- OpenDNS addresses set on the routerboard for DNS (208.67.222.222, 208.67.220.220)
- Gateway address (w.x.y.1) pushed out via DHCP as the only DNS server address (w.x.y.1).
- Allow tcp/udp 53 to w.x.y.1 on internal
- Block tcp/udp 53 on internal
/ip firewall nat
add action=redirect chain=dstnat comment="redirect dns to router" dst-port=53 in-interface=localbridge protocol=udp