Force All DNS Traffic To Go Through Pi-hole Using Mikrotik

Redirect all port 53 (DNS traffic) to Pi-hole for SmartDNS

Using a Mikrotik router you can route all DNS traffic to your raspberry PI on which you are running Pi-Hole using SmartDNS as the upstream DNS server.

By adding the firewall rules below we are telling the router to send everyone to the PiHole. This approach is only useful if you have a Mikrotik router and semi-useful if your router uses ipchains as the logic is the same and the syntax is not that different. This is especially great for business networks where you don’t want guests using their own DNS servers to bypass your content blocking.

Why are we going to redirect DNS traffic to a Local Server and force users to use our specified DNS server?

We want to access geo-blocked content like Netflix and BBC iPlayer on some devices like the Playstation 4 and 5 and the Google Chromecast who uses their own hardcoded DNS servers to determine their location no matter what you specify via DHCP or manually on the device itself.

Redirect all DNS traffic to PiHole with a MikroTik router

Step 1: Connect to the Mikrotik router using Winbox

Connect to your MikroTik router using Winbox. If you are not familiar with Winbox, it’s a small utility that allows administration of the MikroTik RouterOS using a fast and simple GUI.

Winbox can be downloaded from the mikrotik download page

To connect to the router, enter the IP or MAC address of the router, specify your username and password (if any) and click on the Connect button. You can also enter the port number after the IP address, separating them with a colon, like this

Tip: You can also connect to winbox through the windows command prompt, for example (with no password):

winbox.exe admin ""
Step 2: Redirect DNS traffic that is neither to nor from the PiHole, to the PiHole

This code snippet assumes your raspberry pi’s IP address is, change the code below to the IP address of your PiHole instances’ address and replace with your LAN subnet.

In winbox open the “terminal” and paste the following code:

    /ip firewall nat
    add chain=dstnat action=dst-nat to-addresses= protocol=udp src-address=! dst-address=! dst-port=53
    add chain=dstnat action=dst-nat to-addresses= protocol=tcp src-address=! dst-address=! dst-port=53
    add chain=srcnat action=masquerade protocol=udp src-address= dst-address= dst-port=53
    add chain=srcnat action=masquerade protocol=tcp src-address= dst-address= dst-port=53

This will force clients on your network to use Pi-hole, even if they have their own hardcoded DNS servers.

The masquerade rules will make all the DNS traffic to appear as if it’s originating from your router to your Pi-hole, without the masquerade rules you won’t be able to resolve any domains if you set the DNS servers on your clients to anything other than the Pi-hole’s IP address.

If you need help, send me a tweet (@ErikThiart)

What makes a MikroTik router better than any other router?

It allows you to configure DNS traffic for one.

The router allows you to enjoy many of the features found on high end networking devices like Cisco and Juniper at a remarkably low price.

The custom built linux operaing system of MikroTik called RouterOS allows you to do so much more than what a consumer grade router like TP-Link, D-link, Netgear, Asus or Linksys allows you to do (e.g. limit speeds for each device or user, set up usernames and passwords via Hotspot and/or PPPoE, configure a walled garden, set up guest internet access, accept multiple IPs from your ISP, and redistribute them to other routers, etc. etc. etc.). Furthermore, even the cheapest MikroTik routers can handle much larger amounts of traffic than most (if not all) consumer grade routers.

They are very reliable, chances are if you have Fiber in your home the box the ISP put there is a MikroTik. Various organizations that I am a part of uses both MikroTik routers and radios in some pretty remote, dusty, dirty, cold (or hot), places. No systemic issues.

I would suggest you buy a cheap mikrotik device like the RB931-2nD to try it out. If you can afford it, buy something like the RB2011UiAS-2HnD-INRBD52G-5HacD2HnD-TC or even the RBD53GR-5HacD2HnD&R11e-LTE6 that you can use at your home and then play a bit with it.

Tip: When using a MikroTik it will help if you think like a Linux guy doing networking, rather than a networking guy. Also keep in mind that support is nearly non-existent so buy a few extra units, both for your lab and as spares and test your configurations first.

What is Pi-Hole?

It is a program you can install on a raspberry pi that blocks ads for all devices inside your network.

When your computer wants to find out where a server is, the query is first sent to Pi-hole. If the domain is not an ad-serving domain, it is sent to an upstream (public) DNS server. It passes through your router and out to the Internet.

If the domain is an ad-serving domain, Pi-hole responds to your computer’s request and delivers a blank Webpage. Nothing leaves your network.

