Ma lalo o 10 mau makahiki i hala mai ka hoʻohui ʻana o nā mea hoʻomohala o RoS (i ka stable 6.47) i hiki iā ʻoe ke hoʻohuli hou i nā noi DNS e like me nā lula kūikawā. Inā ma mua he mea pono ke alo me nā lula Layer-7 i ka pā ahi, i kēia manawa ua hana maʻalahi a nani hoʻi:
/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD
ʻAʻohe palena o koʻu hauʻoli!
He aha kēia mea hoʻoweliweli iā mākou?
Ma ka liʻiliʻi loa, hoʻopau mākou i nā hana NAT ʻē aʻe e like me kēia:
/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp
A ʻaʻole ʻo ia wale nō, i kēia manawa hiki iā ʻoe ke hoʻopaʻa inoa i kekahi mau mea hoʻouna, e kōkua i ka hana failover dns.
ʻO ka hoʻoponopono DNS akamai e hiki ai ke hoʻomaka i ka hoʻokomo ipv6 i loko o ka pūnaewele o ka hui. Ma mua o kēlā, ʻaʻole wau i hana i kēia, ʻo ke kumu he pono iaʻu e hoʻoholo i kekahi mau inoa dns i nā helu kūloko, a ma ipv6 ʻaʻole hiki ke hana me ka ʻole o nā koʻokoʻo nui.
Source: www.habr.com