I am trying to change DSCP value on packets comming from my LAN to Mikrotik (ROS v6.49.1). I have these two examples in mangle:
add action=change-dscp chain=input comment=\
"qos - change DSCP on ICMP traffic for FIREWALL" in-interface-list=LAN \
new-dscp=56 passthrough=no protocol=icmp
add action=change-dscp chain=input comment=\
"qos - change DSCP on DNS traffic for FIREWALL" dst-port=53 \
in-interface-list=LAN new-dscp=56 passthrough=no protocol=udp
The first one (for ICMP) works, the second (for DNS) does not I can see packet counting on both rules (so the prove that conditions are meet), but when I monitor packets via Torch, I can see the changed DSCP value for ICMP packets comming from LAN to router BUT not for DNS packets (no DSCP value there at all) I did try to disable all other mangle rules but does not help. For me it seems that the DSCP value is deleted somewhere else after...maybe in the internal DNS of Mikrotik?
Thanks for any comment or help!