP DNS. Dalam hal ini saya isi IP Core router, karena di core router sudah di set Public DNS

/ip dns
set allow-remote-requests=yes servers=172.30.0.1

Kemudian, kita set static DNS, yaitu memberi nama domain pada server internal. Konfigurasi kali ini saya menggunakan *.konfigurasi untuk nama domainnya

/ip dns static
add address=172.30.0.235 name=cacti.konfigurasi
add address=172.30.0.26 name=controller.konfigurasi
add address=172.21.100.11 name=proxmox1.konfigurasi

Set IP Forwarding NATnya, agar sebelum cek DNS luar, akan melakukan proses cek pada DNS internal terlebih dahulu

/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 protocol=tcp to-addresses=\
192.168.64.2 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 protocol=udp to-addresses=\
192.168.64.2 to-ports=53

Terakhir, set default routee

/ip route
add distance=1 gateway=192.168.64.1

TEST PADA PC

C:\Users\konfigurasi>ping google.com

Pinging google.com [74.125.68.101] with 32 bytes of data:
Reply from 74.125.68.101: bytes=32 time=239ms TTL=42
Reply from 74.125.68.101: bytes=32 time=27ms TTL=42
Reply from 74.125.68.101: bytes=32 time=24ms TTL=42
Reply from 74.125.68.101: bytes=32 time=23ms TTL=42

Ping statistics for 74.125.68.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 239ms, Average = 78ms

C:\Users\konfigurasi>ping cacti.konfigurasi

Pinging cacti.konfigurasi [172.30.0.235] with 32 bytes of data:
Reply from 172.30.0.235: bytes=32 time=1ms TTL=63
Reply from 172.30.0.235: bytes=32 time<1ms TTL=63
Reply from 172.30.0.235: bytes=32 time<1ms TTL=63
Reply from 172.30.0.235: bytes=32 time=1ms TTL=63

Ping statistics for 172.30.0.235:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Users\konfigurasi>ping controller.konfigurasi

Pinging controller.konfigurasi [172.30.0.26] with 32 bytes of data:
Reply from 172.30.0.26: bytes=32 time=2ms TTL=127
Reply from 172.30.0.26: bytes=32 time=1ms TTL=127
Reply from 172.30.0.26: bytes=32 time=1ms TTL=127
Reply from 172.30.0.26: bytes=32 time=1ms TTL=127

Ping statistics for 172.30.0.26:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

C:\Users\konfigurasi>ping proxmox1.konfigurasi

Pinging proxmox1.konfigurasi [172.21.100.11] with 32 bytes of data:
Reply from 172.21.100.11: bytes=32 time=4ms TTL=59
Reply from 172.21.100.11: bytes=32 time=4ms TTL=59
Reply from 172.21.100.11: bytes=32 time=4ms TTL=59
Reply from 172.21.100.11: bytes=32 time=4ms TTL=59

Ping statistics for 172.21.100.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 4ms, Average = 4ms

Ok, selamat mencoba………………

OSPF Backbone Area MikroTik

Hi…

Kali ini kita akan mencoba konfigurasi dasar dari OSPF dimana masih berada di satu area yang sama yaitu Backbone area.

Ada tiga elemen dasar dari konfigurasi OSPF:

  • Enable OSPF instance
  • OSPF area configuration
  • OSPF network configuration

Menu OSPF ini sendiri berada di   /routing ospf instance. Untuk setup OSPF yang advance/lebih lanjut bisa menerapkan beberapa instance atau multi area. Sebagai permulaan, kita akan menggunakan “default” instance yang sudah ada.

Ok, kita lanjut konfigurasi sesuai dengan topologi diatas ya

Pertama, seting IP di tiap2 Router

R1

/ip address add address=10.10.10.1/30 interface=ether1
/ip address add address=10.10.10.10/30 interface=ether3
/ip address add address=1.1.1.1/24 interface=ether5

R2

/ip address add address=10.10.10.2/30 interface=ether1
/ip address add address=10.10.10.5/30 interface=ether2
/ip address add address=2.2.2.1/24 interface=ether5

R3

/ip address add address=10.10.10.6 /30 interface=ether2
/ip address add address=10.10.10.9/30 interface=ether3
/ip address add address=3.3.3.1/24 interface=ether5

Kemudian, buat instance di masing-masing router R1,R2,R3

routing ospf instance add name=default

Untuk versi 6 ini sudah ada default instance nya, jadi bisa kita skip langkah diatas.

