I lalo ifo o le 10 tausaga ua mavae talu mai le atinaʻeina o le RoS (i le fale mautu 6.47) faʻaopoopo galuega e mafai ai e oe ona toe faʻafeiloaʻi talosaga DNS e tusa ai ma tulafono faʻapitoa. Afai o le taimi muamua na tatau ai ona aloese mai le Layer-7 tulafono i le firewall, o lea ua faia lenei mea faigofie ma matagofie:
/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD
E leai se tuaoi o lo'u fiafia!
O le a le mea ua faamata'uina ai i tatou e lenei mea?
I se tulaga maualalo, matou te faʻaumatia mea uiga ese NAT e pei o lenei:
/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp
Ma e le na o le pau lena, o lea e mafai ona e resitalaina nisi o faʻasalalauga, lea o le a fesoasoani i le faʻaogaina o le dns failover.
O le faʻaogaina o le DNS atamai o le a mafai ai ona amata faʻafeiloaʻi le ipv6 i le fesoʻotaʻiga a le kamupani. Aʻo leʻi faia lena mea, ou te leʻi faia lenei mea, o le mafuaʻaga na ou manaʻomia e foia ai le tele o igoa dns i tuatusi faʻapitonuʻu, ma ile ipv6 e le mafai ona faia e aunoa ma ni tootoo tetele.
puna: www.habr.com