How to Configure OpenDNS on MikroTik Routers for Enhanced Internet Security

Protect Your Network: Easy OpenDNS Setup on MikroTik Routers

 

The internet can present risks for both home and office networks, exposing users to malware, phishing, and inappropriate content. To combat this, web content filtering tools can help protect networks from these types of online threats. you can Configure OpenDNS on MikroTik RouterOS with any model either Wired or WiFi router with in a few steps.

OpenDNS is a cloud-based content filtering solution that helps secure internet connections by blocking malicious sites, viruses, and inappropriate content. With the Free OpenDNS Home Internet feature, you can configure your home WiFi router to ensure safer browsing.

By creating a free OpenDNS account, you can manage your filtering settings directly through the OpenDNS Dashboard, giving you control over what content is accessible on your network.

MikroTik RouterBoard and MikroTik WiFi routers are popular in both home and office environments. Configuring OpenDNS on MikroTik RouterOS allows you to block unwanted content across your entire network.

In this guide, we’ll cover how to configure OpenDNS on MikroTik RouterOSv7 so that all devices on your network use OpenDNS and benefit from its filtering.

 


Configuring OpenDNS on MikroTik RouterOS

MikroTik routers work seamlessly with OpenDNS for DNS-based content filtering. There are two primary methods to set up OpenDNS on MikroTik RouterOS:

  1. Using MikroTik as a DNS Server
  2. Without MikroTik DNS Server

Method 1: MikroTik as a DNS Server

In this approach, MikroTik acts as a DNS server, with OpenDNS configured as the upstream DNS server. All DNS requests from network devices will pass through the MikroTik router, ensuring that OpenDNS filtering is applied.

Follow these steps to set up MikroTik to use OpenDNS as the upstream DNS resolver:

  1. Log in to the MikroTik Router via Winbox.
  2. Go to IP > DNS to open the DNS Settings window.
  3. Enter OpenDNS nameserver IP addresses (67.222.222 and 208.67.220.220) in the Servers field.
  4. Check the Allow Remote Requests box.
  5. Click Apply and OK.

Configuring MikroTik router to use OpenDNS

 

Assigning OpenDNS as the DHCP Server’s DNS IPs

With MikroTik set up as the DNS server, it will resolve all requests via OpenDNS. Most networks use a DHCP server to automatically assign IP addresses. Now, configure the DHCP network so that it assigns the MikroTik router’s IP as the DNS server for each device.

  1. In Winbox, go to IP > DHCP Server.
  2. In the DHCP Server window, select the Network tab and click on the active network. Repeat for other networks if necessary.
  3. Enter the LAN gateway IP in the DNS Servers field.
  4. Click Apply and OK.

Redirecting DNS Requests to MikroTik

To prevent users from bypassing this setup by manually configuring their own DNS, create a NAT rule that redirects all DNS (port 53) traffic to the MikroTik router:

  1. Go to IP > Firewall and select the NAT tab.
  2. Click the + button to add a new NAT rule.
  3. In the General tab, set Chain to dstnat and Protocol to udp.
  4. In the Dst. Port field, enter 53.
  5. In the Action tab, set Action to dst-nat and enter the LAN gateway IP in the To Addresses field.
  6. Set To Ports to 53, then click Apply and OK.
  7. Repeat these steps for TCP port 53, as DNS uses both UDP and TCP ports.

Now, all DNS requests will be routed to the MikroTik DNS server, which will resolve them through OpenDNS, filtering internet content as configured.


Method 2: Without Using MikroTik as a DNS Server

In this method, DNS requests are directly routed to OpenDNS, bypassing the MikroTik DNS server. A firewall NAT rule is set up to forward all DNS requests to OpenDNS, and the DHCP server network is configured to assign OpenDNS IPs to all devices initially.

Follow these steps to set up this configuration:

  1. Go to IP > DNS and ensure that Allow Remote Requests is unchecked.
  2. Navigate to IP > Firewall, then click on the NAT tab.
  3. Click + to add a new NAT rule.
  4. In the General tab, set Chain to dstnat, Protocol to udp, and Dst. Port to 53.
  5. In the Action tab, set Action to dst-nat, and enter the OpenDNS nameserver IP address in the To Addresses field.
  6. Set To Ports to 53, then click Apply and OK.
  7. Create another NAT rule for TCP port 53 to ensure all DNS requests use OpenDNS.

Setting OpenDNS as the DHCP Server’s DNS IPs

Finally, configure the DHCP server to assign OpenDNS IP addresses to each device:

  1. Go to IP > DHCP Server.
  2. In the DHCP Server window, select the Network tab and open the active network.
  3. Enter OpenDNS nameserver IP addresses (67.222.222 and 208.67.220.220) in the DNS Servers field.
  4. Click Apply and OK.

This setup ensures that all DNS resolution requests are directed through OpenDNS, effectively filtering content across the network. After Configure OpenDNS on MikroTik your internet will protect with OpenDNS and any website and app you blocked in Open DNS account will blocked in your home interent.

 

Related Post