# model: RB962UiGS-5HacT2HnT # serial-number: 8A7709D5AFD8 # firmware-type: qca9550L # current-firmware: 7.20.2 # installed-version: 7.20.2 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U dns changed adminKPP write 2026-03-26 14:01:17 # U dns changed adminKPP write 2026-03-26 14:00:47 # U dns changed adminKPP write 2026-03-26 14:00:17 # U dns changed adminKPP write 2026-03-26 13:59:47 # U dns changed adminKPP write 2026-03-26 13:59:17 # U dns changed adminKPP write 2026-03-26 13:58:47 # U dns changed adminKPP write 2026-03-26 13:58:17 # U dns changed adminKPP write 2026-03-26 13:57:47 # U dns changed adminKPP write 2026-03-26 13:57:17 # U dns changed adminKPP write 2026-03-26 13:56:47 # U dns changed adminKPP write 2026-03-26 13:56:17 # U dns changed adminKPP write 2026-03-26 13:55:47 # U dns changed adminKPP write 2026-03-26 13:55:17 # U dns changed adminKPP write 2026-03-26 13:54:47 # U dns changed adminKPP write 2026-03-26 13:54:17 # U dns changed adminKPP write 2026-03-26 13:53:47 # U dns changed adminKPP write 2026-03-26 13:53:17 # U dns changed adminKPP write 2026-03-26 13:52:47 # U dns changed adminKPP write 2026-03-26 13:52:17 # U dns changed adminKPP write 2026-03-26 13:51:47 # U dns changed adminKPP write 2026-03-26 13:51:17 # U dns changed adminKPP write 2026-03-26 13:50:47 # U dns changed adminKPP write 2026-03-26 13:50:17 # U dns changed adminKPP write 2026-03-26 13:49:47 # U dns changed adminKPP write 2026-03-26 13:49:17 # U dns changed adminKPP write 2026-03-26 13:48:47 # U dns changed adminKPP write 2026-03-26 13:48:17 # U dns changed adminKPP write 2026-03-26 13:47:47 # U dns changed adminKPP write 2026-03-26 13:47:17 # U dns changed adminKPP write 2026-03-26 13:46:47 # U dns changed adminKPP write 2026-03-26 13:46:17 # U dns changed adminKPP write 2026-03-26 13:45:47 # U dns changed adminKPP write 2026-03-26 13:45:17 # U dns changed adminKPP write 2026-03-26 13:44:47 # U dns changed adminKPP write 2026-03-26 13:44:18 # U dns changed adminKPP write 2026-03-26 13:43:47 # U dns changed adminKPP write 2026-03-26 13:43:17 # U dns changed adminKPP write 2026-03-26 13:42:47 # U dns changed adminKPP write 2026-03-26 13:42:17 # U dns changed adminKPP write 2026-03-26 13:41:47 # U dns changed adminKPP write 2026-03-26 13:41:17 # U dns changed adminKPP write 2026-03-26 13:40:47 # U dns changed adminKPP write 2026-03-26 13:40:18 # U dns changed adminKPP write 2026-03-26 13:39:47 # U dns changed adminKPP write 2026-03-26 13:39:17 # U dns changed adminKPP write 2026-03-26 13:38:47 # U dns changed adminKPP write 2026-03-26 13:38:17 # U dns changed adminKPP write 2026-03-26 13:37:47 # U dns changed adminKPP write 2026-03-26 13:37:17 # U dns changed adminKPP write 2026-03-26 13:36:47 # U dns changed adminKPP write 2026-03-26 13:36:17 # U dns changed adminKPP write 2026-03-26 13:35:47 # U dns changed adminKPP write 2026-03-26 13:35:17 # U dns changed adminKPP write 2026-03-26 13:34:47 # U dns changed adminKPP write 2026-03-26 13:34:17 # U dns changed adminKPP write 2026-03-26 13:33:47 # U dns changed adminKPP write 2026-03-26 13:33:17 # U dns changed adminKPP write 2026-03-26 13:32:48 # U dns changed adminKPP write 2026-03-26 13:32:17 # U dns changed adminKPP write 2026-03-26 13:31:47 # U dns changed adminKPP write 2026-03-26 13:31:17 # U dns changed adminKPP write 2026-03-26 13:30:47 # U dns changed adminKPP write 2026-03-26 13:30:17 # U dns changed adminKPP write 2026-03-26 13:29:47 # U dns changed