MANGLING DNS

RouterOS General
1

I would like to speed up as much as possible the web page opening
dns are a important part

now in my mangle I have at the first position p2p and then dns traffic, follows http/s and mail …


this is how i mangle the dns

68 ;;; DNS
dst-address=:53 protocol=udp action=accept mark-flow=dns

69 src-address=:53 protocol=udp action=accept mark-flow=dns

is it the correct way ?

2

You should also think of TCP(!) port 53. If a DNS packet (e.g. a large answer) big enough, DNS will switch to TCP instead of UDP…

3

ok thanks, and what about my other post about emule ?
you know a lot about it, any idea of the problem ?

4

you know a lot about it

Who said that? :wink:

Sorry, not much eMule experience here. But I’ll think about it…

5

gianluca, will you post your complete mangling rules? That way, we can see what you have done and what are you trying to achieve.

6

maybe a litle bit too long but this is it

[admin@MikroTik] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; P2P STREAMING
src-address=192.168.5.29/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.29

1 connection=p2p_con_5.29 action=accept mark-flow=p2p_5.29

2 src-address=192.168.5.58/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.58

3 connection=p2p_con_5.58 action=accept mark-flow=p2p_5.58

4 src-address=192.168.5.72/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.72

5 connection=p2p_con_5.72 action=accept mark-flow=p2p_5.72

6 src-address=192.168.5.106/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.106

7 connection=p2p_con_5.106 action=accept mark-flow=p2p_5.106

8 src-address=192.168.5.108/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.108

9 connection=p2p_con_5.108 action=accept mark-flow=p2p_5.108

10 src-address=192.168.5.109/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.109

11 connection=p2p_con_5.109 action=accept mark-flow=p2p_5.109

12 src-address=192.168.5.110/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.110

13 connection=p2p_con_5.110 action=accept mark-flow=p2p_5.110

14 src-address=192.168.5.113/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.113

15 connection=p2p_con_5.113 action=accept mark-flow=p2p_5.113

16 src-address=192.168.5.124/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.124

17 connection=p2p_con_5.124 action=accept mark-flow=p2p_5.124

18 src-address=192.168.5.135/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.135

19 connection=p2p_con_5.135 action=accept mark-flow=p2p_5.135

20 src-address=192.168.5.142/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.142

21 connection=p2p_con_5.142 action=accept mark-flow=p2p_5.142

22 src-address=192.168.5.182/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.182

23 connection=p2p_con_5.182 action=accept mark-flow=p2p_5.182

24 src-address=192.168.5.184/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.184

25 connection=p2p_con_5.184 action=accept mark-flow=p2p_5.184

26 src-address=192.168.5.187/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.187

27 connection=p2p_con_5.187 action=accept mark-flow=p2p_5.187

28 src-address=192.168.6.92/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.92

29 connection=p2p_con_6.92 action=accept mark-flow=p2p_6.92

30 src-address=192.168.6.113/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.113

31 connection=p2p_con_6.113 action=accept mark-flow=p2p_6.113

32 src-address=192.168.6.118/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.118

33 connection=p2p_con_6.118 action=accept mark-flow=p2p_6.118

34 src-address=192.168.6.120/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.120

35 connection=p2p_con_6.120 action=accept mark-flow=p2p_6.120

36 src-address=192.168.6.129/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.129

37 connection=p2p_con_6.129 action=accept mark-flow=p2p_6.129

38 src-address=192.168.6.150/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.150

39 connection=p2p_con_6.150 action=accept mark-flow=p2p_6.150

40 src-address=192.168.6.153/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.153

41 connection=p2p_con_6.153 action=accept mark-flow=p2p_6.153

42 src-address=192.168.6.157/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.157

43 connection=p2p_con_6.157 action=accept mark-flow=p2p_6.157

44 src-address=192.168.6.166/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.166

45 connection=p2p_con_6.166 action=accept mark-flow=p2p_6.166

46 src-address=192.168.6.177/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.177

47 connection=p2p_con_6.177 action=accept mark-flow=p2p_6.177

48 src-address=192.168.6.179/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.179

49 connection=p2p_con_6.179 action=accept mark-flow=p2p_6.179

50 src-address=192.168.6.180/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.180

51 connection=p2p_con_6.180 action=accept mark-flow=p2p_6.180

52 src-address=192.168.6.181/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.181

53 connection=p2p_con_6.181 action=accept mark-flow=p2p_6.181

54 src-address=192.168.6.183/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.183

55 connection=p2p_con_6.183 action=accept mark-flow=p2p_6.183

56 src-address=192.168.6.192/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.192

57 connection=p2p_con_6.192 action=accept mark-flow=p2p_6.192

58 src-address=192.168.6.196/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.196

59 connection=p2p_con_6.196 action=accept mark-flow=p2p_6.196

60 src-address=192.168.6.197/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.197

61 connection=p2p_con_6.197 action=accept mark-flow=p2p_6.197

62 src-address=192.168.6.171/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_6.171

63 connection=p2p_con_6.171 action=accept mark-flow=p2p_6.171

64 src-address=192.168.5.0/24 p2p=all-p2p action=passthrough mark-connection=p2p_con

65 connection=p2p_con action=accept mark-flow=p2p

66 src-address=192.168.6.0/24 p2p=all-p2p action=passthrough mark-connection=p2p_con_b

67 connection=p2p_con_b action=accept mark-flow=p2p_b

68 ;;; DNS
dst-address=:53 protocol=udp action=accept mark-flow=dns

69 src-address=:53 protocol=udp action=accept mark-flow=dns

70 ;;; SPEEDTEST telefonica
src-address=213.4.114.108/32 action=accept mark-flow=speed_test

71 ;;; terra
src-address=213.4.130.91/32 action=accept mark-flow=speed_test

72 ;;; http://www.dslreports.com
src-address=66.59.227.169/32 action=accept mark-flow=speed_test

73 ;;; http://www.adslayuda.com
src-address=69.93.147.210/32 action=accept mark-flow=speed_test

74 ;;; http://www.upseros.net
src-address=69.93.0.234/32 action=accept mark-flow=speed_test

75 ;;; HTTP/S
src-address=192.168.5.58/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.58_con

76 src-address=192.168.5.58/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.58_con

77 connection=http_5.58_con action=accept mark-flow=http_5.58

78 src-address=192.168.5.106/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.106_con

79 src-address=192.168.5.106/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.106_con

80 connection=http_5.106_con action=accept mark-flow=http_5.106

81 src-address=192.168.5.29/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.29_con

82 src-address=192.168.5.29/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.29_con

83 connection=http_5.29_con action=accept mark-flow=http_5.29

84 src-address=192.168.5.108/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.108_con

85 src-address=192.168.5.108/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.108_con

86 connection=http_5.108_con action=accept mark-flow=http_5.108

87 src-address=192.168.5.72/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.72_con

88 src-address=192.168.5.72/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.72_con

89 connection=http_5.72_con action=accept mark-flow=http_5.72

90 src-address=192.168.5.187/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.187_con

91 src-address=192.168.5.187/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.187_con

92 connection=http_5.187_con action=accept mark-flow=http_5.187

93 src-address=192.168.5.113/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.113_con

94 src-address=192.168.5.113/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.113_con

95 connection=http_5.113_con action=accept mark-flow=http_5.113

96 src-address=192.168.5.184/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.184_con

97 src-address=192.168.5.184/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.184_con

98 connection=http_5.184_con action=accept mark-flow=http_5.184

99 src-address=192.168.5.182/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.182_con

100 src-address=192.168.5.182/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.182_con

101 connection=http_5.182_con action=accept mark-flow=http_5.182

102 src-address=192.168.5.110/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.110_con

103 src-address=192.168.5.110/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.110_con

104 connection=http_5.110_con action=accept mark-flow=http_5.110

105 src-address=192.168.6.171/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.171_con

106 src-address=192.168.6.171/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.171_con

107 connection=http_6.171_con action=accept mark-flow=http_6.171

108 src-address=192.168.6.197/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.197_con

109 src-address=192.168.6.197/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.197_con

110 connection=http_6.197_con action=accept mark-flow=http_6.197

111 src-address=192.168.6.157/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.157_con

112 src-address=192.168.6.157/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.157_con

113 connection=http_6.157_con action=accept mark-flow=http_6.157

114 src-address=192.168.6.183/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.183_con

115 src-address=192.168.6.183/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.183_con

116 connection=http_6.183_con action=accept mark-flow=http_6.183

117 src-address=192.168.6.196/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.196_con

118 src-address=192.168.6.196/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.196_con

119 connection=http_6.196_con action=accept mark-flow=http_6.196

120 src-address=192.168.6.179/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.179_con

121 src-address=192.168.6.179/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.179_con

122 connection=http_6.179_con action=accept mark-flow=http_6.179

123 src-address=192.168.6.118/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.118_con

124 src-address=192.168.6.118/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.118_con

125 connection=http_6.118_con action=accept mark-flow=http_6.118

126 src-address=192.168.6.181/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.181_con

127 src-address=192.168.6.181/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.181_con

128 connection=http_6.181_con action=accept mark-flow=http_6.181

129 src-address=192.168.6.113/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.113_con

130 src-address=192.168.6.113/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.113_con

131 connection=http_6.113_con action=accept mark-flow=http_6.113

132 src-address=192.168.6.150/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.150_con

133 src-address=192.168.6.150/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.150_con

134 connection=http_6.150_con action=accept mark-flow=http_6.150

135 src-address=192.168.6.192/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.192_con

136 src-address=192.168.6.192/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.192_con

