Conditional DNS Forwarding Question

Howdy!

I’ve set up conditional DNS Forwarding by using the following commands:

/ip firewall layer7-protocol add name=domain.com regexp=domain.com
/ip firewall mangle add chain=prerouting dst-address=192.168.88.1 layer7-protocol=domain.com action=mark-connection new-connection-mark=domain.com-forward protocol=tcp dst-port=53
/ip firewall mangle add chain=prerouting dst-address=192.168.88.1 layer7-protocol=domain.com action=mark-connection new-connection-mark=domain.com-forward protocol=udp dst-port=53
/ip firewall nat add action=dst-nat chain=dstnat connection-mark=domain.com-forward to-addresses=<Forwarded DNS Server IP>
/ip firewall nat add action=masquerade chain=srcnat connection-mark=domain.com-forward

I was wondering, does this forward just the A record for domain.com? Will it also forward http://www.domain.com? How about subdomain1.domain.com? Will I have to redo-follow those steps to setup the subdomains as well?

Thanks!

This would have sooooo many false positives. Your regexp means domaincom. Start reading here how to create proper regexp and if it’s not clear enough, look for few other examples here.

You should just use the DNS proxy feature and specify the domain you want to redirect as a static entry.
Be sure that your INPUT fireall filter blocks incoming DNS queries (udp port 53) so that you don’t get drafted as a soldier in a DDoS war.