Ka tlase ho lilemo tse 10 hamorao, baetsi ba RoS (ka 6.47 e tsitsitseng) ba ekelitse ts'ebetso e u lumellang ho tsamaisa likopo tsa DNS ho latela melao e khethehileng. Haeba pejana ho ne ho hlokahala ho qoba melao ea Layer-7 ho firewall, joale sena se etsoa ka mokhoa o bonolo le ka bokhabane:
/ip dns static
add forward-to=192.168.88.3 regexp=".*\.test1\.localdomain" type=FWD
add forward-to=192.168.88.56 regexp=".*\.test2\.localdomain" type=FWD
Thabo ea ka ha e na moeli!
See se re tšosa ka eng?
Bonyane, re tlosa meaho e makatsang ea NAT e kang ena:
/ip firewall layer7-protocol
add comment="DNS Nat contoso.com" name=contoso.com regexp="\x07contoso\x03com"
/ip firewall mangle
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="mark dns contoso.com" dst-address-type=local dst-port=53 in-interface-list=DNSMASQ layer7-protocol=contoso.com new-packet-mark=dns-contoso.com passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=udp to-addresses=192.0.2.15
add action=dst-nat chain=dstnat comment="DST-NAT dns contoso.com" dst-port=53 in-interface-list=DNSMASQ packet-mark=dns-contoso.com protocol=tcp to-addresses=192.0.2.15
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=udp
add action=masquerade chain=srcnat comment="mask dns contoso.com" dst-port=53 packet-mark=dns-contoso.com protocol=tcp
'Me ha se eona feela, joale u ka ngolisa bafani ba' maloa, e leng ho tla thusa ho etsa dns failover.
Ts'ebetso e bohlale ea DNS e tla etsa hore ho khonehe ho qala ho hlahisa ipv6 marang-rang a k'hamphani. Pele ho moo, ha kea ka ka etsa sena, lebaka ke hore ke ne ke hloka ho rarolla mabitso a mangata a dns ho liaterese tsa lehae, 'me ho ipv6 sena se ne se ke ke sa etsoa ntle le lithupa tse kholo.
Source: www.habr.com