Here’s my setup:
- I have 2 sites: HOME with 10.0.0.1/24 and REMOTE with 10.10.10.1/24
- There’s a wireguard server on REMOTE and a wireguard peer on HOME, which gets 10.10.11.69
- There is proper routing configured from 10.0.0.0 to 10.10.10.0 via 10.10.11.69
- HOME is doing NAT for outbound connections to REMOTE, so from their perspective every host in HOME is visible as 10.10.11.69
This setup works correctly, I can reach the REMOTE hosts via their IP addresses, both from HOME router and from HOME LAN devices.
Now - the REMOTE mikrotik has static DNS entries configured, e.g. example.remote.dev A 10.10.10.2. I can resolve this from my HOME LAN via nslookup example.remote.dev 10.10.10.1 and is resolves correctly.
I would like to somehow achieve a conditional DNS resolution, i.e. if a client on my HOME network asks my HOME router for any subdomain of *.remote.dev, I would like the HOME router to use the REMOTE router (10.10.10.1) for resolution.
I’ve successfully achieved this in Adguard, by simply adding [/remote.dev/]10.10.10.1 as an upstream DNS, but I want this to happen on HOME mikrotik as this is the source-of-truth for all DNS resolution for my LAN.
I’m wondering - is there maybe some smart firewall NATting I could do, using the content field to achieve this? (or layer7?)
I imagine a scenario, in which HOME receives a UDP packet with DNS request with the content of “remote.dev” it would NAT the packet and send out to 10.10.10.1 for processing. Is something like this possible?