I was wondering if I could exempt a group of machines from getting their DNS redirected using mac addresses.
I used this solution for redirection of DNS: https://wiki.mikrotik.com/wiki/Force_users_to_use_specified_DNS_server
And I succesfully exempt a machine using a single mac address but it doesn’t allow me to add more. Is there a way to add more without adding another NAT rule?
You can’t match multiple MAC addresses in one rule. But you can do for example this:
/ip firewall nat
add action=jump chain=dstnat dst-port=53 jump-target=dns protocol=tcp to-addresses=192.168.88.1 to-ports=53
add action=jump chain=dstnat dst-port=53 jump-target=dns protocol=udp to-addresses=192.168.88.1 to-ports=53
add action=return chain=dns src-mac-address=01:02:03:04:05:06
add action=return chain=dns src-mac-address=02:03:04:05:06:07
add action=return chain=dns src-mac-address=03:04:05:06:07:08
add action=redirect chain=dns
Last rule with action=redirect assumes that you redirect requests to router itself. If not and you want to use external address, then use “action=dst-nat to-addresses=” instead.