2 domain with same address in firewall address-list

kirost · October 17, 2019, 5:14pm

When 2 domain names are present in one address-list, and both of them resolve to the same address,
this address is listed only once.

It’s a not correct.

For example

add first domain name:

/ip firewall address-list add address=www.mikrotik.com list=test

It’s resolved and worked.
2) add second name:

/ip firewall address-list add address=mikrotik.com list=test

It’s not resolved…
3) delete or disable first name:

/ip firewall address-list set list=test disabled=yes [find address=www.mikrotik.com]

or

/ip firewall address-list remove [find address=www.mikrotik.com list=test]

first name was disabled/deleted, ip address was deleted.

second name (mikrotik.com) still not resolved!

Sob · October 17, 2019, 6:37pm

First part, if the address already exists, there’s no need to have it twice, so the display may be confusing, but it’s not a problem. Second part is. I can confirm that when first entry (with address) is disabled, second one is not updated and address disappears from list. It looks like bug.

msatter · October 17, 2019, 7:08pm

That domains can be used in address-list was an extra added function. A address can only exist one time in the same list.

WWW looks nice but is in fact an error made in the past to mix a sub-domain with the top domain. So if we choose to use always WWW (redirect) for top webpages then all would be right and your problem would not exist.

Sob · October 17, 2019, 7:52pm

You’re focusing on wrong details, those two MikroTik hostnames are just example. They can be any completely different hostnames that just happen to resolve to same address.