137 connection=http_6.192_con action=accept mark-flow=http_6.192

138 src-address=192.168.6.92/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.92_con

139 src-address=192.168.6.92/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.92_con

140 connection=http_6.92_con action=accept mark-flow=http_6.92

141 src-address=192.168.6.166/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.166_con

142 src-address=192.168.6.166/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.166_con

143 connection=http_6.166_con action=accept mark-flow=http_6.166

144 src-address=192.168.6.177/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.177_con

145 src-address=192.168.6.177/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.177_con

146 connection=http_6.177_con action=accept mark-flow=http_6.177

147 src-address=192.168.6.180/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.180_con

148 src-address=192.168.6.180/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.180_con

149 connection=http_6.180_con action=accept mark-flow=http_6.180

150 src-address=192.168.6.153/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.153_con

151 src-address=192.168.6.153/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.153_con

152 connection=http_6.153_con action=accept mark-flow=http_6.153

153 src-address=192.168.6.129/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.129_con

154 src-address=192.168.6.129/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.129_con

155 connection=http_6.129_con action=accept mark-flow=http_6.129

156 src-address=192.168.6.120/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_6.120_con

157 src-address=192.168.6.120/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_6.120_con

158 connection=http_6.120_con action=accept mark-flow=http_6.120

159 src-address=192.168.5.109/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.109_con

160 src-address=192.168.5.109/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.109_con

161 connection=http_5.109_con action=accept mark-flow=http_5.109

162 src-address=192.168.5.124/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.124_con

163 src-address=192.168.5.124/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.124_con

164 connection=http_5.124_con action=accept mark-flow=http_5.124

165 src-address=192.168.5.142/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.142_con

166 src-address=192.168.5.142/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.142_con

167 connection=http_5.142_con action=accept mark-flow=http_5.142

168 src-address=192.168.5.135/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.135_con

169 src-address=192.168.5.135/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.135_con

170 connection=http_5.135_con action=accept mark-flow=http_5.135

171 src-address=192.168.5.102/32 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_5.102_con

172 src-address=192.168.5.102/32 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_5.102_con

173 connection=http_5.102_con action=accept mark-flow=http_5.102

174 src-address=192.168.5.0/24 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_con

175 src-address=192.168.5.0/24 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_con

176 connection=http_con action=accept mark-flow=http

177 src-address=192.168.6.0/24 dst-address=:80 protocol=tcp action=passthrough mark-connection=http_b_con

178 src-address=192.168.6.0/24 dst-address=:443 protocol=tcp action=passthrough mark-connection=http_b_con

179 connection=http_b_con action=accept mark-flow=http_b

180 ;;; MAIL
src-address=:110 protocol=tcp action=accept mark-flow=mail

181 dst-address=:110 protocol=tcp action=accept mark-flow=mail

182 dst-address=:25 protocol=tcp action=accept mark-flow=mail

183 src-address=:25 protocol=tcp action=accept mark-flow=mail

184 ;;; REMOTE ACCESS
src-address=80.33.155.66/32 action=passthrough mark-connection=RE_access_con

185 src-address=62.57.100.0/24 action=passthrough mark-connection=RE_access_con

186 src-address=192.168.5.106/32 dst-address=192.168.5.9/32 action=passthrough mark-connection=RE_access_con

187 connection=RE_access_con action=accept mark-flow=RE_access

188 ;;; albura desde aui.com
src-address=80.251.75.5/32 action=accept mark-flow=speed_test

189 ;;; acens desde aui.com
src-address=217.116.2.136/32 action=accept mark-flow=speed_test

190 ;;; arsys desde aui.com
src-address=217.76.134.15/32 action=accept mark-flow=speed_test

191 ;;; arrakis desde aui.com
src-address=195.5.65.181/32 action=accept mark-flow=speed_test

192 ;;; http://www.velocimetro.org
src-address=212.81.128.129/32 action=accept mark-flow=speed_test

193 protocol=icmp action=passthrough mark-connection=system_commands_con

194 dst-address=:23 protocol=tcp action=passthrough mark-connection=system_commands_con

195 connection=system_commands_con action=accept mark-flow=system_commands

196 src-address=:4662 protocol=tcp action=passthrough mark-connection=emule_general_con

197 dst-address=:4662 protocol=tcp action=passthrough mark-connection=emule_general_con

198 ;;; ALL THE REST
action=accept mark-flow=all_the_rest

7

cmit if you can help me on the emule, my email is gianred123@yahoo.it many many thanks

8

is this complete about dns

68 ;;; DNS
dst-address=:53 protocol=udp action=accept mark-flow=dns

69 src-address=:53 protocol=udp action=accept mark-flow=dns

70 src-address=:53 protocol=tcp action=accept mark-flow=dns

71 dst-address=:53 protocol=tcp action=accept mark-flow=dns

9

That’s about all DNS could be… :wink:
Yes, that should mark all DNS traffic.