Hello.
How to configure mikrotik so it will force use of ipv4 for some sites?
I have configured sit tunnel to tunnel broker, but some sites not open or blocked in ipv6, so i want to use ipv4 for them instead.
Tried to create statis DNS entries, but PC still use ipv6 addresses to connect (nslookup shows also ipv6 addresses).
Thanks in advance!
If client devices resolve both IPv4 and IPv6 addresses for a target site they will use IPv6 in preference to IPv4 to connect. AFAIK Android and iOS implement ‘Happy Eyeballs’ for fast fallback to IPv4, and some PC programs do but I don’t believe Windows itself does.
Static IPv6 NXDOMAIN DNS entries should work, but trying to find all of the entries required for sites using content delivery networks will be next to impossible.
looks like you have pmtu issues inside tunnel, did you add mangle rule in ipv6 firewall?
/ipv6 firewall mangle
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu out-interface=your_tunnel_interface passthrough=yes protocol=tcp tcp-flags=syn
You could also block based on FQDN - for example:
/ipv6 firewall address-list add list=block_site address=www.google.com
/ipv6 firewall filter add chain=forward place-before=1 connection-state=new dst-address-list=block_site out-interface-list=WAN action=reject reject-with=icmp-admin-prohibited
Does have the disadvantage of relying on DNS to ensure the address-list is accurate.
thanks, this worked 