I'd rather avoid using IPs that don't belong to me if at all possible, but I can do that if it comes to that =)
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Jun 19, 2015 at 2:25 PM, Scott Lambert <[email protected]> wrote: > Leave both old and new IPs on the name servers. Add /32 routes for the old > IPs. Next project. No NAT required. > > On June 19, 2015 10:15:41 AM CDT, Josh Luthman < > [email protected]> wrote: > >> Well the traffic to the upstream, yes, but the DNS servers are in a >> different port of the BMU. >> >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> On Fri, Jun 19, 2015 at 11:08 AM, Sam Tetherow <[email protected]> wrote: >> >> So not all traffic goes out through the mikrotik core? Must have read the >>> diagram wrong. >>> >>> >>> On 06/19/2015 09:49 AM, Josh Luthman wrote: >>> >>> That won't work in my situation. >>>> >>>> Josh Luthman >>>> Office: 937-552-2340 >>>> Direct: 937-552-2343 >>>> 1100 Wayne St >>>> Suite 1337 >>>> Troy, OH 45373 >>>> On Jun 19, 2015 10:48 AM, "Sam Tetherow" >>>> <[email protected]> wrote: >>>> >>>> I wouldn't blanket rewrite everyone's DNS traffic, there are legitimate >>>> >>>>> reasons to use external DNS servers. >>>>> >>>>> Yes you can rewrite the DNS traffic with a simple NAT rule >>>>> >>>>> /ip firewall nat add chain=dst-nat to-addresses=<new-dns-server> >>>>> dst-ports=53 protocol=udp dst-address=<old-dns-server> >>>>> /ip firewall nat add chain=dst-nat to-addresses=<new-dns-server> >>>>> dst-ports=53 protocol=tcp dst-address=<old-dns-server> >>>>> /ip firewall nat add chain=src-nat to-addresses=<old-dns-server> >>>>> src-ports=53 protocol=udp src-address=<new-dns-server> >>>>> /ip firewall nat add chain=src-nat to-addresses=<old-dns-server> >>>>> src-ports=53 protocol=tcp src-address=<new-dns-server> >>>>> >>>>> I think I still have customers with routers that >>>>> use my old AT&T DNS IPs >>>>> from 9 years ago. >>>>> >>>>> On 06/19/2015 09:13 AM, Micah Miller wrote: >>>>> >>>>> Why use the ip's from the old DNS servers at all? Couldn't you simply >>>>> >>>>>> redirect all DNS traffic from your customers to your new DNS? >>>>>> >>>>>> Somthing like this possibly: >>>>>> /ip firewall nat chain=dst-nat to-addresses=<new-dns-server> >>>>>> to-ports=53 protocol=udp src-address=<customer-subnet> dst-port=53 >>>>>> >>>>>> On Fri, Jun 19, 2015 at 8:55 AM, Josh Luthman >>>>>> <[email protected]> wrote: >>>>>> >>>>>> Here's my network from a high level: >>>>>> >>>>>>> >>>>>>> Customers -> Powercode BMU (router) -> Mikrotik Core -> Upstreams >>>>>>> Powercode BMU (router) <- DNS >>>>>>> servers >>>>>>> >>>>>>> Is it possible to redirect the traffic in this case? I'm kind of >>>>>>> thinking >>>>>>> on paper here, but what if I took the IPs of the old DNS servers, put >>>>>>> them >>>>>>> on the MT core and then did a dstnat to the new IPs? >>>>>>> >>>>>>> The reasoning behind this is the public IPs of the old servers are TWC >>>>>>> addresses and I am moving to my own ARIN (portable) IPs. >>>>>>> >>>>>>> Josh Luthman >>>>>>> Office: 937-552-2340 >>>>>>> Direct: 937-552-2343 >>>>>>> 1100 Wayne St >>>>>>> Suite 1337 >>>>>>> Troy, OH 45373 >>>>>>> -------------- next part -------------- >>>>>>> An HTML attachment was scrubbed... >>>>>>> URL: < >>>>>>> >>>>>>> >>>>>>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/34446796/attachment.html >>>>>>> ------------------------------ >>>>>>> >>>>>>> Mikrotik mailing list >>>>>>> [email protected] >>>>>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>>>>> >>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>> RouterOS >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> Mikrotik mailing list >>>>> [email protected] >>>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>> RouterOS >>>>> >>>>> -------------- next part -------------- >>>>> >>>> An HTML attachment was scrubbed... >>>> URL: < >>>> >>>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/0c03b632/attachment.html >>>> >>>>> >>>>> ------------------------------ >>>> >>>> Mikrotik mailing list >>>> [email protected] >>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>> >>> >>> >>> ------------------------------ >>> >>> Mikrotik mailing list >>> [email protected] >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >> >> >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/16c00c58/attachment.html> >> ------------------------------ >> >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150619/70b43625/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
