Well the traffic to the upstream, yes, but the DNS servers are in a different port of the BMU.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Jun 19, 2015 at 11:08 AM, Sam Tetherow <[email protected]> wrote: > So not all traffic goes out through the mikrotik core? Must have read the > diagram wrong. > > > On 06/19/2015 09:49 AM, Josh Luthman wrote: > >> That won't work in my situation. >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> On Jun 19, 2015 10:48 AM, "Sam Tetherow" <[email protected]> wrote: >> >> I wouldn't blanket rewrite everyone's DNS traffic, there are legitimate >>> reasons to use external DNS servers. >>> >>> Yes you can rewrite the DNS traffic with a simple NAT rule >>> >>> /ip firewall nat add chain=dst-nat to-addresses=<new-dns-server> >>> dst-ports=53 protocol=udp dst-address=<old-dns-server> >>> /ip firewall nat add chain=dst-nat to-addresses=<new-dns-server> >>> dst-ports=53 protocol=tcp dst-address=<old-dns-server> >>> /ip firewall nat add chain=src-nat to-addresses=<old-dns-server> >>> src-ports=53 protocol=udp src-address=<new-dns-server> >>> /ip firewall nat add chain=src-nat to-addresses=<old-dns-server> >>> src-ports=53 protocol=tcp src-address=<new-dns-server> >>> >>> I think I still have customers with routers that use my old AT&T DNS IPs >>> from 9 years ago. >>> >>> On 06/19/2015 09:13 AM, Micah Miller wrote: >>> >>> Why use the ip's from the old DNS servers at all? Couldn't you simply >>>> redirect all DNS traffic from your customers to your new DNS? >>>> >>>> Somthing like this possibly: >>>> /ip firewall nat chain=dst-nat to-addresses=<new-dns-server> >>>> to-ports=53 protocol=udp src-address=<customer-subnet> dst-port=53 >>>> >>>> On Fri, Jun 19, 2015 at 8:55 AM, Josh Luthman >>>> <[email protected]> wrote: >>>> >>>> Here's my network from a high level: >>>>> >>>>> Customers -> Powercode BMU (router) -> Mikrotik Core -> Upstreams >>>>> Powercode BMU (router) <- DNS servers >>>>> >>>>> Is it possible to redirect the traffic in this case? I'm kind of >>>>> thinking >>>>> on paper here, but what if I took the IPs of the old DNS servers, put >>>>> them >>>>> on the MT core and then did a dstnat to the new IPs? >>>>> >>>>> The reasoning behind this is the public IPs of the old servers are TWC >>>>> addresses and I am moving to my own ARIN (portable) IPs. >>>>> >>>>> Josh Luthman >>>>> Office: 937-552-2340 >>>>> Direct: 937-552-2343 >>>>> 1100 Wayne St >>>>> Suite 1337 >>>>> Troy, OH 45373 >>>>> -------------- next part -------------- >>>>> An HTML attachment was scrubbed... >>>>> URL: < >>>>> >>>>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/34446796/attachment.html >>>>> _______________________________________________ >>>>> Mikrotik mailing list >>>>> [email protected] >>>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>> RouterOS >>>>> >>>>> >>>> >>>> _______________________________________________ >>> Mikrotik mailing list >>> [email protected] >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> >>> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: < >> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/0c03b632/attachment.html >> > >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/16c00c58/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
