If you haven’t heard about openDNS, it is a service which offers free web filtering DNS servers. I have used their servers both at home and at customers who offer free WiFi access to their customers. Many times there are a lot of children connecting tablets and similar devices to these networks,especially if the WiFi is available in public places, and therefore it is very important that the users can safely browse the internet.
OpenDNS allows you to use their servers without registering. Just point the router to their servers, 220.127.116.11 & 18.104.22.168, and you’re done.
To set-up a MikroTik router to use these servers, you first need to make sure that you are not using your ISP’s, Peer, DNS servers. To disable the PeerDNS on an internet facing interface that uses a DHCP client:
- we will list all the dhcp clients that are running.
/ip dhcp-client print
The output should look something like this:
In this case there is only one DHCP client.
- Now we will disable using PeerDNS on DHCP client 0
/ip dhcp-client set use-peer-dns=no
To disable PeerDNS on a PPPoE client interface, similarly type
/interface pppoe-client set use-peer-dns=no 0
- To configure your router to use the openDNS servers type
/ip dns set server=22.214.171.124,126.96.36.199
This will provide you with basic filtering. You will not have control on what is blocked and what is allowed.
To be able to control which content is allowed and which is blocked, you need to set-up an account on openDNS.com . For home use, there are free options. Once you set-up an account, you have to label the IP address you are connecting with. Your current IP address will be bound to this label. The IP is used to identify you such that the filtering rules you set are applied.
When you have a dynamic address, like in most cases, you need to run an agent on a computer, connected to the home network, that will update your profile if your IP address changes. I decided that this update should be done by the router since it is always connected. To do this on a MikroTik router you need to:
- Ensure that the label set-up in openDNS is marked as dynamic
- Configure the DNS servers and disable PeerDNS as explained earlier
- Copy and Paste the below script in a terminal window on your router and make sure that you change the details in the variables openDNSUsername, openDNSPassword & openDNSHostname. A script will be created and named OpenDNS.
/system script add name=OpenDNS policy=read,test source="#\r\ \n# Variables\r\ \n#\r\ \n:local openDNSUsername \"<email address>\"\r\ \n:local openDNSPassword \"<openDNS password>\"\r\ \n:local openDNSHostname \"<label>\"\r\ \n \r\ \n#\r\ \n# Script\r\ \n#\r\ \n/tool fetch url=\"https://updates.opendns.com/nic/update\?system=dyndns&hostname=\$openDNSHostname\" \\\r\ \n user=\"\$openDNSUsername\" password=\"\$openDNSPassword\" \\\r\ \n mode=https keep-result=no"
- Next we need to schedule the above script to run at an interval, say 1 hour. The below command line will configure a scheduler named “Update openDNS Account” which will be set to run every hour.
/system scheduler add comment="Update Open DNS Dynamic IP" disabled=no interval=1h name=\ "Update openDNS Account" on-event=OpenDNS policy=\ read,test start-date=jan/01/1970 start-time=16:00:00
The openDNS script was taken from the Mikrotik forum. Thanks go to the author of the post, efaden
UPDATE – The script and schedule commands have been updated because the policies set were not allowing it to run properly when scheduled. Let me know in the comments section if you have any issues.