Thank you rmichael for responding. I must point out that I am new to the Mikrotik, RouterOS, etc. Is it possible to add the Tinydns to the RouterOS? If the answer is yes, how do I do that? Would the Tinydns install as a plug-in? For info, I am using an Apple Macbook Pro.Even better, tinydns will query multiple DNS servers and forward the quickes reply to the client. tinydns runs on linux, but I think Acrylic DNS does something similar on Windows.
I doubt one can write a script to do that as resolve, ping, traceroute lack features in scripts to make anything useful. Also, DNS resolution is not a high priority it seems ("mikrotik is a router not a DNS server" argument).Another option is to write a script that will run every few minutes that will try and resolve stuff and depending on the results, modify the NAT rule that handles the redirect. I'm not sure you'll get any real useful information to be able to use it in a script however.
/ip firewall nat
add action=dst-nat chain=dstnat comment=ToDNS8.8.4.4 disabled=no dst-port=53 in-interface=LAN nth=3,1 protocol=udp \
to-addresses=8.8.4.4
add action=dst-nat chain=dstnat comment=ToDNS8.8.8.8 disabled=no dst-port=53 in-interface=LAN nth=3,2 protocol=udp \
to-addresses=8.8.8.8
add action=dst-nat chain=dstnat comment=ToDNS208.67.222.222 disabled=no dst-port=53 in-interface=LAN nth=3,3 protocol=udp \
to-addresses=8.8.4.4
/tool netwatch
add comment="" disabled=no down-script="/ip firewall nat set disabled=yes [/ip firewall nat find comment=ToDNS8.8.4.4]" host=\
8.8.4.4 interval=15s timeout=150ms up-script=\
"/ip firewall nat set disabled=no [/ip firewall nat find comment=ToDNS8.8.4.4];"
add comment="" disabled=no down-script="/ip firewall nat set disabled=yes [/ip firewall nat find comment=ToDNS8.8.8.8];" host=\
8.8.8.8 interval=1m timeout=150ms up-script=\
"/ip firewall nat set disabled=no [/ip firewall nat find comment=ToDNS8.8.8.8];"
add comment="" disabled=no down-script="/ip firewall nat set disabled=yes [/ip firewall nat find comment=ToDNS208.67.222.222];" \
host=208.67.222.222 interval=1m timeout=150ms up-script=\
"/ip firewall nat set disabled=no [/ip firewall nat find comment=ToDNS208.67.222.222];"
Thanks again rmichael for responding. Well after looking at the firewall nat, It seems a little intimidating especially with the word disable. Seeing that V5 is now in beta testing mode, it won't be too long before it's released. Meanwhile, I will continue to learn the system and visit the forum. Hopefully, in 3mths V5 might release.I doubt one can write a script to do that as resolve, ping, traceroute lack features in scripts to make anything useful. Also, DNS resolution is not a high priority it seems ("mikrotik is a router not a DNS server" argument).Another option is to write a script that will run every few minutes that will try and resolve stuff and depending on the results, modify the NAT rule that handles the redirect. I'm not sure you'll get any real useful information to be able to use it in a script however.
What one could do at this point is to setup a netwatch script (where >150ms delay = failure) for IP addresses of DNS servers and enable or disable redirect to them depending on status. For example:
Of course this is not very precise because ping test does not test DNS resolution itself. A better resolve command was promised in v5 so will have to wait see.Code: Select all/ip firewall nat add action=dst-nat chain=dstnat comment=ToDNS8.8.4.4 disabled=no dst-port=53 in-interface=LAN nth=3,1 protocol=udp \ to-addresses=8.8.4.4 add action=dst-nat chain=dstnat comment=ToDNS8.8.8.8 disabled=no dst-port=53 in-interface=LAN nth=3,2 protocol=udp \ to-addresses=8.8.8.8 add action=dst-nat chain=dstnat comment=ToDNS208.67.222.222 disabled=no dst-port=53 in-interface=LAN nth=3,3 protocol=udp \ to-addresses=8.8.4.4 /tool netwatch add comment="" disabled=no down-script="/ip firewall nat set disabled=yes [/ip firewall nat find comment=ToDNS8.8.4.4]" host=\ 8.8.4.4 interval=15s timeout=150ms up-script=\ "/ip firewall nat set disabled=no [/ip firewall nat find comment=ToDNS8.8.4.4];" add comment="" disabled=no down-script="/ip firewall nat set disabled=yes [/ip firewall nat find comment=ToDNS8.8.8.8];" host=\ 8.8.8.8 interval=1m timeout=150ms up-script=\ "/ip firewall nat set disabled=no [/ip firewall nat find comment=ToDNS8.8.8.8];" add comment="" disabled=no down-script="/ip firewall nat set disabled=yes [/ip firewall nat find comment=ToDNS208.67.222.222];" \ host=208.67.222.222 interval=1m timeout=150ms up-script=\ "/ip firewall nat set disabled=no [/ip firewall nat find comment=ToDNS208.67.222.222];"