Hello, I want to block all Google domains with the DNS. I know it not gonna be so effective as rules in firewall but i want to do that anyways. Did someone knows a regexp to mark one word in dns requests? Because Google have for example translate.google.com keep.google.com and I need a Regexp that can always react on word “google” in domain names.
And did someone know how can i write 0.0.0.0 in address field ?
What version you using? In 7.6 I believe there are some issues with DNS, so that could be your issue.
The old wiki talks about the regex= - https://wiki.mikrotik.com/wiki/Manual:IP/DNS
Now, what to use in the forward-to= when you want “don’t resolve” dunno, that’s not support. So what happens when you use a “bad IP address” isn’t clear to me, The forward-to is an instruction to the Mikrotik to resolve the request using a different DNS. But they don’t say what happen when the foward-to= fails (as it would if you put a bad address or 0.0.0.0) – totally possible their DNS logic MAY fallback to the configured one - thus making this approach not workable.
Using firewall filter with a firewall address-list for “google.com” likely be better approach. That again still be “lossy” (miss requests), which you seem to understand.
Now in 7.6+ (once fixed), the DNS offers an address-list= option in the /ip dns static. This allows the firewall to use a regex DNS name to be blocked by the firewall.
e.g. if you wanted “google” not “*.google.com” blocked (regex treats the lookup as a string and but “.” need to be escaped)). What the new “/ip dns static regex=… address-list=…” does is adds a resolved IP from the DNS automatically to a firewall address-list. And the address-list could be use in “drop” in the /ip firewall filter but based on those found by the DNS regex.
But I’d wait to try this one since there are DNS issues in the current 7.7rc (and believe also 7.6).