currently my MikroTik router redirects all incoming DNS requests to another DNS server in my network via a NAT rule.
Is it possible to filter for the content inside the received DNS requests to only forward those requests not destined for a specific domain?
Note: The plan is to create static DNS entries for the DHCP leases on my MikroTik router and all requests for *.internal.mydomain.com shall be answered by the MikroTik router and not be forwarded to the separate DNS server.
Checking contents of received packet (which is L7 filtering) probably won’t do … it works to break connection though.
Reasoning: when initial packet arrives at router which has to do NAT, it has to decide about destination based on what initial packet carries. That’s L2, L3 and L4 information (i.e. protocol and port number). With UDP the initial packet may already carry some data (up to 1400 bytes or so, limited by MTU), with TCP only the second packet (travelling from client towards server) or (more often) third one carries traffic. And by that time, connection between client and server is already established and it’s impossible to “move” the already on-going connection to different server.
That said, what’s keeping you from using (conditional) DNS forwarding, either by using your Mikrotik as a primary DNS server to your existing DNS server or vice versa?
If I’m not missing something here, this should be possible using FWD static DNS entries instead of NAT.
regex entries are processed before “normal” static entries.
If clients use ROS DNS first, adding a regex FWD entry matching urls not going to your internal domain(s) should work