Setting up MikroTik/RouterOS with Conditional DNS Forwarding (UnoTelly/UnblockUS)

I have a MikroTik RouterOS device that has some custom DNS settings and therefore I cannot change the DNS servers it provides to clients, which is a requirement to use UnoTelly or Unblockus. Instead I found the following article very helpful, it allows you to configure Conditional DNS forwarding for specific domains.

This works well because I use MediaHint to swap back and forth for NetFlix US and Canada, but use only the US Amazon Prime.

/ip firewall layer7-protocol add
/ip firewall mangle add chain=prerouting dst-address=<routeripaddress> action=mark-connection protocol=tcp dst-port=53
/ip firewall mangle add chain=prerouting dst-address=<routeripaddress> action=mark-connection protocol=udp dst-port=53
/ip firewall nat add action=dst-nat chain=dstnat to-addresses=<UnoTellyDNSServerIPAddress>
/ip firewall nat add action=masquerade chain=srcnat


MikroTik – DynDNS Update Script

This is a script for ensuring that your DynDNS hostname is updated when your IP changes on your MikroTik router. Unfortunately the script from the MikroTik Wiki doesn’t work and is broken.

  • There is a question mark within the URL that posts the update to and it gets removed when you paste and run the code through telnet/ssh. To fix it you will need to put a slash in-front of the question mark for it to be passed correctly.

This script is now on GitHub at

# Set needed variables
:local username "username"
:local password "password"
:local hostname "hostname"

:global dyndnsForce
:global previousIP 

# print some debug info
:log info ("UpdateDynDNS: username = $username")
:log info ("UpdateDynDNS: password = $password")
:log info ("UpdateDynDNS: hostname = $hostname")
:log info ("UpdateDynDNS: previousIP = $previousIP")

# get the current IP address from the internet (in case of double-nat)
/tool fetch mode=http address="" src-path="/" dst-path="/dyndns.checkip.html"
:local result [/file get dyndns.checkip.html contents]

# parse the current IP result
:local resultLen [:len $result]
:local startLoc [:find $result ": " -1]
:set startLoc ($startLoc + 2)
:local endLoc [:find $result "</body>" -1]
:local currentIP [:pick $result $startLoc $endLoc]
:log info "UpdateDynDNS: currentIP = $currentIP"

# Remove the # on next line to force an update every single time - useful for debugging,
# but you could end up getting blacklisted by DynDNS!

#:set dyndnsForce true

# Determine if dyndns update is needed
# more dyndns updater request details

:if (($currentIP != $previousIP) || ($dyndnsForce = true)) do={
   :set dyndnsForce false
   :set previousIP $currentIP
   :log info "$currentIP or $previousIP"
   /tool fetch user=$username password=$password mode=http address="" \
      src-path="/nic/update\?hostname=$hostname&myip=$currentIP&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG" \
   :local result [/file get dyndns.txt contents]
   :log info ("UpdateDynDNS: Dyndns update needed")
   :log info ("UpdateDynDNS: Dyndns Update Result: ".$result)
   :put ("Dyndns Update Result: ".$result)
} else={
   :log info ("UpdateDynDNS: No dyndns update needed")