MikroTik

Hello everyone, I have the following scenario:
VPN between headquarters and branch via SSTP.
Company A has an Active Directory installed and Company B's machines are in Company A's domain
I use OpenDns IP to block websites.
When I force through the IP-Firewall-NAT function
Chain: dstnat
Protocol: udp
DST Port: 53
In Interface: !WAN1
Action: Redirect
The domain stops working. How to proceed in this case? Can someone help me?

Company B

Hi

You need to add information about your domain in /ip/dns/static

try with this, replacing example.com with your domain name and forward-to with your AD DNS.

Remember to keep \\ and $ as they are special characters in regex
hope that helps

hello Thompson,

Action: Redirect
The domain stops working. How to proceed in this case? Can someone help me?

since we don't have any idea which/what version of your ms ad platform - i only could give you general explanation.

ms active directory works on top of its own dns server service (it has to be). so you can't use any other dns server other than ms-ad dns server, otherwise ms ad will not work.

all you can do is to make that ms-ad dns server service to forward any other dns query to opendns server (add a dns forwarder).

hope this helps.

Hi

You need to add information about your domain in /ip/dns/static

try with this, replacing example.com with your domain name and forward-to with your AD DNS.

Remember to keep \\ and $ as they are special characters in regex

Code: Select all

/ip dns static
add forward-to=1.2.3.4 regexp="example\\.com\$" type=FWD

hope that helps

Hello, thank you very much for the feedback. Do I do this procedure at the correct branch? In the matrix I need to do something about the DNS? In the Windows domain do I need any specific configuration?

Hi

You need to add information about your domain in /ip/dns/static

try with this, replacing example.com with your domain name and forward-to with your AD DNS.

Remember to keep \\ and $ as they are special characters in regex

Code: Select all

/ip dns static
add forward-to=1.2.3.4 regexp="example\\.com\$" type=FWD

hope that helps

Hello, thank you very much for the feedback. Do I do this procedure at the correct branch? In the matrix I need to do something about the DNS? In the Windows domain do I need any specific configuration?

This config belongs to the one with the redirect, company b I think. When you redirect it's the ros dns server who "serves" dns requests. You have configured opendns, which doesn't know anything about your internal domain, or how to reach it as it's private.

That rule simply tells the routeros dns that, for every request to example.com domain, query this server instead

If you have the same redirect in company A, you should exclude at least the windows domain dns server from that rule to avoid a query loop

regards

Resolvido! Obrigado