Pasanathe zaka 10 pambuyo pake, opanga RoS (mu 6.47 yokhazikika) adawonjezera magwiridwe antchito omwe amakulolani kuti muwongolere zopempha za DNS molingana ndi malamulo apadera. Ngati m'mbuyomu kunali koyenera kuthawa ndi malamulo a Layer-7 paziwopsezo, tsopano izi zachitika mophweka komanso mokongola:
/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD
Chimwemwe changa chilibe malire!
Kodi izi zikutiwopseza ndi chiyani?
Osachepera, timachotsa zomanga zachilendo za NAT monga izi:
/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp
Ndipo si zokhazo, tsopano mukhoza kulembetsa angapo forwarders, zomwe zingathandize kupanga dns failover.
Kukonzekera kwanzeru kwa DNS kupangitsa kuti zitheke kuyambitsa ipv6 mu netiweki yakampani. Izi zisanachitike, sindinachite izi, chifukwa chake ndidafunikira kukonza mayina angapo a dns ku ma adilesi akumaloko, ndipo mu ipv6 izi sizingachitike popanda ndodo zazikulu.
Source: www.habr.com