How to force dns resolution using tcp protocol?

steven99 · December 15, 2012, 5:38pm

Hello

In my RB751, I’ve set / the ip dns servers = 8.8.8.8, RB751 the default the use udp/53 and the the Google Dns contacted.

But in China, Google DNS has been polluted (DNS cache poisoning / pollution), we can not get the correct ip address.

We tested, if RB751dns support tcp session, will solve this problem. Google DNS support both TCP / UDP protocols.

How to force RB751 dns server TCP protocol used to send the resolution request, without default of UDP, I did not find a solution.

Thanks in advance!

Steven

jgellis · February 26, 2013, 6:24pm

I don’t have a RB751 or work out of China, so use at your own risk. If you block UDP/53, as above, it should attempt on TCP/53. Don’t forget to change out-interface, as appropriate.

/ip firewall filter
add chain=output protocol=udp dst-port=53 out-interface=ether1 action=drop
add chain=forward protocol=udp dst-port=53 out-interface=ether1 action=drop