Programming, tutorials, mechatronics, operating systems, and other tech stuff

Mikrotik | How to Solve Blocked DNS Port (53) Under Hotspot Network

1 comment
After i implement hotspot network in my workplace, everything went smooth. But after awhile, a problem arise. We, anyone behind hotspot, could not resolve some DNS, especially the one hosted by google such as customized blogger domain like this blog, asudahlah.com.

I can ping asudahlah.com using mikrotik terminal in winbox, but i cannot nslookup it in my laptop and my coworker's laptop. I also try with another domain name, some of them get thru, some didn't. My DNS flow goes like this:

Client (DNS=192.168.68.1)-------->(IP=192.168.68.1) Mikrotik (DNS=8.8.8.8)------->internet.

After some trial and error, i found what the problem is. Mikrotik's hotspot dynamically created a NAT rules which redirect DNS port TCP 53 and UDP 53 in order for the captive portal to work.

Here's a solution which works for my case. By bypassing TCP and UDP port 53. Here's the configuration:

/ip firewall nat
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=udp
add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=tcp
/ip hotspot walled-garden ip
add action=accept disabled=no dst-port=53 protocol=udp
add action=accept disabled=no dst-port=53 protocol=tcp


Well, that's it. Now i can access all domain.

I hope it helps anyone having the same problem.

1 comment :

  1. I think this post https://blog.brocktice.com/2015/01/09/disabling-mikrotik-hotspot-dns-proxying-for-authenticated-users/

    might have a better solution. It redirects unauthenticated clients, but accepts authenticated ones.

    ReplyDelete