Below is my firewall setup for my home network.

Problem - Internet Connection works <?> except no DNS

Please help me solve this.

Any other comments or questions on my rule setup welcome.

Home Network Setup:
ADSL Modem - Bridged
Mikrotik RB 750GL : - IP 192.168.88.1
Port 1 - ADSL Modem
Port 2 - RB250GS - IP 192.168.88.2
Port 3 -
Port 4 -
Port5 -
Mikrotik RB 250 GS:
Port 1 - RB 750GL
Port 2 - Wireless Access Point - IP 192.168.88.3
Port 3 -
Port 4 -
Port5 -
Netgear 8 Port Switch 100mbit/s
Port 1 -
Port 2 -
Port 3 -
Port 4 -
Port 5 -
Port 6 -
Port 7 -
Port 8 -

Reset RB 750GL - System - Reset Configuration
Delete all Firewall Rules
Then install the following:
Remember to add correct username and passwords
/interface pppoe-client
add name=pppoe-isp1 user="username" password="password"interface=ether1-gateway add-default-route=yes use-peer-dns=yes max-mru=1492 max-mtu=1492 service-name="" disabled=no

/interface pppoe-client
add name=pppoe-isp2 user="username" password="password" interface=ether1-gateway add-default-route=yes use-peer-dns=yes max-mru=1492 max-mtu=1492 service-name="" disabled=no


/ip firewall filter
add action=jump chain=input comment="Internet in from ISP 1 to router" disabled=no in-interface=pppoe-isp1 jump-target=input_from_internet
add action=jump chain=input comment="Internet in from ISP 2 to router" disabled=no in-interface=pppoe-isp2 jump-target=input_from_internet
add action=accept chain=input_from_internet comment="Allow established connections from Internet to Router" connection-state=established disabled=no
add action=accept chain=input_from_internet comment="Allow related connections from Internet to router" connection-state=related disabled=no
add action=accept chain=input_from_internet comment="Allow PING packets from Internet to router" disabled=yes protocol=icmp
add action=accept chain=input_from_internet comment="Allow PPTP VPN connections from Internet to router" disabled=no dst-port=1723 protocol=tcp
add action=drop chain=input_from_internet comment="Drop other connections from Internet to router" disabled=no


Port Forwarding:

/ip firewall filter
add chain=forward in-interface=pppoe-isp1 action=accept protocol=tcp dst-port=3389 disabled=no comment="Allow Windows remote desktop from ISP1 to PC"
/ip firewall nat
add action=dst-nat chain=dstnat comment="Port forward Windows remote desktop from ISP1 to 192.168.88.100" disabled=no dst-port=3389 in-interface=pppoe-isp1 protocol=tcp to-addresses=192.168.88.100




Source Natting:
/ip firewall nat
add chain=srcnat out-interface=pppoe-isp1 action=masquerade
add chain=srcnat out-interface=pppoe-isp2 action=masquerade
add chain=srcnat out-interface=ether1-gateway action=masquerade

Export settings to file with : /export file=mybackup

If you want to use two connections to different ISPs at the same time, most likely you will want to use external DNS servers, like google's ones:

The second account, is a backup option, and is only activated if the primary, gets capped. So only one is active at a time and get manually switched.

But if using external DNS will fix the problem, it would probably be a more reliable solution.

Can ping outside addresses without problem using IP address, but domain names do not resolve.

All rules that point to pppoe-isp2 show red in Winbox, when pppoe-isp2 is disabled. Which I regard as being correct.

RouterOs version is 5.14, if it matters.

/ip dns print shows that it has DNS values, it just ain't working.


Sent from my iPhone using Tapatalk.

Is my masquradeing done right?

About all I can think of ...


Sent from my iPhone using Tapatalk.

Is my masquradeing done right?

Yes. How did you test dns? From the router or from the local network? Can you ping dns servers from a computer in the local network? If yes, try from a computer:
And from the router:

If you want to use two connections to different ISPs at the same time, most likely you will want to use external DNS servers, like google's ones:

Code: Select all

/ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

Just got home, and did, the above, and added, my ISP's DNS servers for good measure, and I seem to be sorted.

Many thanks

When adding DNS servers in Winbox , they seem to not be saved or become persistent - the code above though, seems to have done the trick.

Can ping DNS servers, from the router and my desktop on the network.

Thanks for confirming that my nat/masquerade is fine.

Very Very Very Weird ... , bizarre, if I may -

Applied your code as above, with local ISp's DNS servers added for good measure.

Then did "/system reset configuration, ticked "Keep User Configuration" and "No Default Configuration" , clicked Reset Configuration.

Did a Hard Reset of the router, logged in, and restored the "auto before reset backup" and DNS is working as expected.

IP DNS (Winbox) now shows local ISP's DNS IP's as they should be and DNS is working ...

Not that I am complaining, mind you - I just don't understand ...

I think did the trick.

Have added note to my "recipe" thanks


Sent from my iPhone using Tapatalk.

Would it be a conflict with the config on the two ppoe setup to use the remote dns that would override it?
If you disable temporarily the unused ppoe does it work?


I have also noticed that when you have the ppoe dns enabled, you can't add with winbox additional static DNS. Only the dynamic ones created by ppoe are retained.
I'll try to add it via CLI to see if I have the same behavior.

By static dns: give the routerboard a name and fill in the ip-adres from your routerboard.
Sorry for my bad englisch

Would it be a conflict with the config on the two ppoe setup to use the remote dns that would override it?
If you disable temporarily the unused ppoe does it work?


I have also noticed that when you have the ppoe dns enabled, you can't add with winbox additional static DNS. Only the dynamic ones created by ppoe are retained.
I'll try to add it via CLI to see if I have the same behavior.

Thanks, had not considered the above ... , added to my recipe, comments ...