Hi,
I have been struggling with my DNS configuration on my RB2011 Mikrotik Router. The configuration is:
2 Modems, one cable operator, one VDSL> Both on bridge mode and connected with PPP and DHCP clients.
1 L2TP VPN interface.
LAN is 192.168.1.0/24
Because my country (Turkey) blocks DNS requests to international name servers and even hijacks requests to some domains including but not limited to wikipedia, imgur etc, I am trying to tunnel my dns queries. I have succeeded by creating a mangle rule that marks all dns queries on port 53 and then creating a static route for the marked packets on the L2TP connection. I also added a few more additional rules that route the actual traffic to these sites.
So basically when I want to go some generic web site, the DNS query is tunneled over VPN but the connection to the site is routed over my Cable/VDSL connection (Destination site sees my real IP). When I want to go to a banned site, both DNS queries and traffic to the actual site are tunneled over VPN and this is also working perfectly.
Problem is, when I want to use internal DNS on my Mikrotik router (Define 192.168.1.1 in Windows DNS configuration) router connects directly to the ISP assigned DNS, ignoring the mangle rule. This of course causes problems because the DNS request for a banned site is directly dropped. I can keep on using a external DNS server on my computer but in this case I loose the ability to define static address functionality in Mikrotik which I use a lot (Editing /etc/hosts on Windows and Linux is not a solution for me since I also work with MIPS based embedded platforms which lack that kind of functionality)
So my question is, how I can modify/extend the mangle rule I created for tunneling DNS requests over VPN to the actual Mikrotik DNS service so I can use it as my main DNS.