ืคืืืช ื-10 ืฉื ืื ืืืคื ืืื ืฉืืืคืชืืื ืฉื RoS (ืืืจืกื ืืฆืืื 6.47) ืืืกืืคื ืคืื ืงืฆืืื ืืืืช ืืืืคืฉืจืช ืืืคื ืืช ืืงืฉืืช DNS ืืืชืื ืืืืืื ืืืืืืื. ืื ืงืืื ืืื ืืื ืฆืืจื ืืืชืืืง ืืืืื Layer-7 ืืืืืช ืืืฉ, ืืขืช ืื ื ืขืฉื ืืคืฉืืืช ืืืืืื ืืืืช:
/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD
ืืืืฉืจ ืฉืื ืืื ืืืื!
ืืื ืื ืืืืื ืขืืื ื?
ืืื ืืคืืืช, ืื ื ื ืคืืจืื ืืืื ื NAT โโืืืืจืื ืืื ืื:
/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp
ืืื ืื ืืื, ืขืืฉืื ืืชื ืืืื ืืจืฉืื ืืื ืฉืืืืืื, ืฉืืขืืจื ืืืฆืข ืืฉื ื-dns.
ืขืืืื DNS ืืื ืืืคืฉืจ ืืืชืืื ืืืืืจืช ipv6 ืืจืฉืช ืืืืจื. ืืคื ื ืื, ืื ืขืฉืืชื ืืืช, ืืกืืื ืืื ืฉืืืืชื ืฆืจืื ืืคืชืืจ ืืกืคืจ ืฉืืืช dns ืืืชืืืืช ืืงืืืืืช, ืื-ipv6 ืื ื ืืชื ืืื ืืขืฉืืช ืืืช ืืื ืงืืืื ืืืืืื ืืืื.
ืืงืืจ: www.habr.com