adminKPP write 2026-03-26 13:29:17 # U dns changed adminKPP write 2026-03-26 13:28:47 # U dns changed adminKPP write 2026-03-26 13:28:17 # U dns changed adminKPP write 2026-03-26 13:27:47 # U dns changed adminKPP write 2026-03-26 13:27:17 # U dns changed adminKPP write 2026-03-26 13:26:47 # U dns changed adminKPP write 2026-03-26 13:26:17 # U dns changed adminKPP write 2026-03-26 13:25:47 # U dns changed adminKPP write 2026-03-26 13:25:17 # U dns changed adminKPP write 2026-03-26 13:24:47 # U dns changed adminKPP write 2026-03-26 13:24:17 # U dns changed adminKPP write 2026-03-26 13:23:47 # U dns changed adminKPP write 2026-03-26 13:23:17 # U dns changed adminKPP write 2026-03-26 13:22:47 # U dns changed adminKPP write 2026-03-26 13:22:17 # U dns changed adminKPP write 2026-03-26 13:21:47 # U dns changed adminKPP write 2026-03-26 13:21:17 # U dns changed adminKPP write 2026-03-26 13:20:47 # U dns changed adminKPP write 2026-03-26 13:20:17 # U dns changed adminKPP write 2026-03-26 13:19:47 # U dns changed adminKPP write 2026-03-26 13:19:17 # U dns changed adminKPP write 2026-03-26 13:18:47 # U dns changed adminKPP write 2026-03-26 13:18:17 # U dns changed adminKPP write 2026-03-26 13:17:47 # U dns changed adminKPP write 2026-03-26 13:17:18 # U dns changed adminKPP write 2026-03-26 13:16:47 # U dns changed adminKPP write 2026-03-26 13:16:17 # U dns changed adminKPP write 2026-03-26 13:15:47 # U dns changed adminKPP write 2026-03-26 13:15:17 # U dns changed adminKPP write 2026-03-26 13:14:47 # U dns changed adminKPP write 2026-03-26 13:14:17 # U dns changed adminKPP write 2026-03-26 13:13:47 # U dns changed adminKPP write 2026-03-26 13:13:17 # U dns changed adminKPP write 2026-03-26 13:12:47 # U dns changed adminKPP write 2026-03-26 13:12:17 # U dns changed adminKPP write 2026-03-26 13:11:47 # # 2026-03-26 14:01:30 by RouterOS 7.20.2 # software id = YS2I-UTML # # model = RB962UiGS-5HacT2HnT # serial number = 8A7709D5AFD8 /interface bridge add admin-mac=B8:69:F4:35:E6:0D auto-mac=no name=bridge-.lan port-cost-mode=short add name=bridge-LAN.guest port-cost-mode=short /interface ethernet set [ find default-name=ether1 ] comment=ISP set [ find default-name=ether5 ] comment=ST_BC-241-S set [ find default-name=sfp1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full disabled=yes /interface lte set [ find default-name=lte1 ] disabled=yes /interface wireguard add listen-port=51824 mtu=1420 name=wg-core-c private-key="GETl/GLvzYcpOwzD+vgmU/SE9qWS6lpE8EwO+TLzW2w=" add listen-port=51820 mtu=1420 name=wg-x1-a private-key="GPtkpwscVgQ4mLoaGlNXuWhyfH76LTG4m1j/K5uf32w=" add listen-port=51821 mtu=1420 name=wg-x1-b private-key="eCfE83yzHH8+izLbrEWQ5Wk7JQe7+gq7jpdDZu71ono=" add listen-port=51822 mtu=1420 name=wg-x2-a private-key="IBodfx10rzfq4jT4s2RmrQJCcVbrfS66YNmJ9oQrnXE=" add listen-port=51823 mtu=1420 name=wg-x2-b private-key="0FwnXmHocvPbEd3FiCpaaAITvGtvXurmuXcUts3ZEHc=" /interface vlan add interface=ether5 name=vlan800-LAN.main.ethet5 vlan-id=800 add interface=ether5 name=vlan801-LAN.guest.ether5 vlan-id=801 /interface list add name=mac-winbox add name=ovpn /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless channels add band=2ghz-onlyn frequency=2412 list=2ghz_Channel name=ch1 width=20 add band=2ghz-onlyn frequency=2432 list=2ghz_Channel name=ch5 width=20 add band=2ghz-onlyn frequency=2452 list=2ghz_Channel name=ch9 width=20 add band=2ghz-onlyn frequency=2472 list=2ghz_Channel name=ch13 width=20 add