MikroTik Tutorial 63 - Prevent users from changing their DNS
ฝัง
- เผยแพร่เมื่อ 30 พ.ย. 2017
- Learn MikroTik RouterOs Tutorial Series (english)
In this tutorial you will learn how to Prevent users from changing their DNS by forcing them to a specific DNS server.
Mikrotik supported devices
RB951Ui-2nD,hAP
RB3011UIAS-RM
RB2011UiAS-2HnD-IN
RB750Gr2
hEX,RB750Gr3
RB2011iLS-IN
CRS109-8G-1S-2HnD-IN
hAP lite
hAP ac mAP
wAP
RB951Ui-2HnD
RB951G-2HnD
RB2011UiAS-2HnD-IN
RB941-2nD-TC
RB2011iL-RM
RB2011UiAS-IN
RB2011UiAS-RM
RB1100AHx4
CCR1009-7G-1C-PC
CCR1009-7G-1C-1S+PC
LDF 5
SXTsq Lite5
DISC Lite5
SXT Lite2
SXTsq 5 ac
LHG 2
Groove 52
LHG 5
LHG XL 2
LHG HP5
SXT 2
LHG
OmniTIK 5
BaseBox
wAP 60G,SEXTANT G
OmniTIK 5
mANTBox
QRT
DynaDish - วิทยาศาสตร์และเทคโนโลยี
Your tutorials are very useful and effective. Thank you very much !!
Thank you very much! Very straight to the point tutorials.
Really amazing series dude
Thank you for this tutorial, is really works to me.
Your tutorials are very useful
Awesome, thanks
its very useful. great tutorials.
Thanks
Thnx!
The tip is useful. I can force users to force my inner DNS server but what should be done provided the DNS server at the same subnet - it cannot resolve host :D
Very useful, thank you!
Do you know why it blocks ping from my PC?
Everything works OK but I can't ping when the rule is enabled...
Hi , how do I get this to work when running multiple Mikrotik Hotspots?
I have two seperate hotspots. 1 is for guest and 1 is for kids. I have set a different DNS for each subnet. But after users sign in on the login page, I see that all DNS queries are sent to the DNS set on the Mikrotik router and even with the above NAT rule specifying to go external DNS.
All DNS queries are still going to the Router DNS and not to the set DNS.
Any suggestions on how to fix this, as the issue only occurs when using Hotspot.
How do I get this to work running a local pihole DNS that blocks certain domains and forwards all other requests to google dns?
Great tutorial keep up the great work. May you please add tutorial for different wireless modes (station,station pseudobridge,pseudobridge clone, station wds,nstreme dual slave etc)
Adding to my list.
This rule does not seem to work anymore, any suggestions with the new routeros version
hi i want to Force users to use specified our DNS server on mikrotik can we use the rule
Hello, I install AdguardHome on RasPi, AdGuardHome DNS uses port 53 to listen. Unfortunately port 53 is also being used by Router Mikrotik's Hostspot service. How can I fix it? :(
Can I use this rule for multiple DNS ?
Thanks, how do you redirect to the local mikrotik dns server that forwards to opendns?
Instead of setting Action: dst-nat, use Action: redirect and set To Port: 53. This will redirect all UDP:53 request to local DNS.
is there an alternative way for zte router ?? . and thanke you for you amazing tutorials
how to you add alternate dns? separate addresses with what?
My net stops browsing the minute I apply this changes, can you guess what could be the problem?
Can you please do a tutorial on user manager 7.1.2 version. I cannot get user to connect to the internet. Thank You
this is so good, however can you tell us how to block users that use DoT or DoH?
How about multiple redirections to multiple DNS, I have 2 piholes in my network. TIA
hello sir
I want to ask if you not mind
about rule for extension video download on layer7 can you tell us ?? I use rb952.. many tutorial i try can't recognize in winbox.. the mangle packet still zero
Check the interfaces that you are using in your mangle rules.
Hi, i just want to know if mikrotik can also prevent user to share their internet to other wifi devices.
It all depends on how your network is configured. Based on my experience this might not be preventable.
great tutotrial, but kan i also force users to use my local dns cache server at my mikrotik router?
yes, just change the IP to your dns IP.
can you do one on layer 3 switching ., routing on a layer 3 switch --- ty
Noted
how about with 2 ISP Connection ?
Create a rule for each connection.
What should i do if i want to force everyone trough a pihole dns , expect the raspberry pi , so pihole can forward passed trafic trough another dns like: 9.9.9.9
Create an exception in the rule for that address.
TKSJa OK thanks...if the DNServer , in my case pihole is on the local lan can i do the setup like shown in the Video or should i use another nat action?
very helpful can you tell me the model of this device ?
Don't remember, all Mikrotik routers can do this
Please tell me why it is important to do this ?
Content filtering and security.
You haven`t show us what happent if someone change DNS in network settings.
Won't affect client side. The masquerade rule will redirect DNS traffic to the destination you specified in the rule. If you want to enforce client side, setup a group policy. This is a workaround for a non AD environment.
After this setup what if a client uses his Android to install a VPN app and connect that APP then he can browse porn? Am i right?
No alternate DNS?
No, you set yours
@@TKSJa What if I use router DNS and Cache?
@@obslugait88 You could
Hlow sir i say again
How to limit dwonlad extenshion mkv mp4 and etc😆😊☺
Added to my list.
Isn't it illegal when ISP doing this?
No sure, but for hotspot, business, school or home this is ok to do.
+TKSJa I'm talking about residential broadband provider
+TKSJa it's acceptable for school, businesses and Hotspot... But when residential broadband provider does this, it pisses off some advance users
That's true
Firewall / NAT rule for forcing use of google isnt wokring