Update firewall list possible?

Josephny · Tue Sep 19, 2023 1:58 am

I set out to write a script that will resolve to IP addresses a handful of FQDNs (handled by dyndns.org).

Reading threads here led to skipping right past the RESOLVE command to "/ip firewall address-list add address=[FQDN] list=[list-name]

This seemed to work great except it would not run a second time (only the first time).

I then found a thread that explains that if the FQDN exists, the "/ip firewall address-list add..." command produces an error (which halts the script).

I then went searching for a parameter to force an update, but found that this does not exist.

Am I down the right path?

All I want is a regular (every few days or week) updated list of domain names and their corresponding IP addresses.

Here is the script that I have:

/ip firewall address-list add address=xxxxx.dyndns.org list=locations
/ip firewall address-list add address=yyyyyy.dyndns.org list=locations
/ip firewall address-list add address=zzzzz.dyndns.org list=locations

/system
:local cdate [clock get date] 
:local yyyy  [:pick $cdate 0  4]
:local MM    [:pick $cdate 5  7]
:local dd    [:pick $cdate 8 10]

/ip firewall address-list print file="$[$cdate]-dns-locations" where list=locations

/tool fetch upload=yes mode=ftp ascii=no src-path="/$[$cdate]-dns-locations.txt" dst-path="/mikrotik-backups/$[$cdate]-dns-locations.txt" address=192.168.2.22 port=21 user=mikrotik password=mikrotik

/file remove "$[$cdate]-dns-locations.txt"

When there does not exist any addresses in the list "locations" and I run this script, the addresses are added to the list "locations" and the file is FTP'd to my FTP server.

Subsequent executions of the script (that is, once the list "locations" has entries) fails.

DarkNate · Tue Sep 19, 2023 7:55 pm

MikroTik firewall address lists, resolves, and updates the FQDNs by default, why do you need a script for a feature that's built-in?

Just enter the DNS hostname in the list and that's it.

Josephny · Tue Sep 19, 2023 10:42 pm

My goal is to have a list of FQDNs (that are DynDNS FQDNs for various locations that I manage) resolved on a regular basis. Then, either emailed or (preferably) FTPd to me.

I thought I'd use RouterOS's RESOLVE command, but other threads here led to the built in resolution and firewall list adding that is accomplished with "/ip firewall address-list add address=[FQDN] list=[list-name]."

But then I ran into the problem of not updating the address-list.

Thank you for help.

jvanhambelgium · Tue Sep 19, 2023 10:53 pm

The resolving of FQDN will follow the TTL-value of the zone applicable. No need to "force" to resolve this periodically.

Go to /ip/dns/cache and "print" .The FQDN's should be there and you will see the TTL value countdown timer....

This works fine as I have some units for which I have CNAME-records with 1 minute TTL value.

Josephny · Tue Sep 19, 2023 11:00 pm

I'm sure I'm not doing a good job explaining what I want to accomplish.

I have a handful of sites that each utilize DynDNS's service.

We will call them:

site1.dyndns.org
site2.dyndns.org
site3.dyndns.org

I was hoping to automatically have a record of the corresponding IP addresses that I could look up, for current use (in case I need to use the IP address) and for historical use (just to monitor how often it changes and what it was over time).

My goal is just to make information available to me.

Update firewall list possible?

Update firewall list possible?

Re: Update firewall list possible?

Re: Update firewall list possible?

Re: Update firewall list possible?

Re: Update firewall list possible?

Who is online