<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 14/05/2021 02:55, Steven Garner via
Pdns-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJNrfia5zJdpOz8KzjaXHL-j+Cbia1qUmah6cgfhs2X+Yy9LRQ@mail.gmail.com">
<div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div style="font-size:small">
<div style="font-family:arial">The router
connecting <a
href="http://ns2.opensourceserver.io"
moz-do-not-send="true">ns2.opensourceserver.io</a>'s 207.177.51.156
public IP address to the PDNS
server's 192.168.1.2 private IP address is
RouterOS 6.42.12, NAT/port forwarded: </div>
<div style="font-family:arial"><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div>
<div>
<div class="gmail_signature"
data-smartmail="gmail_signature">
<div>
<div>
<div>
<div>
<div>
<div style="font-size:small">
<div style=""><font face="monospace">/ip
firewall nat</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<div class="gmail_signature"
data-smartmail="gmail_signature">
<div>
<div>
<div>
<div>
<div>
<div style="font-size:small">
<div style=""><font face="monospace">add
action=masquerade chain=srcnat
src-address=<a
href="http://192.168.1.0/24"
moz-do-not-send="true">192.168.1.0/24</a></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<div class="gmail_signature"
data-smartmail="gmail_signature">
<div>
<div>
<div>
<div>
<div>
<div style="font-size:small">
<div style=""><font face="monospace">....</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div>
<div>
<div>
<div>
<div>
<div style="font-size:small">
<div style=""><font face="monospace">add
action=dst-nat chain=dstnat comment=DNS
dst-port=53 in-interface=ether1 protocol=tcp
to-addresses=192.168.1.2 to-ports=53</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div>
<div>
<div>
<div>
<div>
<div style="font-size:small">
<div style=""><font face="monospace">add
action=dst-nat chain=dstnat comment=DNS
dst-port=53 in-interface=ether1 protocol=udp
to-addresses=192.168.1.2 to-ports=53</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div>
<div>
<div>
<div>
<div>
<div style="font-size:small">
<div style=""><font face="monospace">...</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div>
<div>
<div>
<div>
<div>
<div style="font-size:small">
<div style=""><font face="monospace">add
action=masquerade chain=srcnat
out-interface=ether1</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div style="font-size:small">
<div style="font-family:arial"><br>
</div>
<div style="font-family:arial">Any help would be
appreciated.</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<p>On my home Mikrotik I have:</p>
<p><font face="monospace">/ip firewall filter<br>
...<br>
add action=accept chain=forward dst-address-list=ns_auth
dst-port=53 protocol=udp<br>
add action=accept chain=forward dst-address-list=ns_auth
dst-port=53 protocol=tcp<br>
...</font></p>
<p><font face="monospace">/ip firewall nat<br>
add action=masquerade chain=srcnat comment="NAT outbound -
external links" out-interface-list=all-external \<br>
src-address-list=internal_v4<br>
...<br>
add action=dst-nat chain=dstnat dst-address-type=local
dst-port=53 in-interface-list=all-external protocol=udp \<br>
to-addresses=10.12.255.32 to-ports=53<br>
add action=dst-nat chain=dstnat dst-address-type=local
dst-port=53 in-interface-list=all-external protocol=tcp \<br>
to-addresses=10.12.255.32 to-ports=53</font></p>
<p><font face="monospace">/ip firewall address-list<br>
...<br>
add address=10.12.255.32 list=ns_auth</font></p>
<p><font face="monospace">/interface list<br>
add name=all-external<br>
</font></p>
<p><font face="monospace">/interface list member<br>
add interface=pppoe-out2 list=all-external</font><br>
<br>
</p>
<p>Looks similar to yours, although I have "dst-address-type=local"
on the inbount NAT.<br>
</p>
<p>You can prove routing is the problem by running tcpdump on ns2,
and sending a query from outside:</p>
<p><font face="monospace">tcpdump -i eth0 -nn -s0 -v udp port 53</font></p>
<p><br>
</p>
</body>
</html>