Hi all,

I've a network with one Domain Controller (Server Microsoft) and some PCs under domain.
I've to create some NAT rules in Mikrotik to redirect all DNS requests (on port 53) to different Public IPs (and ports) based on the source IP that started the request.

The problem is that all PCs use the IP of DC as only DNS so all DNS requests are sent to the DC and then to Mikrotik.
In this way all them have the same source IP (the Server Microsoft Private IP) and I can't see the PCs IP that started the request.

There is a method to redirect DNS requests, based on the PCs that sent the request, in a scenario with DC Server?

Thanks a lot and have a good day,

Marco

No you cannot do that as far as I know on a DC. In this case your best bet is to add a other DNS server that can perform what you want and redirect all clients to this DNS. Make sure DNS for the domain works aswell. Maby a tiny Linux server with BIND could allow you to do what you want?
You also get the benefit of not having to solve things in the network layer that should be solved on server or client layer.

For domain-joined workstations it is mandatory to have AD aware DNS servers configured. If You will configure DNS server on them, which knows nothing about AD, it will break domain authentication.

Hello,
In the meanwhile thanks a lot for your quick answers.

Unfortunately I can't add or change anything in the network and, as you correctly said, I can't change the DNS of the internal devices because they need to resolve internal names such as the DC name.

I thought there was a method to see the original source in the Mikrotik.

Thanks again for your support and have a good day,

Marco