Good morning guys.
I'm new on forum.

Here, we use Opendns to block some webpages, f.i. social networking, 18+, etc.
My company bought a Rb 951g-2hnd and I need configure the dns from domain controller and forward to Opendns.

My question is: The manager needs open any website, then I need forward only one host to another dns.
Is possible?

I was reading about this and I see that is possible capture dns packets and forward, but is possible do this only to one host?

Make sure the client pc have static IP and add this to the rule under source address

Make sure the client pc have static IP and add this to the rule under source address

The PC have static IP 192.168.88.10, and I want that it uses the DNS 8.8.8.8

Then I need to do this?:
/ip firewall nat
add chain=dstnat action=dst-nat src-addresses=192.168.88.10 to-addresses=8.8.8.8 to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat src-addresses=192.168.88.10 to-addresses=8.8.8.8 to-ports=53 protocol=udp dst-port=53

Make sure you mount a big red lamp above the manager's office door which will be blinking whenever he
access sites that are blocked for everyone else!

LOL

Just remember:
Someone can configure DNS manual on its machine.

So, you can do this:

Just remember:
Someone can configure DNS manual on its machine.

So, you can do this:

Code: Select all

/ip firewall nat add chain=dstnat src-address=!192.168.88.10 protocol=udp dst-port=53 action=redirect to-ports=53

I need to do this to tcp too?

This code catch all dns packets e redirect to dns that is configured in DHCP on Mikrotik?

I need to do this to tcp too?

No, only in UDP (Recursive).

This code catch all dns packets e redirect to dns that is configured in DHCP on Mikrotik?

Yes, it will catch every DNS request and redirect to RB.

I need to do this to tcp too?

No, only in UDP (Recursive).

This code catch all dns packets e redirect to dns that is configured in DHCP on Mikrotik?

Yes, it will catch every DNS request and redirect to RB.

OK. Thank you very much.