Internet Content Filtering in MikroTik Router using OpenDNS

Internet content is always not safe for our work or home network. We always face malware, phishing and adult content which are harmful for office or home internet. Using web content filtering software, we can easily get rid of this harmful content.

OpenDNS is a cloud-based internet content filtering solution that helps to keep our office or home internet free from malware, virus and adult content. Configuring Free OpenDNS Home Internet feature with our Home WiFi Router, we can easily achieve this goal.

OpenDNS provide a Dashboard where we can manage our content filtering parameters. Creating a free OpenDNS account, we can manage everything from the Dashboard.

MikroTik Router Board and MikroTik WiFi Router are popularly used in office and home network. So, if we configure OpenDNS Home Internet Solution in MikroTik RouterOS, we can easily remove unwanted web content from our home or office network.

In the previous article, I discussed how to configure free OpenDNS web content filtering software in personal computer. In this article, we will know how to configure OpenDNS in MikroTik RouterOSv7 so that all the network PCs use OpenDNS forcefully and keep safe from unwanted web content.

Configuring OpenDNS in MikroTik RouterOS  

MikroTik Router works smoothly with OpenDNS DNS based web content filtering software. There are two methods to use OpenDNS in MikroTik RouterOS.

  • MikroTik with DNS Server
  • MikroTik without DNS Server

Method 1: MikroTik with DNS Server

In this method, MikroTik works as a DNS server where OpenDNS is used as upstream DNS Server of MikroTik DNS. All DNS resolving requests go to MikroTik DNS to make ensure that all network hosts must use OpenDNS DNS Server.

The following steps will show how to configure MikroTik DNS to use OpenDNS as upstream DNS Resolver.

  • Login to MikroTik Router using Winbox.
  • Go to IP>DNS. DNS Settings window will appear.
  • Put OpenDNS nameserver IP addresses (67.222.222 and 208.67.220.220) in Servers input box.
  • Click on Allow Remote Requests checkbox.
  • Click Apply and OK button.
Setting OpenDNS as DHCP Server DNS IPs

Setting OpenDNS as DHCP Server DNS IPs

MikroTik Router will now work as a DNS server and it will resolve name resolution from OpenDNS’s nameservers. Generally, every network uses DHCP Server to assign IP address automatically.  So, we will now configure DHCP network so that DHCP Server always assign MikroTik Router’s IP as DNS Servers to the network host.

  • From Winbox, go to IP>DHCP Server. DHCP Server window will appear.
  • Click Network tab and then click on active network. If you have multiple networks, do this for all your networks.
  • Put LAN gateway IP in DNS Servers input box.
  • Click Apply and OK button.
Setting DNS Server for DHCP Server

Setting DNS Server for DHCP Server

So, any host that will request for DHCP IP, will be provided MikroTik Gateway IP as DNS Server. This configuration is now enough to apply OpenDNS in your network but if you have any expert user in your network who is able to setup DNS IP, can bypass MikroTik DNS configuring his OWN device’s DNS Server manually.

So, to force them to use MikroTik Router as DNS Server, we will redirect all UDP 53 port (DNS client port) request to our MikroTik Router using following NAT rule.

  • From Winbox, go to IP>Firewall menu item. Firewall window will appear.
  • Click on NAT tab and then click on PLUS SIGN (+). New NAT Rule window will appear.
  • From General tab, choose dstnat from Chain drop down menu.
  • Choose udp from Protocol dropdown menu.
  • Put Destination port 53 in Dst. Port input box.
  • From Action tab, choose dst-nat from Action drop down menu.
  • Put the LAN gateway IP address in To Addresses input box.
  • Put 53 in To Ports input box.
  • Click Apply and OK button.
  • Similarly create another NAT rule for TCT port 53 because DNS uses both UDP and TCP 53 port.
Firewall NAT Rule

Firewall NAT Rule

So, now all name resolution requests go to MikroTik DNS Server and MikroTik will resolve it from OpenDNS Server where internet content filtering will happen.

Method 2: MikroTik without DNS Server

In this method, MikroTik will catch DNS request and send to OpenDNS nameserver to resolve name resolution. So, we just create a Firewall NAT Rule to achieve this goal. Besides this, we can also setup DHCP Server Network’s DNS Server to OpenDNS nameserver. So that, initially all hosts must get OpenDNS IP.

The following steps will show to forward name resolution request to OpenDNS with MikroTik Router.

  • From Winbox, go to IP>DNS and make sure Allow Remote Requests checkbox is unchecked in DNS Settings window.
  • Now go to IP>Firewall menu item and then click on NAT tab from Firewall window.
  • Click on PLUS SIGN (+). New NAT Rule window will appear.
  • From General tab, choose dstnat from Chain drop down menu.
  • Choose udp from Protocol dropdown menu.
  • Put Destination port 53 in Dst. Port input box.
  • From Action tab, choose dst-nat from Action drop down menu.
  • Put OpenDNS nameserver IP address, in To Addresses input box.
  • Put 53 in To Ports input box.
  • Click Apply and OK button.
  • Similarly create another NAT rule for TCT port 53 because DNS uses both UDP and TCP 53 port.
Firewall NAT Rule to Forward DNS Request to OpenDNS

Firewall NAT Rule to Forward DNS Request to OpenDNS

So, now all DNS resolution requests go to OpenDNS nameserver from MikroTik Router. We will now configure DHCP Network so that DHCP Server always assign OpenDNS IP as DNS Server IP to the requested host.

  • From Winbox, go to IP>DHCP Server. DHCP Server window will appear.
  • Click Network tab and then click on active network.
  • Put OpenDNS nameserver IP addresses (67.222.222 and 208.67.220.220) in DNS Servers input box.
  • Click Apply and OK button.
Setting OpenDNS as DHCP Server DNS IPs

Setting OpenDNS as DHCP Server DNS IPs

So, MikroTik Router will now work as a DNS forwarder to OpenDNS and filter internet content for the network.

If you face any confusion to configure OpenDNS in MikroTik RouterOS, watch the following video. I hope, it will help you to reduce your confusion.

How to configure internet content filtering software OpenDNS in MikroTik RouterOS has been discussed in this article. I hope, you will now be able to configure internet content filtering network with MikroTik RouterBoard or MikroTik Wireless Router following above steps. However, if you face any confusion, feel free to discuss in comment or contact me from Contact page. I will try my best to stay with you.

Why not a Cup of COFFEE if the solution?

internet-content-filtering-in-mikrotik-router-using-opendns

ABU SAYEED

I am a system administrator and like to share knowledge that I am learning from my daily experience. I usually work on MikroTik, Redhat/CentOS Linux, Windows Server, physical server and storage, virtual technology and other system related topics. Follow Me: Facebook, Twitter and Linkedin.

Your name can also be listed here. Have an IT topic? Submit it here to become a System Zone author.

Leave a Reply

Your email address will not be published. Required fields are marked *

*