Hello.
Since Mikrotik have no plan to add a DNScrypt function, I just setup one myself, now the DNS proxy server run several instance at the same IP same time, but on different port, but here's some problems:
1. Neither Mikrotik nor Windows support DNS not on port 53.
2. So I try a workaround: set the DNS to some non-exist IP, then use NAT function to route them to my server, map one "virtual" IP per port. First I tried the same /24 range and failed, the packet not even logged, I think it just go through the the hardware switch.
3. Then I try use some different IP range, now the packet get logged, but still not redirect correctly, I set the following:
Chain: dstnat
Src.address: 192.168.88.0/24 (my real Lan range)
Dst.address: 192.168.10.50 (one of the fake no existing IP)
Protocol: 17(udp)
Dst.port: 53
Action: dst-nat
To Address: 192.168.88.5 (My DNScrypt server)
To ports: 49100 (One of the DNScrypt server port listening)
Others are not set.
The log shows:
dstnat: in:bridge-local(ether2-master-local) out:(none), src-mac XX:XX:XX:XX:XX:XX, proto UDP, 192.168.88.254:XXXXX->192.168.10.50:53, len XX
192.168.88.254 is the testing client, the logging source port and len values are variable, lens from 56 to 71 observed, most 71.
But the DNS is still not working, I tried TCP and still fails, is the port mapped correctly? Or is the reply also need mapping? Or any other workarounds?
The server was tested on port 53 successfully.
Thank you.