ProHoster > Блог > Nchịkwa > Mikrotik split-dns: ha mere ya

Mikrotik split-dns: ha mere ya

Ihe na-erughị afọ 10 agafeela kemgbe ndị mmepe nke RoS (na 6.47 kwụsiri ike) agbakwunyere ọrụ na-enye gị ohere ịmegharị arịrịọ DNS dịka iwu pụrụ iche si dị. Ọ bụrụ na mbụ, ọ dị mkpa iji iwu Layer-7 pụọ na firewall, ugbu a, a na-eme nke a n'ụzọ dị mfe na nke ọma:

/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD

Obi ụtọ m amaghị oke!

Kedu ihe nke a na-eyi anyị egwu?

Opekempe, anyị na-ewepụ ihe nrụpụta NAT dị iche iche dị ka nke a:


/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp

Ma nke ahụ abụghị naanị, ugbu a ị nwere ike ịdebanye aha ọtụtụ ndị na-ebugharị, nke ga-enyere aka mee ka dns ghara ịdaba.
Nhazi DNS nwere ọgụgụ isi ga-eme ka o kwe omume ịmalite iwebata ipv6 n'ime netwọkụ ụlọ ọrụ. Tupu nke ahụ, emeghị m nke a, ihe kpatara ya bụ na achọrọ m idozi ọtụtụ aha dns na adreesị mpaghara, na ipv6 nke a enweghị ike ime n'enweghị nnukwu ihe mgbochi.

isi: www.habr.com