Hello all

i have two different dns google and opendns how to redirect lan to specific dns example 192.168.1.x/24 to google dns and 192.168.2.x/24 to opendns come you give some tutorial examples please

thanks

You have 2 subnets, so you probably have 2 dhcp servers? The DHCP server tells clients which DNS to use.

IP > DHCP Server > Networks
You should have two Lans defined in there. Edit the records, that's where the DNS settings are that the DHCP server will tell clients to use.

You have 2 subnets, so you probably have 2 dhcp servers? The DHCP server tells clients which DNS to use.

IP > DHCP Server > Networks
You should have two Lans defined in there. Edit the records, that's where the DNS settings are that the DHCP server will tell clients to use.

yeah i have multiple vlans as describe or do i leave ip/dns black and set remote request? im on xxx.xxx.108.x rightnow which these dchp give 8.8.8.8 google dns but i tried browse pornsite but still block is there anything to tweak the scenario?

[myron@Fairways Boracay] /ip dhcp-server network> print
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 ;;; cctv_network
192.168.50.0/24 192.168.50.1 192.168.50.1
1 ;;; doorlock_network
192.168.51.0/24 192.168.51.1 192.168.51.1
2 ;;; vnetwork_network
192.168.90.0/24 192.168.90.1 192.168.90.1
3 ;;; s.management_network
192.168.99.0/24 192.168.99.1 208.67.220.123
208.67.222.123
4 ;;; servers_network
192.168.100.0/24 192.168.100.1 192.168.100.1
5 ;;; offices_network
192.168.101.0/24 192.168.101.1 192.168.101.1
6 ;;; managers_network
192.168.108.0/24 192.168.108.1 8.8.8.8
8.8.4.4
7 ;;; datacenter_network
192.168.120.0/24 192.168.120.1 192.168.120.1
8 ;;; pabx_network
192.168.200.0/24 192.168.200.1 192.168.200.1
9 ;;; customer_network
192.168.208.0/21 192.168.208.1 8.8.8.8
8.8.8.8

[myron@Fairways Boracay] /ip dns> print
servers: 208.67.220.123,208.67.222.123
dynamic-servers:
allow-remote-requests: yes
max-udp-packet-size: 512
query-server-timeout: 2s
query-total-timeout: 10s
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 297KiB

I'd use a different approach, I'd "catch" all outgoing DNS connections and redirect them accordingly depending on source network; assuming google dns is 8.8.8.8 and opendns is 208.67.222.222:
That way it doesn't matter which DNS is configured on hosts either by DHCP or statically, they'll be redirected to proper DNS.

Code: Select all

[myron@Fairways Boracay] /ip dns> print
servers: 208.67.220.123,208.67.222.123

Check you don't have a ip > firewall > nat redirect "catch all" rule to your DNS cache, as it seems you set it up for OpenDNS, that's why is blocking you; modify it so that it only redirects traffic from hosts not in .1.0 or .2.0, and change ip > dns so that it uses 8.8.8.8 as DNS resolver.

I'd use a different approach, I'd "catch" all outgoing DNS connections and redirect them accordingly depending on source network; assuming google dns is 8.8.8.8 and opendns is 208.67.222.222:

Code: Select all

add action=dst-nat chain=dstnat comment="DNS redirect .1.x to GoogleDNS" src-address=192.168.1.0/24 dst-port=53 in-interface=your_LAN protocol=udp to-addresses=8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat comment="DNS redirect .2.x to OpenDNS" src-address=192.168.2.0/24 dst-port=53 in-interface=your_LAN protocol=udp to-addresses=208.67.222.222 to-ports=53

That way it doesn't matter which DNS is configured on hosts either by DHCP or statically, they'll be redirected to proper DNS.

Code: Select all

[myron@Fairways Boracay] /ip dns> print
servers: 208.67.220.123,208.67.222.123

Check you don't have a ip > firewall > nat redirect "catch all" rule to your DNS cache, as it seems you set it up for OpenDNS, that's why is blocking you; modify it so that it only redirect traffic from other hosts not in .1.0 or .2.0, and change ip > dns so that it uses 8.8.8.8 as DNS resolver.

hello sir

thanks for your kind support im gonna config my rb tomorrow let you know the result

toilet

Hi sir

i tested today seems work but my active directory server is affected all clients turns black but if i disable back to normal the GPO working


add action=dst-nat chain=dstnat dst-address=122.54.243.123 dst-port=514 \
protocol=udp to-addresses=192.168.99.248 to-ports=514
add action=dst-nat chain=dstnat comment="dns dst-nat" disabled=yes dst-port=\
53 in-interface=s.management_vlan protocol=udp src-address=\
192.168.99.0/24 to-addresses=208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
s.management_vlan protocol=tcp src-address=192.168.99.0/24 to-addresses=\
208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
servers_vlan protocol=udp src-address=192.168.100.0/24 to-addresses=\
208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
servers_vlan protocol=tcp src-address=192.168.100.0/24 to-addresses=\
208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
offices_vlan protocol=udp src-address=192.168.101.0/24 to-addresses=\
208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
offices_vlan protocol=tcp src-address=192.168.101.0/24 to-addresses=\
208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
managers_vlan protocol=udp src-address=192.168.108.0/24 to-addresses=\
8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
managers_vlan protocol=tcp src-address=192.168.108.0/24 to-addresses=\
8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
customer_vlan protocol=udp src-address=192.168.210.0/24 to-addresses=\
8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
customer_vlan protocol=tcp src-address=192.168.210.0/24 to-addresses=\
8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
cctv_vlan protocol=udp src-address=192.168.50.0/24 to-addresses=\
208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
cctv_vlan protocol=tcp src-address=192.168.50.0/24 to-addresses=\
208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
doorlocksystem_vlan protocol=udp src-address=192.168.51.0/24 \
to-addresses=208.67.220.123 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 in-interface=\
doorlocksystem_vlan protocol=tcp src-address=192.168.51.0/24 \
to-addresses=208.67.220.123 to-ports=53