Langkah selanjutnya adalah cek OSPF instance dimasing masing router

[admin@MikroTik] > routing ospf instance print
Flags: X - disabled, * - default
0 * name="default" router-id=0.0.0.0 distribute-default=never redistribute-connected=no
redistribute-static=no redistribute-rip=no redistribute-bgp=no redistribute-other-ospf=no
metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=auto
metric-other-ospf=auto in-filter=ospf-in out-filter=ospf-out

Seperti yang terlihat, bahwa router-id masih 0.0.0.0, hal ini berarti bahwa router akan menggunakan salah satu IP address yang ada dirouter sebagai router-id. Secara umum, disarankan untuk set loopback IP address sebagai router-id. Loopback IP address ini adalah virtual saja, yang hanya digunakan sebagai identitas router di dalan jaringan. Keuntungan lainnya adalah, loopck address selalu aktif dan tidak bisa di matikan sebagaimana physical interface. OPSF protocol menggunakan nya untuk berkomunikasi s=dengan sesama router dengan menggunakannya sebagai router-id.

Selanjutnya kita buat loopback interface dan set IP nya

R1

interface bridge add name=loopback
ip address add address=10.255.255.1/32 interface=loopback
routing ospf instance set 0 router-id=10.255.255.1

R2

interface bridge add name=loopback
ip address add address=10.255.255.2/32 interface=loopback
routing ospf instance set 0 router-id=10.255.255.2

R3

interface bridge add name=loopback
ip address add address=10.255.255.3/32 interface=loopback
routing ospf instance set 0 router-id=10.255.255.3

Selanjutnya adalah konfigurasi OSPF area. Backbone area sudah dibuat secara default pada RouterOS, jadi tidak diperlukan lagi tambahan konfigurasi. Perlu diingat bahwa backbone area-id selalu (nol) 0.0.0.0

Dan langkah terakhir adalah, menambahkan network yang ada pada masing masing router di OSPF area

R1

routing ospf network add network=1.1.1.0/24 area=backbone
routing ospf network add network=10.10.10.0/30 area=backbone
routing ospf network add network=10.10.10.8/30 area=backbone

R2

routing ospf network add network=2.2.2.0/24 area=backbone
routing ospf network add network=10.10.10.0/30 area=backbone
routing ospf network add network=10.10.10.4/30 area=backbone

R3

routing ospf network add network=3.3.3.0/24 area=backbone
routing ospf network add network=10.10.10.4/30 area=backbone
routing ospf network add network=10.10.10.8/30 area=backbone

Untuk network 10.10.10.0/30, 10.10.10.4/30 dan 10.10.10.8/30 bisa diringkas menjadi 10.10.10.0/24, sehingga sebenarnya konfigurasi bisa diringkas menjadi seperti berikut

R1

routing ospf network add network=1.1.1.0/24 area=backbone
routing ospf network add network=10.10.10.0/24 area=backbone

R2

routing ospf network add network=2.2.2.0/24 area=backbone
routing ospf network add network=10.10.10.0/24 area=backbone

R3

routing ospf network add network=3.3.3.0/24 area=backbone
routing ospf network add network=10.10.10.0/24 area=backbone

Nah, untuk memastikan, silahkan cek di masing masing router

R1

[admin@R1] > routing ospf interface print
Flags: X - disabled, I - inactive, D - dynamic, P - passive
# INTERFACE COST PRIORITY NETWORK-TYPE AUTHENTICATION AUTHENTICATION-KEY
0 D ether1 10 1 broadcast none
1 D ether3 10 1 broadcast none
2 D ether5 10 1 broadcast none

