Hello! Please help me with the task of marking DNS traffic. I have configured torrent traffic blocking using layer7 filters and mangle in the forward chain. But unfortunately, DNS requests get into my filters. I have made two rules and they work for outgoing traffic:
chain=forward action=mark-connection new-connection-mark=dns_cmark passthrough=yes protocol=udp dst-port=53 log=no log-prefix=""
chain=forward action=mark-packet new-packet-mark=dns-pmark passthrough=no connection-mark=dns_cmark log=no log-prefix=""
My questions:
- Is there any way to determine the DNS connection other than through the dst port?
- Is it correct to put my rules into the forward chain or do I need to put them into prerouting?
- My rules do not mark responses from DNS servers
I will be very grateful for your advice.
PS. RouterBOARD 952Ui-5ac2nD RouterOS 6.49.13