Most home routers are a switch and a router in one, so the information touches your router at some point so it knows who to send the information to, but the main difference is that if the domain is on the blacklist, it stays in your network, and if it’s not on the blacklist, it is sent out to the Internet.

I wrote an in-depth tutorial explaining how to set up pi-hole on a raspberry pi to get rid of all the advertisements (ads) you encounter on the internet. If everything goes according to plan, then all devices inside your network (Mobile phone, Laptop, Desktop…) will never be bothered by ads again without additional configuration for each device.

What is SmartDNS?

It allows you to access and unblock geo-restricted sites and services like Netflix, Hulu, ABC, BBC iPlayer, or music streaming services like Pandora, Spotify without needing to use a VPN. It’s somewhat similar to how proxy servers route your internet traffic through a remote server to hide your real IP address and physical location in essence fooling these websites into making them think you are accessing them from a different country.

I prefer to use SmartDNS proxy because there is no loss of speed in my internet connection. This method of bypassing restricted websites is much faster than a VPN because we are only re-routing (or re-directing) certain portions of the traffic (DNS) through their server.

I wrote an article about how SmartDNS works and how you can use it to access BBC iPlayer outside of the UK.

To sum it up again, if you use a VPN you will notice a reduction in latency and downloading speed. There is no loss of speed because Smart DNS Proxy only needs to re-route specific information relating to your geographical location – unlike a VPN (Virtual Private Network) which needs to re-route ALL of your internet data in order for you to visit just one site.

Popular Categories

Ad Blockers AWS Bitcoin CMD cPanel crypto Dark web Google IoT MikroTik Python Reviews SmartDNS Sonoff Tor VPN Windows WordPress Xiaomi Youtube Raspberry Pi

Subscribe (It's Free)

Featured Articles

How to block ads on your network using Pi-Hole and a Raspberry Pi
How to block ads on your network using Pi-Hole and a Raspberry Pi

With Pi-Hole you can block in-app advertisements. Network-level blocking allows you to block ads in non-traditional places such as mobile apps and smart TVs, regardless of your hardware or OS and since advertisements are blocked before they are downloaded, network performance is improved and will feel faster. Pi-hole is a black hole for Internet advertisements.

Read The Article
How To Use Your Raspberry Pi To Monitor Internet Speed
How To Use Your Raspberry Pi To Monitor Internet Speed

Testing speed on a regular basis allows you to pinpoint performance trends, isolate which devices may be causing issues for your wireless network, and ensure no one is stealing your bandwidth. This tutorial is made for you if you’re interested in monitoring how your download speed, upload speed, and ping are affected over time. In order […]

Read The Article
The tools, habits, and hardware needed to speed up your computer
The tools, habits, and hardware needed to speed up your computer

Whether it happens gradually over time or all of a sudden, trying to work with a slow computer can be seriously frustrating. Even if you’re fairly diligent with the maintenance of your laptop or PC, it’s surprising how quickly things slow down. If you are asking yourself “Why is my laptop so slow” and running Windows 10, 8, or 7, this post is for you!

Read The Article

Some articles you might also be interested in...

Review: Sonoff GK-200MP2-B a Wi-Fi and Lan enabled Wireless IP Security Camera
Review: Sonoff GK-200MP2-B a Wi-Fi and Lan enabled Wireless IP Security Camera

You probably know the Sonoff brand for smart home electronics like the POW R2 or the Sonoff Basic switches, but they also released a security camera, the Sonoff GK-200MP2-B. I decided to try it out and made an in-depth review so you can make the right decision. Considering this is Sonoff, a well-known brand for robust electronics. I expect a good working, premium product that just works especially since to use the Sonoff GK200MP2-B, you need the eWeLink application which integrates very well with other Sonoff devices.

Read The Article
How to monitor the power usage of devices using a Sonoff Pow R2
How to monitor the power usage of devices using a Sonoff Pow R2

Sonoff Pow R2 is a 16A WiFi smart light switch that allows you to remotely manage and control your appliances and monitor your home energy usage. The WiFi light switch works like a power monitor, which allows you to keep track of 99% accurate real-time current, voltage and power on your app.

Read The Article
How to access BBC iPlayer outside of the UK
How to access BBC iPlayer outside of the UK

You might have found that Hulu is limited to US viewers and the BBC iPlayer is likewise limited to UK IP addresses, however using a very easy to set up proxy server you can access BBC Iplayer, Hulu and many others from any country on all of your internet capable devices such as your Laptop, PC, Mobile Device, Kindle Fire TV, Apple TV, Google Chromecast etc. In this guide you get the ultimate viewing experience when streaming/downloading any type of regional or geo-blocked content online.

Read The Article