How to redirect dns requests on Mikrotik routers
We can redirect dns requests on Mikrotik to the IP address on the LAN interface of the Mikrotik router, assuming we want the Mikrotik router to serve as the dns server for all connected LAN users, or to the IP address of a locally hosted dns server. There are many reasons for doing this; top most on the list is security.
One of the ways to keep an eye on all visited sites is to redirect dns requests on Mikrotik to the IP of the router itself. With this, we will not only ensure that untrusted public dns servers are not used, we will be able to keep an eye on visited sites through name resolution in the dns cache.
In organisations with domain controllers, we can redirect dns requests on Mikrotik to force all users to make use of the company’s dns server. This will ensure that users who are not in the domain do not have access to the internet even when they are assigned public dns addresses.
You may also like: understanding Mikrotik command line interface
Redirect dns requests on Mikrotik
It is quite easy to redirect dns requests on Mikrotik, using destination NAT. First, we need to know the protocol and port number for dns, and the IP address of the local dns server. If the Mikrotik router is to used as the preferred dns server, then the IP address on the LAN interface of the Mikrotik router will be used. Below are the parameters needed to accomplish this task.
[rad-hl]Protocol: tcp and udp
Port number: 53
Preferred dns server: 192.168.88.1
The configuration commands required to redirect dns requests on Mikrotik to the IP addrees on the LAN interface of the router are given below. The command is same for redirecting to local dns server hosted on any device on the LAN.
/ip firewall nat add
chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 to-address=192.168.881 comment=Make Mikrotik preferred dns server
Finally, assign the router a dns address and check the box to allow remote requests. See steps below.
/ip dns set servers=188.8.131.52 allow-remote-requests=yes
We can see resolved doamin names in the dns cache by clicking on cache in IP dns settings.
If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscribe to my YouTube channel, like my Facebook page and follow me on Twitter.