Helo experts,

Does anyone have any ideea how to catch dns query packets, and not catch anything else?

thanks.

53/udp

what exactly do you need?

i dont want to catch all dns protocol, only request (first flag bit = 0).

i want to properly cache dns, caching only request types, and not catch other dns packets (like a computer registering it's name).

mikrotik guru's,

any idea?

When you enable DNS caching in RouterOS, it will cache all queries made through the DNS protocol (port 53). However, you can search this cache if you need information from it:

not exacly what i need.

if i use transparent dns proxy on that box it will catch both dns requests and other dns packets (like machine registrations).
If i catch other dns packets, my computers will not register in the main dns and most internal services (like active directory) will not work.

I was thinking about creating an nat rule that will transparently route dns packets, only if they are request type, and not anything else.
The closest thing that came to mind was L7 regex, but i dont know if it is possible to create an regex expression that will match on a bit-level information.

Is there any other solution?