Mikrotik Script to Authenticate Dynamic Sites

[blougaville]

I own a small IT company and we use NxCloud to provide DNS filtering for several of our customers. We love Mikrotik routers/switches because they are extremely competitively priced for the amount of features and flexibility they provide. Since we almost exclusively use Mikrotik routers at our client sites, and some of these sites have dynamic IPs, I wrote my own script to authenticate our dynamic client sites to the NxCloud servers we host.

The real kicker of our setup is we are so cheap that we don't even have a static IP at our sites where we host our NxCloud servers...so the script runs on our clients Mikrotik routers every minute, uses Google DNS to do an nslookup of our DDNS names (Mikrotik provides a free DDNS service on all of their devices), then authenticates to our IPs with the specific user login token for the customer.

With Mikrotik, you can easily create a NAT rule that forces all outgoing DNS traffic to go to the NxCloud/NxFilter DNS server, so this script can also change such NAT rules when it detects an IP change. Or, you can simply have it set the Mikrotik router's upstream DNS server to the remote NxCloud DNS server and update THAT when it detects an IP change via DDNS...then on the customer network, you can use the Mikrotik router as your upstream DNS in Active Directory...the possibilities are endless. I know this is a very specific script for our situation, but I wanted to post it here in case anyone uses Mikrotik routers and wants to play around with Mikrotik scripting to authenticate to NxCloud/NxFilter (instead of nslookup to send the ipupdate signal, you use the Mikrotik "resolve" command).

The script also pings the remote NxCloud IPs and has a failsafe procedure that changes the upstream DNS servers to Google DNS if a certain amount of ping failures is detected and only restores the upstream NxCloud DNS if the certain amount of pings succeeds.

My Mikrotik script is attached.

[Jahastech]

Thanks for sharing. We will keep this one also on the top list for a while.

[Johannes Potgieter]

Hi Thanks for an Awesome Product and - Great script :)

I just need to know if there is a way or even possible to do the following from the router (Mikrotik)

Using NXCloud
1. I have 5 users under one Operator

On the same mikrotik and IP but every-time one of the users  uses dns it gets logged against their name - The problem here it's hosted in the cloud.

[Jahastech]

Not possible normally. But you can install NxClient on a PC which needs to be under a different policy and set a different DNS server for the PC. That's one way and the other one is to install NxRelay and uses as the DNS server for your client network.