[admin@R1] > routing ospf neighbor print
0 instance=default router-id=10.255.255.3 address=10.10.10.9 interface=ether3 priority=1
dr-address=10.10.10.10 backup-dr-address=10.10.10.9 state="Full" state-changes=5 ls-retransmits=0
ls-requests=0 db-summaries=0 adjacency=24s

1 instance=default router-id=10.255.255.2 address=10.10.10.2 interface=ether1 priority=1
dr-address=10.10.10.2 backup-dr-address=10.10.10.1 state="Full" state-changes=6 ls-retransmits=1
ls-requests=0 db-summaries=0 adjacency=4s
[admin@R1] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADC 1.1.1.0/24 1.1.1.1 ether5 0
1 ADo 2.2.2.0/24 10.10.10.2 110
2 ADo 3.3.3.0/24 10.10.10.9 110
3 ADC 10.10.10.0/30 10.10.10.1 ether1 0
4 ADo 10.10.10.4/30 10.10.10.9 110
5 ADC 10.10.10.8/30 10.10.10.10 ether3 0
6 ADC 10.255.255.1/32 10.255.255.1 loopback 0

R2

[admin@R2] > routing ospf interface print
Flags: X - disabled, I - inactive, D - dynamic, P - passive
# INTERFACE COST PRIORITY NETWORK-TYPE AUTHENTICATION AUTHENTICATION-KEY
0 D ether5 10 1 broadcast none
1 D ether1 10 1 broadcast none
2 D ether2 10 1 broadcast none

[admin@R2] > routing ospf neighbor print
0 instance=default router-id=10.255.255.3 address=10.10.10.6 interface=ether2 priority=1
dr-address=10.10.10.6 backup-dr-address=10.10.10.5 state="Full" state-changes=6 ls-retransmits=0
ls-requests=0 db-summaries=0 adjacency=39m42s

1 instance=default router-id=10.255.255.1 address=10.10.10.1 interface=ether1 priority=1
dr-address=10.10.10.2 backup-dr-address=10.10.10.1 state="Full" state-changes=5 ls-retransmits=0
ls-requests=0 db-summaries=0 adjacency=39m51s

[admin@R2] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADo 1.1.1.0/24 10.10.10.1 110
1 ADC 2.2.2.0/24 2.2.2.1 ether5 0
2 ADo 3.3.3.0/24 10.10.10.6 110
3 ADC 10.10.10.0/30 10.10.10.2 ether1 0
4 ADC 10.10.10.4/30 10.10.10.5 ether2 0
5 ADo 10.10.10.8/30 10.10.10.6 110
10.10.10.1
6 ADC 10.255.255.2/32 10.255.255.2 loopback 0

R3

[admin@R3] > routing ospf interface print
Flags: X - disabled, I - inactive, D - dynamic, P - passive
# INTERFACE COST PRIORITY NETWORK-TYPE AUTHENTICATION AUTHENTICATION-KEY
0 D ether5 10 1 broadcast none
1 D ether2 10 1 broadcast none
2 D ether3 10 1 broadcast none

[admin@R3] > routing ospf neighbor print
0 instance=default router-id=10.255.255.1 address=10.10.10.10 interface=ether3 priority=1
dr-address=10.10.10.10 backup-dr-address=10.10.10.9 state="Full" state-changes=5 ls-retransmits=0
ls-requests=0 db-summaries=0 adjacency=41m18s

1 instance=default router-id=10.255.255.2 address=10.10.10.5 interface=ether2 priority=1
dr-address=10.10.10.6 backup-dr-address=10.10.10.5 state="Full" state-changes=5 ls-retransmits=0
ls-requests=0 db-summaries=0 adjacency=40m49s

[admin@R3] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADo 1.1.1.0/24 10.10.10.10 110
1 ADo 2.2.2.0/24 10.10.10.5 110
2 ADC 3.3.3.0/24 3.3.3.1 ether5 0
3 ADo 10.10.10.0/30 10.10.10.10 110
10.10.10.5
4 ADC 10.10.10.4/30 10.10.10.6 ether2 0
5 ADC 10.10.10.8/30 10.10.10.9 ether3 0
6 ADC 10.255.255.3/32 10.255.255.3 loopback 0