DNS Re-Direct

joshelhoff · August 21, 2008, 7:24pm

Here’s the situation:
We’re using our upstream provider’s DNS servers. They’re shutting them down. All of our clients have them statically defined on their pc.

Can I set up a rule on the mikrotik to re-direct their DNS requests to the new servers while I get them all switched over to DHCP?

changeip · August 21, 2008, 8:50pm

sure, use dst-nat.

Pepo · August 21, 2008, 9:14pm

Please my friends, put to us a quick example for that you say

changeip · August 21, 2008, 9:39pm

/ip firewall nat add action=dst-nat out-interface=0-coxRes dst-address=1.2.3.4 dst-port=53 protocol=udp to-addresses=5.6.7.8

joshelhoff · August 22, 2008, 11:18am

So this is what I tried and no dice. When I do a nslookup on my pc on the inside interface it still queries the 1.2.3.4 dns server. Instead of the new 5.6.7.8 dns. I’m running V3.11 on an RB600.

/ip firewall nat add action=dst-nat out-interface=AliantDemarc dst-address=1.2.3.4 dst-port=53 pro
tocol=udp to-addresses=5.6.7.8

Any thoughts?

I’ve got about 500 people to get in touch with and get them to switch to DHCP just trying to buy some more time do it before the old DNS servers are taken down.

mrz · August 22, 2008, 11:21am

redirect all dns requests to your router. And specify correct dns servers in /ip dns primary-dns and seconary-dns

joshelhoff · August 22, 2008, 12:23pm

I have the DNS servers listed in the Tik, could you do me a favor and provide an example of how to redirect the DNS traffic to the TIK?

Thks!

mrz · August 22, 2008, 12:27pm

/ip firewall nat
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=udp to-ports=53

frogman79 · August 22, 2008, 1:21pm

Little trick we used when the listed DNS servers that our techs where programing into installs became unavailable. At least it works for us.

/ip firewall mangle
add action=mark-packet chain=prerouting comment=“DNS REDIRECT MANG RULE”
disabled=no dst-port=53 new-packet-mark=dns_redirect passthrough=yes
protocol=udp

/ip firewall nat
add action=dst-nat chain=dstnat comment=“DNS REDIRECT” disabled=no
packet-mark=dns_redirect protocol=udp to-addresses=XXX.XXX.XXX.XXX
to-ports=53

Doesn’t matter where the computer wants to go, the MT grabs the DNS connection, marks that packet and then dst-nat’s it to the DNS server of your choice.

joshelhoff · August 22, 2008, 1:30pm

Cheers Guys! Really appreciate all the input!