MikroTik RouterOS Configuration

flashstart has been certified as a made for mikrotik software platform it guarantees official recognition and full compatibility on any router model and os version mikrotik routeros is one of the most used routers today by our customers and partners all over the world overview this guide explains how to configure our dns filter directly on mikrotik routeros devices you can choose to apply the complete configuration instantly using our automated script via the terminal, or you can configure every parameter manually step by step using the winbox graphical interface automated configuration script if you want to configure your routerboard automatically, open a new terminal window in your mikrotik and paste the script below this code will automatically create the update script, schedule it to run every minute, disable peer dns, apply our cloud servers, and create the necessary nat redirection rules before pressing enter, carefully replace user and pass in the script with the specific username and password assigned to your dynamic network routeros # script dns filter \# create the script /system script add name=filterscript policy=\\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\\ 	\n\ tool fetch url=\\"https //ddns flashstart com/nic/update\\?username=user\&password=pass\\"" \# schedule the script to run every 1 minute /system scheduler add interval=60s name=filterscheduler on event="/system script run filterscript" \\ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \\ start time=startup \# disable the use of peer dns /ip dhcp client set use peer dns=no 0 \# set cache max ttl to 1 minute /ip dns set cache max ttl=1m \# set the content filter dns /ip dns set servers=185 236 104 104,185 236 105 105 \# create nat rules /ip firewall nat add action=dst nat chain=dstnat dst port=53 protocol=udp \\ to addresses=185 236 104 104 to ports=53 add action=dst nat chain=dstnat dst port=53 protocol=tcp \\ to addresses=185 236 104 104 to ports=53 if your password contains special characters like $ or ", you must insert the \ symbol before each of those characters in the code for example, if you have the password password123$$, you have to change it to password123$$ this is strictly necessary, otherwise the mikrotik system will misinterpret those characters and the script will fail manual configuration via winbox if you prefer the graphical interface, log into your routerboard using winbox and follow these manual steps create the update script first, you need to create a script to automatically update your dynamic ip address go to the system menu and click on scripts click on the + symbol under the scripts button configure the fields as follows name insert a recognizable name like flashstartscript policy leave the default policy selected source copy and paste the following instruction into the text area routeros \ tool fetch url="https //ddns flashstart com/nic/update\\?username=user\&password=pass" you must replace the credentials within the source code user the dedicated username of your dynamic network pass the specific password of your dynamic network ensure you follow the special character escape rule mentioned in the warning box above if your network password contains symbols click ok to save the changes schedule the script after creating the script, you must set a scheduler so it runs automatically go to the system menu and click on scheduler click on the + symbol under the scheduler button configure the scheduling fields name insert a name like platformscheduler interval choose an interval to run the script the time format must be hh\ mm\ ss, meaning you should enter 00 01 00 for a one minute interval on event insert the exact name of the script you created in the previous step click ok to apply the changes set the cloud filter dns you now need to configure the dns routing on your mikrotik and set the mikrotik ip on your internal devices as the only dns to do this go to the ip menu and click on dns in the servers field, add 185 236 104 104 and 185 236 105 105 click on the ok button to save if you see a private ip in the dynamic dns field of your dns settings, your mikrotik is taking dns addresses in dhcp from another device like the main modem to avoid this, open the ip menu and click on dhcp client double click on your dhcp configuration to open the properties and uncheck the use peer dns entry click ok to apply the changes optional redirecting dns to our servers you can create firewall rules to transparently redirect all dns traffic to our servers by doing this, you do not need to change dns settings on internal devices or activate the dhcp server open the ip menu and click on the firewall button navigate to the nat tab and click the add new button to create a rule configure the fields exactly in this way enabled check the box chain select dstnat protocol choose udp dst port type 53 in interface choose your internal interface, which is bridge1 by default action select dst nat to address insert 185 236 104 104 to port type the port number chosen before, which defaults to 53 click ok to apply the new configuration finally, create another rule strictly equal to the previous one, but change the protocol field to tcp instead of udp related guides explore these topics for advanced configurations and troubleshooting docid\ ht pyu y5boum4v5y5xkw docid\ koxapycofttrhq64pbqlx docid\ ldnw37v8yqvnhveppafbw docid\ geqt1d izz2bpkdrw 7s7 docid\ h63uxobr71wadak1z ybz