How To Use A Mikrotik Router As A DNS Server And Add Static DNS Records For Internal Servers In Your LAN Network.
In order to complete this tutorial successfully the following items are required. Please ensure to have these items available before taking implementation action on this tutorial:
1) A mikrotik router or the cloud hosted router running routeros version.
2) A mikrotik user account with access rights to make DNS changes.
3) The winbox application and / or the winbox mobile app.
4) A laptop or desktop running Windows 7 64 bit or newer.
1) Download the Winbox desktop app, open it and login to the mikrotik router.
2) Click on IP > DNS SERVER, set a default DNS lookup address and allow remote requests.
3) Learn how to add static DNS entry for network applications such as a web server and an email server.
4) Learn how to protect the mikrotik DNS Server from DDOS attacks.
Step 1: Download The Winbox App And Login To A Mikrotik Router.
4) The next step is to add a Mikrotik firewall rule that forces all LAN devices to direct all DNS queries to the Mikrotik DNS server. To do this click on the NEW TERMINAL button on the WINBOX navigation bar and type the following commands.
ip firewall nat add chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53 to-address=192.168.55.1 comment=”DIRECT ALL DNS REQUESTS TO MIKROTIK INTERNAL DNS SERVER.”
*replace the to-address with the LAN address of the mikrotik router.
6) The next step is to protect the Mikrotik DNS Server by adding firewall rules to block incoming DNS requests on the WAN or internet facing interface. This can help to prevent DNS flooding attacks from malicious attackers on the web. Run the following commands:
ip firewall filter.
add action=drop chain=input dst-port=53 protocol=udp
add action=drop chain=input dst-port=53 protocol=tcp