How to configure FlashStart DNS filtering on Mikrotik devices
IMPORTANT: Access the Mikrotik via WinBox or Web. Connect to the control panel (via SSH, Web or WinBox). PLEASE NOTE: In this guide we have used WinBox to configure the device.
First you need to create a new Script. Then proceed as follows: » Go to [System] and then click on [Scripts]. » In the window that opens, click on the + symbol under Scripts. » Choose a name to give the Script, for example, FlashStartScript. » Leave the default policies active. » In the Source field paste the following instruction:
Replace the words USER and PASS as follows: » USER - registration email/username. » PASS - registration password, received by email to the address specified during registration. IMPORTANT: If the password contains special characters such as $ or ", you must enter the \ symbol before each of these characters. For example, suppose you have the password password123$$, this must be written as follows: password123\$$. This change is necessary otherwise the Mikrotik would see those symbols as commands and not as simple characters. » Click [OK] to save the changes.
Image Caption: Creation of Script Image Alt text: Creating script from system menu
At this point it is necessary to create a Scheduler so that it automatically executes the Script created earlier. Then proceed as follows: » Go to [System] and click on [Scheduler]. » In the window that opens, click on the + symbol under the Scheduler heading. » Choose a name to give the Scheduler, for example FlashStartScheduler. » Choose the 'Script execution time interval, for example 5 minutes. PLEASE NOTE: The format must be hh:mm:ss, so in our case it will be 00:05:00. » In the On Event field enter the name of the previously created Script. In our example therefore it will be FlashStartScript.
Set the following DNS, either using a DHCP Server or manually, on the various devices inside the network: » Primary DNS: 185.236.104.104 » Secondary DNS: 185.236.105.105 Alternatively, it is possible to change the DNS used by the Mikrotik so that the IP itself is used as the only DNS on the devices internal to the network. To do this proceed as follows: » Go to [IP] and click on [DNS]. » In the window that opens, respectively, enter the following IPs in the Servers field: » Primary DNS: 185.236.104.104 » Secondary DNS: 185.236.105.105 » Click on the [OK] button to save.
IMPORTANT: If there is an address, within the Dynamic DNS field on DNS Settings, it means that the Mikrotik also takes DNS from the DHCP of another device on the network (usually the Router). To avoid this proceed as follows: » Open the [IP] menu and then click on [DHCP Client]. » Double-click on the entry for the active DHCP client to open the respective properties. » Remove the check mark from the Use Peer DNS item. » Click [OK] to save.
You can create some Firewall rules with the purpose of automatically redirecting all DNS traffic (port 53) to our Servers. This way you will not need to change the DNS on the devices inside the network. To do this open the [IP] menu and click on the [Firewall] button. Then click on the [NAT] tab and then on the [Add new] button, to create a new rule.lient.
Fill in the various fields as follows: » Enabled: Check the box to enable the rule. » Chain: Select dstnat from the drop-down menu. » Protocol: Choose udp. » Dst. Port: Enter 53. » In. Interface: Choose the internal network interface to be filtered. By default it is called bridge1.
» Action: Select dst-nat. » To Address:Enter the address 185.236.104.104. » To Port:Enter the port number chosen previously, default is 53. PLEASE NOTE: If a port other than 53 was registered on the Cloud panel, enter that port. » Click [Ok] to save.
Finally create another rule, the same as the previous one, except the Protocol field must be tcp instead of udp.
Related articles: Mikrotik: How to run scripts on multi-WAN scenarios? Mikrotik: How do I configure multiprofile?
Other ways to ask: » How to configure filter on Mikrotik devices. » Configuring the filter on Mikrotik devices. How to perform it.