I see in documentation that one can include content=xxxx
I know this can be done with “layer7” but for simplicity I’m trying to match using content=xxx.
My scenario is this: I need to redirect DNS queries for the domain name “aaa.b-c.d” to a specific DNS server. So I added
And when I do dig “dig aaa.b-c.d”, the packets are matched. I also tried to match content=b-c and it also worked as expected.
It looks like the dot in the string is causing the problem. I tried adding backslash () in front of the dots and it didn’t work also.
Anyone has an idea on what can be happening here=
This should be handled on DNS server side with forwarding, not firewall, if 10.1.1.200 is ROS DNS server then by adding forward static record (help page), eg.:
if you want to forward for any host on .b-c.d domain (*.b-c.d):
Interesting tip but in my case users must use a corporative DNS server, not mikrotik’s one.
But even if they could, my question is why the filters can’t match a string that contains dots and how to solve it. In this case what I want to do is to match DNS packets but it could be any other protocol.
I would suggest to look at the packets sniffer before trying to match anything.
If you look at DNS query you will see that what you think is a dot is not a dot. Separator is non-printable character and cannot be matched with “content” parameter.
Yes, but in this case it’s an internal problem of the company. I must redirect some queries to a VPN, but the IP is not always the same. I must redirect the DNS queries first but I don’t know to redirect all DNS queries. Only for this domain name.
Try with hairpin DNS port to ROS DNS and set static forward rules there as explained in above post. In such case you will have additional DNS in the middle.
