right now, i redirect all my dhcp client to use opendns, so how do i add my selected local ip to bypass the opendns and use back my service provider dns?


Sent from my iPhone using Tapatalk

I don't understand question mixing DHCP and DNS, if you refer to DHCP then make sure to have checked "Use Peer DNS" under your IP>DHCP Client settings.

my service provider uses this dns:-
1.9.1.9, 202.188.0.132 . I manage to redirect all my local dhcp client to use the opendns dns which is 208.67.220.220, 208.67.222.222. So how do i exclude or add in the local ip to use back my service provider dns?


Sent from my iPhone using Tapatalk

Set up OpenDNS entries in IP > DNS > Servers and make sure to check Use Peer DNS for your IP > IP Client of your WAN port. This will cause your DHCP server to propagate all four addresses.
If you want only your ISP's DNS on your Windows, I'd suggest to modify your network adapter IPv4 properties and set manually there.

For performance reasons I suggest using the internal DNS server of your Mikrotik as DNS server for all clients. You can forward requests to any DNS server you like, either OpenDNS or your provider. Still not clear what you would like to accomplish.

i have added some rules in my firewall/nat in which all my local traffic will be redirect to use 208.67.222.222, 208.67.220.220 (opendns) as the dns. example if i would like my ip which is "192.168.0.1" to use back my local provider dns, how do i do it? modifying the ipv4 properties manually doesn't helps too. i tried changing it manually to 1.9.1.9 , 202.188.0.132 , but its not working.


Sent from my iPhone using Tapatalk

I agree in not seeing a reason for this - but we're not here to discuss reasons but to provide help :-)

I would give this one a try:
EDIT: you say you have added fw rules to redirect all traffic to openDNS - that may be the reason why your manual change of DNS server doesn't work.
Put my rule atop your other DNS-modifying dst-nat rules.

-Chris

thanks mate, will give it a try by tomorrow and update the results, the reason for this is "192.168.0.1 " is an administrator pc ip, so using back the service provider dns will unblock/unrestricted lotsa website as i have set to block lotsa categories in the opendns that i have set it.


Sent from my iPhone using Tapatalk

define custom DHCP option for local DNS
set this option for selected leases

so how do i do that?


Sent from my iPhone using Tapatalk

the code given is not working, btw, here is the code that i added to catch the dns traffic:-


/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=208.67.222.222 to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.222.222 to-ports=53 protocol=udp dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat to-addresses=208.67.220.220 to-ports=53 protocol=udp dst-port=53

* Anyone has another code that works to by pass this rules ?

Make a list with addresses excluded from OpenDNS: And then do one of the following:

a) Add accept rule before your existing rules: b) Modify your existing rules like this: And you only need two, one for udp and one for tcp. The other two won't ever get used, because all dns packets are caught by first two.

ok, thanks buddy, will try it later and update it


Sent from my iPhone using Tapatalk

i tried the code as given by "sob", its working good, many thanks mate.


Sent from my iPhone using Tapatalk