How to Force Wlan Users to Use Specific DNS servers?

RouterOS Beginner Basics
1

Hi All,

I am trying to use custom DNS servers only for Wlan users(using different subnets/SSIDs as well). I have already done the below script but it wont work so far.

add action=dst-nat chain=dstnat dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS2 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS2 to-ports=53

tried using subnets for as following as well, still wont work. :frowning:

add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS2 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS2 to-ports=53

test.wlan is the SSID I use with subnets so users can connect to the network.
it works when I do use the DNS under ip/dns which applies to whole network
What am I missing here? Please let me know how to do this properly.

Thanks a lot. :slight_smile: :slight_smile: :slight_smile:

2

in-interface must be an actual interface e.g wlan1, wlan2 etc. It cannot be an ssid.

Also you can only redirect to one DNS server, so one rule for UDP and one rule for TCP.


add action=dst-nat chain=dstnat dst-port=53 in-interface=wlan1 protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=wlan1 protocol=tcp to-addresses=DNS1 to-ports=53

or

add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 protocol=tcp to-addresses=DNS1 to-ports=53

Hope this helps.

3

Thanks for the valuable reply mate.

What about if I use different subnets for each SSID? will that helps?

add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=udp to-addresses=DNS1 to-ports=53
add action=dst-nat chain=dstnat src-address=(Subnet/24) dst-port=53 in-interface=test.wlan protocol=tcp to-addresses=DNS1 to-ports=53

used above command lines as well. still no luck.

4

Use only source subnet in your rules should resolve that.

You can use in-interface as well but from your earlier post I thought test.wlan was an SSID not an interface ?