ProHoster > ะ‘ะปะพะณ > แžšแžŠแŸ’แž‹แž”แžถแž› > Mikrotik split-dns: แž–แžฝแž€แž‚แŸแž”แžถแž“แž’แŸ’แžœแžพแžœแžถ

Mikrotik split-dns: แž–แžฝแž€แž‚แŸแž”แžถแž“แž’แŸ’แžœแžพแžœแžถ

แžแžทแž…แž‡แžถแž„ 10 แž†แŸ’แž“แžถแŸ†แž”แžถแž“แž€แž“แŸ’แž›แž„แž•แžปแžแž‘แŸ…แž…แžถแž”แŸ‹แžแžถแŸ†แž„แž–แžธแžขแŸ’แž“แž€แžขแž—แžทแžœแžŒแŸ’แžแž“แŸ RoS (แž“แŸ…แž€แŸ’แž“แžปแž„แžŸแŸ’แžแŸแžšแž—แžถแž– 6.47) แž”แžถแž“แž”แž“แŸ’แžแŸ‚แž˜แž˜แžปแžแž„แžถแžšแžŠแŸ‚แž›แžขแž“แžปแž‰แŸ’แž‰แžถแžแžฑแŸ’แž™แžขแŸ’แž“แž€แž”แŸ’แžแžผแžšแž‘แžทแžŸแžŸแŸ†แžŽแžพ DNS แžŸแŸ’แžšแž”แžแžถแž˜แž…แŸ’แž”แžถแž”แŸ‹แž–แžทแžŸแŸแžŸแŸ” แž”แŸ’แžšแžŸแžทแž“แž”แžพแž˜แžปแž“แž“แŸแŸ‡แžœแžถแž…แžถแŸ†แž”แžถแž…แŸ‹แžŠแžพแž˜แŸ’แž”แžธแž‚แŸแž…แž–แžธแž…แŸ’แž”แžถแž”แŸ‹ Layer-7 แž“แŸ…แž€แŸ’แž“แžปแž„แž‡แž‰แŸ’แž‡แžถแŸ†แž„แž—แŸ’แž›แžพแž„ แžฅแžกแžผแžœแž“แŸแŸ‡แž“แŸแŸ‡แžแŸ’แžšแžผแžœแž”แžถแž“แž’แŸ’แžœแžพแž™แŸ‰แžถแž„แžŸแžถแž˜แž‰แŸ’แž‰ แž“แžทแž„แž†แžพแžแž†แžถแž™แŸ–

/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD

แžŸแžปแž—แž˜แž„แŸ’แž‚แž›แžšแž”แžŸแŸ‹แžแŸ’แž‰แžปแŸ†แž‚แŸ’แž˜แžถแž“แž–แŸ’แžšแŸ†แžŠแŸ‚แž“แž‘แŸ!

แžแžพแž“แŸแŸ‡แž‚แŸ†แžšแžถแž˜แž€แŸ†แž แŸ‚แž„แžขแŸ’แžœแžธแžŠแž›แŸ‹แž™แžพแž„?

แž™แŸ‰แžถแž„แž แŸ„แž…แžŽแžถแžŸแŸ‹ แž™แžพแž„แž€แž˜แŸ’แž…แžถแžแŸ‹แžŸแŸ†แžŽแž„แŸ‹ NAT แž…แž˜แŸ’แž›แŸ‚แž€แžŠแžผแž…แž“แŸแŸ‡แŸ–


/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp

แž แžพแž™แž“แŸ„แŸ‡แž˜แžทแž“แž˜แŸ‚แž“แž‘แžถแŸ†แž„แžขแžŸแŸ‹แž“แŸ„แŸ‡แž‘แŸ แžฅแžกแžผแžœแž“แŸแŸ‡แžขแŸ’แž“แž€แžขแžถแž…แž…แžปแŸ‡แžˆแŸ’แž˜แŸ„แŸ‡แž˜แŸ‰แžถแžŸแŸŠแžธแž“แž˜แŸแž”แž‰แŸ’แž‡แžผแž“แž”แž“แŸ’แžแž‡แžถแž…แŸ’แžšแžพแž“ แžŠแŸ‚แž›แž“แžนแž„แž‡แžฝแž™แžขแŸ’แž“แž€แž’แŸ’แžœแžพ dns แž”แžšแžถแž‡แŸแž™แŸ”
แžŠแŸ†แžŽแžพแžšแž€แžถแžš DNS แž†แŸ’แž›แžถแžแžœแŸƒแž“แžนแž„แž’แŸ’แžœแžพแžฑแŸ’แž™แžœแžถแžขแžถแž…แž…แžถแž”แŸ‹แž•แŸ’แžแžพแž˜แžŽแŸ‚แž“แžถแŸ† ipv6 แž‘แŸ…แž€แŸ’แž“แžปแž„แž”แžŽแŸ’แžแžถแž‰แžšแž”แžŸแŸ‹แž€แŸ’แžšแžปแž˜แž แŸŠแžปแž“แŸ” แžแŸ’แž‰แžปแŸ†โ€‹แž˜แžทแž“โ€‹แž”แžถแž“โ€‹แž’แŸ’แžœแžพโ€‹แžœแžถโ€‹แž–แžธโ€‹แž˜แžปแž“โ€‹แž‘แŸ แž แŸแžแžปแž•แž›โ€‹แž‚แžบโ€‹แžแžถโ€‹แžแŸ’แž‰แžปแŸ†โ€‹แžแŸ’แžšแžผแžœโ€‹แž€แžถแžšโ€‹แžŠแžพแž˜แŸ’แž”แžธโ€‹แžŠแŸ„แŸ‡แžŸแŸ’แžšแžถแž™โ€‹แžˆแŸ’แž˜แŸ„แŸ‡ DNS แž˜แžฝแž™โ€‹แž…แŸ†แž“แžฝแž“โ€‹แž‘แŸ…โ€‹แž€แžถแž“แŸ‹โ€‹แžขแžถแžŸแž™แžŠแŸ’แž‹แžถแž“โ€‹แž˜แžผแž›แžŠแŸ’แž‹แžถแž“ แž แžพแž™โ€‹แž€แŸ’แž“แžปแž„ ipv6 แž“แŸแŸ‡โ€‹แž˜แžทแž“โ€‹แžขแžถแž…โ€‹แž’แŸ’แžœแžพโ€‹แž”แžถแž“โ€‹แžŠแŸ„แž™โ€‹แž‚แŸ’แž˜แžถแž“โ€‹แžˆแžพแž…แŸ’แžšแžแŸ‹โ€‹แž’แŸ†โ€‹แž‡แžถแž„แŸ”

แž”แŸ’แžšแž—แž–: www.habr.com