band=5ghz-n/ac extension-channel=Ceee frequency=5260 list=5ghz_Channel_80MGz name="ch2_80_52(58)_5260" width=20 add band=5ghz-n/ac extension-channel=Ceee frequency=5580 list=5ghz_Channel_80MGz name="ch4_80_116(122)_5580" width=20 add band=5ghz-n/ac extension-channel=Ceee frequency=5660 list=5ghz_Channel_80MGz name="ch5_80_132(138)_5660" width=20 add band=5ghz-n/ac extension-channel=Ceee frequency=5765 list=5ghz_Channel_80MGz name="ch6_80_153(159)_5765" width=20 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile-Strans supplicant-identity="" wpa2-pre-shared-key=45dF12Tv34 /interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=0 band=2ghz-onlyn country=ukraine disabled=no distance=indoors frequency=ch5 hw-protection-mode=rts-cts hw-retries=4 installation=indoor max-station-count=20 mode=ap-bridge preamble-mode=long security-profile=profile-Strans ssid=Strans station-roaming=enabled tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=0 band=5ghz-n/ac channel-width=20/40/80mhz-Ceee country=no_country_set disabled=no distance=indoors frequency="ch2_80_52(58)_5260" frequency-mode=superchannel hw-protection-mode=rts-cts hw-retries=4 installation=indoor max-station-count=20 mode=ap-bridge preamble-mode=long security-profile=profile-Strans ssid=Strans station-roaming=enabled tx-power-mode=all-rates-fixed wireless-protocol=802.11 wps-mode=disabled add disabled=no mac-address=BA:69:F4:35:E6:13 master-interface=wlan1 name=wlan3 ssid=Strans-guest station-roaming=enabled wds-default-bridge=bridge-.lan wps-mode=disabled add disabled=no mac-address=BA:69:F4:35:E6:12 master-interface=wlan2 name=wlan4 ssid=Strans-guest station-roaming=enabled wds-default-bridge=bridge-.lan wps-mode=disabled /ip pool add name=pool-LAN.main ranges=192.168.241.100-192.168.241.200 add name=pool-LAN.guest ranges=10.10.10.100-10.10.10.130 /ip dhcp-server add address-pool=pool-LAN.main authoritative=after-2sec-delay interface=bridge-.lan lease-time=1h name=DHCP-LAN.main add add-arp=yes address-pool=pool-LAN.guest interface=bridge-LAN.guest lease-time=1h name=server-LAN.guest /ip smb users set [ find default=yes ] disabled=yes /ppp profile set *0 only-one=yes use-compression=no use-encryption=no use-mpls=no use-upnp=no add change-tcp-mss=yes name=profile-pptp only-one=yes use-compression=no use-encryption=no use-mpls=no use-upnp=no add change-tcp-mss=yes name=profile-ovpn only-one=no use-compression=no use-encryption=yes use-mpls=no use-upnp=no add change-tcp-mss=yes name=profile-l2tp only-one=yes use-compression=no use-encryption=yes use-ipv6=no use-mpls=no use-upnp=no /queue simple add max-limit=49M/49M name=All target="" add dst=ether1 limit-at=30M/30M max-limit=45M/45M name=lan parent=All priority=5/5 queue=pcq-upload-default/pcq-download-default target=192.168.241.0/24 add limit-at=12M/12M max-limit=20M/20M name=queue-staff packet-marks=packet-staff parent=All priority=1/1 queue=pcq-upload-default/pcq-download-default target="" add limit-at=5M/5M max-limit=10M/10M name=guest parent=All queue=pcq-upload-default/pcq-download-default target=10.10.10.0/24 /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no in-filter-chain=ospf-in name=default-v2 out-filter-chain=ospf-out redistribute=connected /routing ospf area add disabled=yes instance=default-v2 name=backbone-v2 /routing rip instance add disabled=no in-filter-chain=rip-in name=rip-instance-1 out-filter-chain=rip-out redistribute=connected /snmp community set [ find default=yes ] addresses=0.0.0.0/0 disabled=yes read-access=no add addresses=100.127.255.252/30 name=25strans062013 /system logging action set 3 remote=100.127.255.254 remote-log-format=syslog src-address=192.168.241.1 syslog-facility=local3 /interface bridge port add bridge=bridge-.lan hw=no ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10 add bridge=bridge-.lan hw=no ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 add bridge=bridge-.lan hw=no ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 add bridge=bridge-.lan ingress-filtering=no interface=vlan800-LAN.main.ethet5 internal-path-cost=10 path-cost=10 add bridge=bridge-.lan ingress-filtering=no interface=wlan1 internal-path-cost=10 path-cost=10 add bridge=bridge-.lan ingress-filtering=no interface=wlan2 internal-path-cost=10 path-cost=10 add bridge=bridge-LAN.guest ingress-filtering=no interface=wlan3 internal-path-cost=10 path-cost=10 add bridge=bridge-LAN.guest ingress-filtering=no interface=wlan4 internal-path-cost=10 path-cost=10 add bridge=bridge-LAN.guest ingress-filtering=no interface=vlan801-LAN.guest.ether5 internal-path-cost=10 path-cost=10 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=mac-winbox /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface list member add interface=ether5 list=mac-winbox add interface=wg-x1-a list=mac-winbox add interface=wg-x1-b list=mac-winbox add interface=wg-core-c list=mac-winbox add interface=wg-x2-a list=mac-winbox add interface=wg-x2-b list=mac-winbox /interface ovpn-server server add auth=sha1,md5 mac-address=FE:65:BF:23:D6:25 name=ovpn-server1 /interface wireguard peers add allowed-address=172.16.241.4/30,192.168.0.0/16,100.127.255.252/30 endpoint-address=core2.strans.info endpoint-port=51821 interface=wg-x1-b name=wg-X1-b persistent-keepalive=25s public-key="WnH2dwK834oXXWnc9e4jzm2jda3yR55kKj3xlBGwfFc=" add allowed-address=172.16.241.0/30,192.168.0.0/16,100.127.255.252/30 endpoint-address=core1.strans.info endpoint-port=51820 interface=wg-x1-a name=wg-X1-a persistent-keepalive=25s public-key="2XZUCmXZl6XEOSSI3zMXa3A0uRvrV1inZE2tFhZhohQ=" add allowed-address=172.18.241.0/30,192.168.0.0/16,100.127.255.252/30 endpoint-address=chr.strans.info endpoint-port=51822 interface=wg-core-c name=wg-chr-c persistent-keepalive=25s public-key="1UOLZ6R28ePBeOslTM+A+nfZ8y0RRSg7pL1kalG0hGg=" add allowed-address=172.17.241.0/30,192.168.0.0/16,100.127.255.252/30 endpoint-address=core1-x2.strans.info endpoint-port=51820 interface=wg-x2-a name=wg-X2-a persistent-keepalive=25s public-key="+d2h9N+sTo021GNdeCdKc7F6QZD01lcSIS05xVOhqww=" add allowed-address=172.17.241.4/30,192.168.0.0/16,100.127.255.252/30 endpoint-address=core2-x2.strans.info endpoint-port=51821 interface=wg-x2-b name=wg-X2-b persistent-keepalive=25s public-key="l4cQjrXCqdA0gmtiU9Z55gCGfadeimZ0rnNwXBHXDgU=" /ip address add address=192.168.241.1/24 comment=LAN.main interface=bridge-.lan network=192.168.241.0 add address=10.10.10.1/24 comment=guest interface=bridge-LAN.guest network=10.10.10.0 add address=172.16.241.2/30 interface=wg-x1-a network=172.16.241.0 add address=172.16.241.6/30 interface=wg-x1-b network=172.16.241.4 add address=172.18.241.2/30 interface=wg-core-c network=172.18.241.0 add address=172.17.241.2/30 interface=wg-x2-a network=172.17.241.0 add address=172.17.241.6/30 interface=wg-x2-b network=172.17.241.4 /ip dhcp-client add default-route-distance=5 interface=ether1 script="{\n :local rmark \"google\"\n :local count [/ip route print count-only where comment=\"google\"]\n :if (\$bound=1) do={\n :if (\$count = 0) do={\n /ip route add gateway=\$\"gateway-address\" dst-address=8.8.4.4 comment=\"google\"\n } else={\n :if (\$count = 1) do={\n :local test [/ip route find where comment=\"google\"]\n :if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\n /ip route set \$test gateway=\$\"gateway-address\"\n }\n } else={\n :error \"Multiple routes found\"\n }\n }\n } else={\n /ip route remove [find comment=\"google\"]\n }\n}\r\n" use-peer-dns=no use-peer-ntp=no /ip dhcp-server network add address=10.10.10.0/24 dns-server=8.8.8.8,8.8.4.4 domain=kpp.guest.lan gateway=10.10.10.1 netmask=24 add address=192.168.241.0/24 dns-server=192.168.241.1 domain=kpp.lan gateway=192.168.241.1 netmask=24 /ip dns set allow-remote-requests=yes cache-max-ttl=1m servers=192.168.10.248,192.168.10.107 /ip dns static add address=192.168.241.50 name=video type=A add address=192.168.241.50 name=video.bc.kpp.lan type=A /ip firewall address-list add address=95.47.136.14 list=adm add address=95.47.136.9 list=adm add address=172.16.241.0/29 list=adm add address=home.2funoff.com list=adm add address=192.168.241.0/24 list=adm add address=100.127.255.252/30 list=adm add address=10.20.1.250 list=adm add address=192.168.96.0/24 list=adm add address=172.17.241.0/29 list=adm /ip firewall filter add action=accept chain=input comment=ICMP protocol=icmp add action=accept chain=forward comment=drop_invalid connection-state=established add action=accept chain=forward connection-state=related add action=accept chain=input connection-state=established add action=accept chain=input connection-state=related add action=drop chain=forward connection-state=invalid add action=drop chain=input connection-state=invalid add action=accept chain=input comment=wg-core dst-port=51820-51824 protocol=udp add action=accept chain=input comment=Allow_from_adm src-address-list=adm add action=drop chain=input add action=accept chain=forward comment=Allow_forward_LAN.main src-address=192.168.241.0/24 add action=accept chain=forward out-interface=ether1 src-address=10.10.10.0/24 add action=accept chain=forward dst-address=192.168.241.48/30 add action=accept chain=forward src-address=192.168.10.4 add action=accept chain=forward src-address=192.168.17.0/24 add action=accept chain=forward src-address-list=adm add action=drop chain=forward /ip firewall mangle add action=mark-packet chain=prerouting dst-address=192.168.0.0/16 new-packet-mark=packet-staff src-address=192.168.241.0/24 add action=mark-packet chain=prerouting dst-address=192.168.241.0/24 new-packet-mark=packet-staff src-address=192.168.0.0/16 /ip firewall nat add action=src-nat chain=srcnat out-interface=ether1 src-address=192.168.241.0/24 to-addresses=178.54.198.140 add action=masquerade chain=srcnat out-interface=lte1 src-address=192.168.241.0/24 add action=src-nat chain=srcnat out-interface=ether1 src-address=10.10.10.0/24 to-addresses=178.54.198.140 add action=dst-nat chain=dstnat comment=ST_BC-241-S dst-port=7070 protocol=tcp to-addresses=192.168.241.2 to-ports=443 add action=dst-nat chain=dstnat dst-port=165 protocol=udp to-addresses=192.168.241.2 to-ports=161 add action=dst-nat chain=dstnat dst-port=2222 protocol=tcp to-addresses=192.168.241.2 to-ports=22 /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add check-gateway=ping disabled=no distance=1 dst-address=192.168.0.0/16 gateway=172.16.241.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=2 dst-address=192.168.0.0/16 gateway=172.16.241.5 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=6 dst-address=192.168.0.0/16 gateway=172.18.241.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=1 dst-address=100.127.255.252/30 gateway=172.16.241.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=2 dst-address=100.127.255.252/30 gateway=172.16.241.5 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=6 dst-address=100.127.255.252/30 gateway=172.18.241.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=3 dst-address=192.168.0.0/16 gateway=172.17.241.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=4 dst-address=192.168.0.0/16 gateway=172.17.241.5 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=3 dst-address=100.127.255.252/30 gateway=172.17.241.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping disabled=no distance=4 dst-address=100.127.255.252/30 gateway=172.17.241.5 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=google dst-address=8.8.4.4 gateway=178.54.255.253 /ip service set ftp disabled=yes set telnet disabled=yes set www disabled=yes set www-ssl certificate=mikroTik.ca.cert.pem_0 disabled=no set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/flash/pub /routing bfd configuration add disabled=no /routing filter rule add chain=rip-out disabled=no rule="if (dst in 192.168.241.0/24 && dst-len in 24) {accept;}" add chain=rip-in disabled=no rule="if (dst in 192.168.10.0/24 && dst-len in 24) {accept;}" /routing rip interface-template add disabled=no instance=rip-instance-1 interfaces=*21 key-chain=md5 /routing rip keys add chain=md5 disabled=no key=pheivohNgeechu4f key-id=0 valid-from="2024-01-18 00:00:00" valid-till="2029-01-18 00:00:00" /snmp set contact=hostmaster@ginfo.net.ua enabled=yes location="Bila Cerkva, S-TRANS" /system clock set time-zone-name=Europe/Kyiv /system identity set name=". ST_BC-241-R" /system logging add action=remote topics=critical add action=remote topics=error add action=remote topics=warning add action=remote topics=info /system ntp client set enabled=yes /system ntp client servers add address=2.ua.pool.ntp.org add address=1.ua.pool.ntp.org add address=0.ua.pool.ntp.org /system scheduler add interval=30s name=dns_failover_scheduler on-event="/system script run CheckDNSFailover" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2025-07-23 start-time=12:19:45 /system script add dont-require-permissions=yes name=CheckDNSFailover owner=adminKPP policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":log info \"Running enhanced DNS failover logic...\"\r\n\r\n:local dns1 \"\"\r\n:local dns2 \"\"\r\n\r\n:if ([/ping 192.168.10.248 count=2] > 0) do={\r\n :set dns1 \"192.168.10.248\"\r\n}\r\n:if ([/ping 192.168.10.107 count=2] > 0) do={\r\n :if (\$dns1 = \"\") do={\r\n :set dns1 \"192.168.10.107\"\r\n } else={\r\n :set dns2 \"192.168.10.107\"\r\n }\r\n}\r\n\r\n:if (\$dns1 != \"\" && \$dns2 != \"\") do={\r\n /ip dns set servers=\"\$dns1,\$dns2\"\r\n :log info \"Set DNS to \$dns1 and \$dns2\"\r\n} else={\r\n :if (\$dns1 != \"\") do={\r\n /ip dns set servers=\$dns1\r\n :log info \"Set DNS to \$dns1 only\"\r\n } else={\r\n /ip dns set servers=8.8.8.8\r\n :log warning \"Both DNS sources unavailable. Set to 8.8.8.8\"\r\n }\r\n}\r\n" /tool mac-server set allowed-interface-list=mac-winbox /tool mac-server mac-winbox set allowed-interface-list=mac-winbox /tool mac-server ping set enabled=no /tool romon set enabled=yes secrets=passkpp