Redirecting ports

netcomp · July 23, 2004, 7:49am

Hi there.

I have setup like this:

Gateway (mikrotik) 10.0.0.4
DNS server (same) 10.0.0.4
DNS2 server (Win) 10.0.0.5

now, my clients have gateway 10.0.0.4 and dns 10.0.0.4, but, I want to disable Mikrotiks DNS cache, so I need firewall rulle which will redirect all requests to Windows DNS server, but I repeat I dont’ want Mikrotik to be DNS server, and also I dont want to reconfigure all clients manualy so the DNS is 10.0.0.5.

Question is why I don’t want Mikrotik as DNS server. Answer is that I think that there is a bug in DNS cache, it is always sending DNS requests to its DNS parrent, and it is consuming too much internet sometimes even 128kbit and here Internet is very expensive .

cmit · July 23, 2004, 8:24am

To redirect DNS requests you should create a dst-nat rule in the firewall section. Example:

/ip firewall dst-nat add protocol=udp dst-port=53 dst-address=10.0.0.4/32 to-dst-address=10.0.0.5 action=nat
/ip firewall dst-nat add protocol=tcp dst-port=53 dst-address=10.0.0.4/32 to-dst-address=10.0.0.5 action=nat

You should both redirect TCP and UDP packets, as DNS normally uses UDP packets, but for larger requests/replies TCP could get used.

netcomp · July 23, 2004, 8:39am

Thanks allot, I’ll try this later, I was trying something before, but not nat, redirect and used only TCP, I totaly forgot about UDP :(.