Community discussions

MikroTik App
  4. RouterOS
  5. General

How to mangle DNS traffic correctly

Post Reply
 
User avatar
JMLabs
just joined
Topic Author
Posts: 2
Joined: Thu Dec 21, 2023 6:53 pm
Location: Stuttgart

How to mangle DNS traffic correctly

Sun Feb 25, 2024 2:31 pm

Hello! Please help me with the task of marking DNS traffic. I have configured torrent traffic blocking using layer7 filters and mangle in the forward chain. But unfortunately, DNS requests get into my filters. I have made two rules and they work for outgoing traffic:
Code: Select all
chain=forward action=mark-connection new-connection-mark=dns_cmark passthrough=yes protocol=udp dst-port=53 log=no log-prefix="" 
chain=forward action=mark-packet new-packet-mark=dns-pmark passthrough=no connection-mark=dns_cmark log=no log-prefix=""
My questions:
1. Is there any way to determine the DNS connection other than through the dst port?
2. Is it correct to put my rules into the forward chain or do I need to put them into prerouting?
3. My rules do not mark responses from DNS servers

I will be very grateful for your advice.
PS. RouterBOARD 952Ui-5ac2nD RouterOS 6.49.13
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], anav, johnson73, jurajhampel, sauregurkenzeit, steelseries and 29 guests
  4. RouterOS
  5. General