ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > Mikrotik ayaa kala qaybiyay-dns: way sameeyeen

Mikrotik ayaa kala qaybiyay-dns: way sameeyeen

In ka yar 10 sano ka dib, horumarinta RoS (oo deggan 6.47) ayaa ku daray shaqeynta taas oo kuu ogolaaneysa inaad dib u habeyn ku sameyso weydiimaha DNS sida waafaqsan qawaaniinta gaarka ah. Haddii mar hore ay lagama maarmaan ahayd in la ilaaliyo xeerarka Layer-7 ee dab-damiska, hadda tan waxaa loo sameeyaa si fudud oo qurux badan:

/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD

Farxaddaydu xad ma garanayso!

Maxay tani noogu hanjabtaa?

Ugu yaraan, waxaynu ka takhalusnaa dhismayaasha NAT ee la yaabka leh sida tan:


/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp

Taasina maahan, hadda waxaad diiwaangelin kartaa dhowr gudbiyeyaal, kuwaas oo gacan ka geysan doona samaynta dns-ku fashilmaan.
Ka-hortagga DNS ee caqliga leh ayaa ka dhigi doona suurtogalnimada in la bilaabo soo bandhigida ipv6 ee shabakadda shirkadda. Taas ka hor, ma aanan samayn tan, sababtu waxay tahay inaan u baahanahay inaan xalliyo tiro magacyo ah oo dns ah cinwaannada maxalliga ah, iyo ipv6 tan lama samayn karo iyada oo aan la helin meelo waaweyn.

Source: www.habr.com