Redirect DNS Queries

jorj · September 11, 2007, 11:49am

I am in course of changing one of the providers.

Big part of my clients use the dns servers of my current provider: xxx.yyy.www.1 and xxx.yyy.www.2
How can I catch all dns requests to those servers, and redirect them to the new ones of the new provider, much closer in the new setup ? ( so, all dns reqs. for xxx.yyy.www.1 and xxx.yyy.www.2, or better all dns requests be directed to some ip of my choice - my gw, for example, wich does dns caching, with allow remote requests ?)

thx. in advance.

csickles · September 11, 2007, 4:40pm

You can intercept them and redirrect them.
I would 1st create a rule (firewall) that when a paket for XXX.XXX.XXX.XXX (old dns)
is seen, it forwards it to the new DNS server address.
I would also create a drop rule to catch any that “got away”.

TO keep it easy to manage I would create a new chain IE “DNS_Redirrect”
I would place the “test” rule (look for the DNS traffic) in the forwarding chain
and then forde a jump into the “DNS_Redirrect” chain.
and place the redirrection and drop rules there.

There are other methods as well..

The best person to ask RE DNS issues arround here is Probably “Change-IP” as that is what he does… Sam any ideas ???

Craig

jorj · September 11, 2007, 6:47pm

Thank you, but not much help, till now.

/ ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=redirect to-ports=53 disabled=no

Would the above redirect dns requests to local address of router ?

csickles · September 11, 2007, 10:37pm

I think you would want it in the FORWARD chain.

Craig

yancho · September 12, 2007, 6:26am

DNS mostly is UDP not TCP !!!

This works for me like a charm:

/ ip firewall nat 
add chain=dstnat protocol=udp dst-port=53 action=redirect to-ports=53 \
    comment="" disabled=no 
add chain=dstnat protocol=tcp dst-port=53 action=redirect to-ports=53 \
    comment="" disabled=no

/ ip dns 
set primary-dns=xxx.xxx.xxx.xxx secondary-dns=yyy.yyy.yyy.yyy allow-remote-requests=yes \
    cache-size=1024KiB cache-max-ttl=1w

jorj · September 12, 2007, 12:18pm

Thank you.
Trying that right now.
In my code, speed typo mistake. UDP put in there.
I’ll check redirects tonight, and be back here.

kanch · September 12, 2007, 1:17pm

just enter new dns info under ip/dns

csickles · September 12, 2007, 3:39pm

Correct..

I did not notice the TCP in your rules.

Craig

jorj · September 14, 2007, 6:27am

Done that already.

Made it, and it is ok. with redirect to ports=53
( the whole point is to intercept clients requests for old dns servers, wich now are far away, and redirect them to local cache, or to new ones, much closer, without having to reconfigure clients.
I do know ho to reconfigure router for new dns. But to reconfigure few hundred clients is … trivial task… and time consuming.

Thank you all.

/topic close
/jorj out