Hi everyone,

If I may, here is what I ‘m stuck with…I have a RB493G behind my VDSL modem, the first one takes care handling local addresses (modem’s DHCP is disabled).
I have 2 WiFi interfaces, 1 Lan and one VDSL port. All are in bridge mode.
I am connecting over wifi a Chromecast Ultra to the MT, as I am looking to cast HBO (while being outside the U.S.).
I have a VPN service on my phone and HBO plays fine. The problem starts when I try to cast HBO on the TV! A blue screen pops up saying that something went wrong and casting is not available and to try later.
Needless to say, no efforts have panned out.
My understanding is that Chromecast goes and checks on port 53 (TCP and UDP) with Google’s DNS servers 8.8.8.8 / 8.8.4.4 / 208.67.222.222 and 209.244.0.3. This is something I need to stop Chromecast from doing as it will figure out I am outside the U.S.

I created the following rules:
/ip firewall filter
add action=drop chain=forward dst-address-list="GOOGLE DNS" dst-port=53 in-interface=bridge1 protocol=tcp
add action=drop chain=forward dst-address-list="GOOGLE DNS" dst-port=53 in-interface=bridge1 log=yes protocol=udp

"GOOGLE DNS" address list includes all the above 4 addresses.

I then created the following rule in NAT

/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 log=yes protocol=tcp to-addresses=185.37.39.39 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 log=yes protocol=udp to-addresses=185.37.39.39 to-ports=53

Where 185.37.39.39 is a U.S. DNS server I found online from a (free?) service called unlocator.com

In addition, on IP - DNS I have included 2 U.S. DNS servers 1) 185.37.39.39 and 2) 185.39.39.39 as well as in IP - DHCP SERVER - NETWORKS - DNS SERVERS.

Something is not working as it should as like I mentioned it plays fine on my phone but does not cast on the tv.

I may be wrong but could it be that because my DNS servers on the phone through the VPN service, are different from what I am entering on RB493G, creates a conflict? Basically so far I have tricked the service coming on the phone thinking that I am within the required geolocation but for some reason I cannot do the same with the MT.

P.S. Chromecast uses mDNS, but am unsure as to what that means regarding discovery neighbor devices or possible conflicts (with perhaps MT)


Any ideas please? Thank you in advance!

John

I would assume that if DNS is the issue, it is because the DNS answer depends on from which IP you ask, so it gives you server IPs which, if being accessed via the VPN, may not respond.

So one possibility is that the Chromecast gets the IP address of the Mikrotik as DNS, and the Mikrotik uses the DNS provided by the ISP.
Another possibility is that the Chromecast ignores the DNS setting provided by the Mikrotik and uses Google DNS servers.

So the remedy should be to set Mikrotik's DNS servers statically to 8.8.8.8 and 8.8.4.4, and ignore the DNS server IP provided by the ISP (set at your or ), and add a route to 8.8.8.8/32 and another one to 8.8.4.4/32 through the VPN's remote IP as the first priority (distance=1) and the same ones through the ISP's gateway with lower priority (distance=2). So while the VPN would be down, the DNS queries would be sent directly, when the VPN would be up, the routes via it would become active and would be used due to their higher priority.

Dear Sindy,

I don’t think I should set statically in MT dns 8.8.8.8 and 8.8.4.4 as this is the whole thing I am trying to avoid, meaning to have MT use any other DNS servers than of Google’s. In addition, the MT is not PPPOE client, meaning that I do not have my modem set in bridge mode and the MT handling the internet connection. My Internet modem does its thing (handling the internet connection) and the MT works as a router, both being on the same LAN. The VPN that you mention is a service that I use on the phone only (not in MT) I have just set the MT in the way I explained in the previous message. Basically my phone and Chromecast (the latter through MT) use different DNS servers. I have read elsewhere about possible mangle rules, or static routes in IP – ROUTES etc. but am unsure what exactly to do. It shouldn’t be a problem though if 2 devices on the same network use different DNS servers, unless Chromecast is set in such a way that absolutely needs to use the same DNS servers as the phone! Do you feel the rules I posted earlier are correct or they need adjustment?

Best regards,

John

I don’t think I should set statically in MT dns 8.8.8.8 and 8.8.4.4 as this is the whole thing I am trying to avoid, meaning to have MT use any other DNS servers than of Google’s. In addition, the MT is not PPPOE client, meaning that I do not have my modem set in bridge mode and the MT handling the internet connection. My Internet modem does its thing (handling the internet connection) and the MT works as a router, both being on the same LAN. The VPN that you mention is a service that I use on the phone only (not in MT) I have just set the MT in the way I explained in the previous message. Basically my phone and Chromecast (the latter through MT) use different DNS servers. I have read elsewhere about possible mangle rules, or static routes in IP – ROUTES etc. but am unsure what exactly to do. It shouldn’t be a problem though if 2 devices on the same network use different DNS servers, unless Chromecast is set in such a way that absolutely needs to use the same DNS servers as the phone! Do you feel the rules I posted earlier are correct or they need adjustment?

Hi John,

as already your dst-nat rules redirect DNS queries from any device outside the Mikrotik which sends its DNS requests via or to the Mikrotik from the original destination to your chosen DNS service, the filter rules are redundant - you should never see those filter rules to match.

And as I've understood from what you've written that with these (dst-nat) rules in place you continue to have a problem, I've given my view of the reasons and solutions. To me, asking the Google DNS from the public IP of the VPN service is equivalent to asking them from any other U.S. address, of course unless the IPs of this VPN service are recognized by Google DNS as ones used to circumvent the limitation and treated as overseas ones.

Whether your Mikrotik is a PPPoE client or not is irrelevant for what DNS it will use. With PPPoE or DHCP client, you may tell the ROS that it should ignore the DNS addresses provided and set your own static ones.

But the key is what is the default gateway for the Chromecast, the modem or the Mikrotik? This is not clear as you say that the Mikrotik and the modem are on the same LAN to which the Chromecast is connected as well, which is an unusual arragement. If the Chromecast talks to the DNS via the modem, your rules in Mikrotik cannot affect that.