Hi all,
I observed a strange behavior of a few RouterOS devices recently.
A few assumptions stated up front:
- DNS (UDP/p53) is available from the WAN
- The RouterOS device uses a foreign DNS resolver (e.g., Google DNS / 8.8.8.
- The device is on a network that does not forbid IP spoofing
If I then perform a DNS lookup using this device, the DNS response is coming from the iterative resolver (and not from the device). As an example:
$ dig @193.43.228.117 example.com
;; reply from unexpected source: 8.8.8.8#53, expected 193.43.228.117#53
I suspect that the NAT is broken in these setups. Unfortunately, I do not own a RouterOS device, so I cannot test this. But do you see similar behaviors with your RouterOS boxes? If so, what is going on exactly?
Thanks!
-C