Leave both old and new IPs on the name servers. Add /32 routes for the old IPs. Next project. No NAT required.
On June 19, 2015 10:15:41 AM CDT, Josh Luthman <[email protected]> wrote: >Well the traffic to the upstream, yes, but the DNS servers are in a >different port of the BMU. > > >Josh Luthman >Office: 937-552-2340 >Direct: 937-552-2343 >1100 Wayne St >Suite 1337 >Troy, OH 45373 > >On Fri, Jun 19, 2015 at 11:08 AM, Sam Tetherow <[email protected]> >wrote: > >> So not all traffic goes out through the mikrotik core? Must have >read the >> diagram wrong. >> >> >> On 06/19/2015 09:49 AM, Josh Luthman wrote: >> >>> That won't work in my situation. >>> >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> On Jun 19, 2015 10:48 AM, "Sam Tetherow" <[email protected]> >wrote: >>> >>> I wouldn't blanket rewrite everyone's DNS traffic, there are >legitimate >>>> reasons to use external DNS servers. >>>> >>>> Yes you can rewrite the DNS traffic with a simple NAT rule >>>> >>>> /ip firewall nat add chain=dst-nat to-addresses=<new-dns-server> >>>> dst-ports=53 protocol=udp dst-address=<old-dns-server> >>>> /ip firewall nat add chain=dst-nat to-addresses=<new-dns-server> >>>> dst-ports=53 protocol=tcp dst-address=<old-dns-server> >>>> /ip firewall nat add chain=src-nat to-addresses=<old-dns-server> >>>> src-ports=53 protocol=udp src-address=<new-dns-server> >>>> /ip firewall nat add chain=src-nat to-addresses=<old-dns-server> >>>> src-ports=53 protocol=tcp src-address=<new-dns-server> >>>> >>>> I think I still have customers with routers that use my old AT&T >DNS IPs >>>> from 9 years ago. >>>> >>>> On 06/19/2015 09:13 AM, Micah Miller wrote: >>>> >>>> Why use the ip's from the old DNS servers at all? Couldn't you >simply >>>>> redirect all DNS traffic from your customers to your new DNS? >>>>> >>>>> Somthing like this possibly: >>>>> /ip firewall nat chain=dst-nat to-addresses=<new-dns-server> >>>>> to-ports=53 protocol=udp src-address=<customer-subnet> dst-port=53 >>>>> >>>>> On Fri, Jun 19, 2015 at 8:55 AM, Josh Luthman >>>>> <[email protected]> wrote: >>>>> >>>>> Here's my network from a high level: >>>>>> >>>>>> Customers -> Powercode BMU (router) -> Mikrotik Core -> Upstreams >>>>>> Powercode BMU (router) <- DNS servers >>>>>> >>>>>> Is it possible to redirect the traffic in this case? I'm kind of >>>>>> thinking >>>>>> on paper here, but what if I took the IPs of the old DNS servers, >put >>>>>> them >>>>>> on the MT core and then did a dstnat to the new IPs? >>>>>> >>>>>> The reasoning behind this is the public IPs of the old servers >are TWC >>>>>> addresses and I am moving to my own ARIN (portable) IPs. >>>>>> >>>>>> Josh Luthman >>>>>> Office: 937-552-2340 >>>>>> Direct: 937-552-2343 >>>>>> 1100 Wayne St >>>>>> Suite 1337 >>>>>> Troy, OH 45373 >>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL: < >>>>>> >>>>>> >http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/34446796/attachment.html >>>>>> _______________________________________________ >>>>>> Mikrotik mailing list >>>>>> [email protected] >>>>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>>>> >>>>>> Visit http://blog.butchevans.com/ for tutorials related to >Mikrotik >>>>>> RouterOS >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>> Mikrotik mailing list >>>> [email protected] >>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>>> >>>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: < >>> >http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/0c03b632/attachment.html >>> > >>> _______________________________________________ >>> Mikrotik mailing list >>> [email protected] >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> >> >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/16c00c58/attachment.html> >_______________________________________________ >Mikrotik mailing list >[email protected] >http://mail.butchevans.com/mailman/listinfo/mikrotik > >Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >RouterOS -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/e76ba217/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
