Hi All,
I have done a bunch of searches and tried all sorts of things and I am having an issue where I can’t get a regular expression to work as I would expect it to..
I am trying to take all .test domains (Example blah.test) and use the layer 7 to redirect this to another dns server
So I used to just have local in the regex which of course causes false positives for something for example: localblah.com would also get flagged and sent to that other DNS.
I was trying to nail it down to only .local
I would expect this to work: .local$
I even checked it with https://regex101.com/
This shows blah.local as a match and blah-local as not a match… When I try and use this as my regexp on the Mikrotik it doesn’t work…?
I am hoping I am just doing something easily wrong syntax wise?
There are no dots in DNS packets. Instead, there’s always byte with value of length of next part of name, e.g.:
\x04test
\x05local
\x03www\x08mikrotik\x03com
Especially for short names, you also want to append .\x01 to help with false positives:
\x04test.\x01
RouterOS skips null bytes, so “.” is for any record type, except for few uncommon ones with codes > 255, and \x01 is for query class, which is 1 for all usual uses.
Thank you! I swear I had found a post I believe from you in another thread with this kind of syntax as well.. and I tried it and it wasn’t working… try again after this and now it is… so maybe I just had a typo.. It has been a long day.
Seems like this does not work anymore in the latest mikrotik versions. I can’t match any dot.
For example i am trying to match in firewall filter content: