DNS-based routing?

Rivera · November 15, 2011, 12:13pm

Hello. Since some services available only in USA (for example - pandora), i want to use VPN tunnel with USA IP address.
The problem is i can’t find any way to do DNS-based routing (example - *.pandora.com via ovpn-out-usa).
I can setup ip-based routing, but pandora uses many IPs - some for website, and some for media servers, and they changing.
Any way to do that?

UPD: Oh, pandora owns a netblock, so i can route some.net/24 via my vpn. But i still interested if it possible to do dns-based routing.

fewi · November 15, 2011, 12:44pm

You can’t do DNS based routing on RouterOS.

tomaskir · November 15, 2011, 12:57pm

I would imagine that scripting would cover this easily.

Create a script that pulls the A records of the domain you want and puts them into the appropriate routes.

You can schedule the script to run every 12 hours, so it will be semi-dynamic.

fewi · November 15, 2011, 1:18pm

The built in resolver only returns one A record.

You could do this with an external box checking IP space and making API calls. If you’re using NAND based routers keep in mind that this could cause a huge amount of write cycles to NAND depending on how many API calls you make to update address lists (that’s the primary reason many people have asked for truly dynamic address lists you can manually add to).

cieplik206 · November 15, 2011, 2:10pm

root@alpha:/var/log/apache2# dig www.pandora.com

; <<>> DiG 9.7.3 <<>> www.pandora.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49685
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;www.pandora.com. IN A

;; ANSWER SECTION:
www.pandora.com. 2250 IN A 208.85.40.80
www.pandora.com. 2250 IN A 208.85.40.20
www.pandora.com. 2250 IN A 208.85.40.50

and you have all addresses

Rivera · November 15, 2011, 4:21pm

NetRange: 208.85.40.0 - 208.85.47.255
CIDR: 208.85.40.0/21
OriginAS: AS40428

I know i can do ip routes, my question was about DNS-based routing.

Chupaka · November 20, 2011, 12:40pm

…, but in round-robin manner

not possible. many hundreds (thousands?) DNS queries per second will kill either your router or your DNS server the rest can be solved by scripting and address-lists

mehrdad22 · July 22, 2019, 10:41am

I also have this request
For example,nadin-co.ir or youtube.com and many other domain access is due to restrictions through the US Tunnel

Chupaka · July 25, 2019, 8:13am

Just add necessary FQDNs to Firewall Address List and use that address list for policy routing.