I would like the ability for the dns server to add IP addresses for hosts looked up by the dns server to an address-list with a timeout set to the TTL of the cache-max-ttl or the ttl from the dns-record.
(the syntax would be /ip dns address-list=localdns_host address-list-timeout=(cache-max-ttl|dnsrecord)

The use case is to only allow ip addresses that have been obtained from the local dns server .

The work around is to use a script running a fixed interval to read the cache and then add them to the address-list.

Is your use case different to what is outlined in viewtopic.php?p=952360#p952360?

Is your use case different to what is outlined in viewtopic.php?p=952360#p952360?

Not really. Host-based firewall filtering (which I think is what you are referring to) is covered in https://wiki.mikrotik.com/wiki/Use_host ... wall_rules?

I would like to add ip addresses resolved by the local mikrotik server to an address-list. So that only hosts which have been approved/resolved by the mikrotik dns resolver (as opposed to an external resolver, client based DoH/DoT?) can allow traffic.

The part I thought might be applicable was: