Page 1 of 1
Forward one host to different DNS address
Posted: Mon Oct 23, 2017 4:15 pm
by matrix554
Good morning guys.
I'm new on forum.
Here, we use Opendns to block some webpages, f.i. social networking, 18+, etc.
My company bought a Rb 951g-2hnd and I need configure the dns from domain controller and forward to Opendns.
My question is: The manager needs open any website, then I need forward only one host to another dns.
Is possible?
I was reading about this and I see that is possible capture dns packets and forward, but is possible do this only to one host?
Re: Forward one host to different DNS address
Posted: Mon Oct 23, 2017 9:51 pm
by CZFan
Make sure the client pc have static IP and add this to the rule under source address
Re: Forward one host to different DNS address
Posted: Mon Oct 23, 2017 10:33 pm
by pe1chl
Here, we use Opendns to block some webpages, f.i. social networking, 18+, etc.
My company bought a Rb 951g-2hnd and I need configure the dns from domain controller and forward to Opendns.
My question is: The manager needs open any website, then I need forward only one host to another dns.
Make sure you mount a big red lamp above the manager's office door which will be blinking whenever he
access sites that are blocked for everyone else!
Re: Forward one host to different DNS address
Posted: Mon Oct 23, 2017 10:42 pm
by matrix554
Make sure the client pc have static IP and add this to the rule under source address
The PC have static IP 192.168.88.10, and I want that it uses the DNS 8.8.8.8
Then I need to do this?:
/ip firewall nat
add chain=dstnat action=dst-nat src-addresses=192.168.88.10 to-addresses=8.8.8.8 to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat src-addresses=192.168.88.10 to-addresses=8.8.8.8 to-ports=53 protocol=udp dst-port=53
Make sure you mount a big red lamp above the manager's office door which will be blinking whenever he
access sites that are blocked for everyone else!
LOL
Re: Forward one host to different DNS address
Posted: Mon Oct 23, 2017 11:01 pm
by lbachero
Just remember:
Someone can configure DNS manual on its machine.
So, you can do this:
/ip firewall nat add chain=dstnat src-address=!192.168.88.10 protocol=udp dst-port=53 action=redirect to-ports=53
Re: Forward one host to different DNS address
Posted: Tue Oct 24, 2017 6:59 pm
by matrix554
Just remember:
Someone can configure DNS manual on its machine.
So, you can do this:
/ip firewall nat add chain=dstnat src-address=!192.168.88.10 protocol=udp dst-port=53 action=redirect to-ports=53
I need to do this to tcp too?
This code catch all dns packets e redirect to dns that is configured in DHCP on Mikrotik?
Re: Forward one host to different DNS address
Posted: Tue Oct 24, 2017 9:08 pm
by lbachero
I need to do this to tcp too?
No, only in UDP (Recursive).
This code catch all dns packets e redirect to dns that is configured in DHCP on Mikrotik?
Yes, it will catch every DNS request and redirect to RB.
Re: Forward one host to different DNS address
Posted: Tue Oct 24, 2017 9:19 pm
by matrix554
I need to do this to tcp too?
No, only in UDP (Recursive).
This code catch all dns packets e redirect to dns that is configured in DHCP on Mikrotik?
Yes, it will catch every DNS request and redirect to RB.
OK. Thank you very much.