Sign in Subscribe

Load balancing outgoing DNS queries

Last updated on 
Load balancing outgoing DNS queries

Sometime in life you might encounter, that limits enforced by single open dns provider is simply not enough...

Work around this issue by simply load balancing your requests to multiple providers!

Sample configuration for your Mikrotik device:

/ip/firewall/nat
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=10,1 protocol=udp to-addresses=8.8.8.8
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=9,1 protocol=udp to-addresses=8.8.4.4
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=8,1 protocol=udp to-addresses=1.1.1.1
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=7,1 protocol=udp to-addresses=1.0.0.1
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=6,1 protocol=udp to-addresses=95.85.95.85
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=5,1 protocol=udp to-addresses=2.56.220.2
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=4,1 protocol=udp to-addresses=208.67.222.222
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=3,1 protocol=udp to-addresses=208.67.220.220
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=2,1 protocol=udp to-addresses=208.67.222.220
add action=dst-nat chain=output comment=DnsLB dst-port=53 nth=1,1 protocol=udp to-addresses=208.67.220.222

Or equivalent in iptables:

iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 10 --packet 0 -j DNAT --to-destination 8.8.8.8
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 9 --packet 0 -j DNAT --to-destination 8.8.4.4
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 8 --packet 0 -j DNAT --to-destination 1.1.1.1
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 7 --packet 0 -j DNAT --to-destination 1.0.0.1
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 6 --packet 0 -j DNAT --to-destination 95.85.95.85
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 5 --packet 0 -j DNAT --to-destination 2.56.220.2
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 4 --packet 0 -j DNAT --to-destination 208.67.222.222
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 3 --packet 0 -j DNAT --to-destination 208.67.220.220
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 2 --packet 0 -j DNAT --to-destination 208.67.222.220
iptables -t nat -A OUTPUT -p udp --dport 53 -m statistic --mode nth --every 1 --packet 0 -j DNAT --to-destination 208.67.220.222

Note: In these examples OUTPUT chain is used, this mean device must generate DNS query packets from local process, if you add these rules on a router/switch they might will not work, if the router/switch is not acting as your DNS recursor.