I got over excited when I saw the DNS improvements in the change log and updated, don’t get me wrong, it’s great to be able to add static CNAME records now and you can use Regex, unfortunately I don’t think it quite goes as far as I would like it to.
Basically, I need to do one small DNS rewrite, and it looks like I’ll need to run a DNS server to accomplish this, unless I’m mistaken RouterOS can’t do this, unless someone can advise a clever workaround method? The recent DNS enhancements make me hopeful this could be implemented though, possibly.
Essentially, I need to Regex rewrite both the DNS query question and answer, ideally for specific client IPs on the LAN, but will settle for all the LAN for the moment.
Referring to CoreDNS documentation to help explain (though you could probably use any of a number of DNS servers), under the Rewrite plugin and specifically the regex and answer examples at https://coredns.io/plugins/rewrite/#response-rewrites
Example
rewrite stop {
name regex (.*)-(us-west-1)\.coredns\.rocks {1}.service.{2}.consul
answer name (.*)\.service\.(us-west-1)\.consul {1}-{2}.coredns.rocks
}
Rewrote the request from ftp-us-west-1.coredns.rocks to ftp.service.us-west-1.consul and ultimately resolved it to 3 records. The resolved records, in the ANSWER SECTION below, were not from coredns.rocks, but rather from service.us-west-1.consul.
$ dig @10.1.1.1 ftp-us-west-1.coredns.rocks
;; QUESTION SECTION:
;ftp-us-west-1.coredns.rocks. IN A
;; ANSWER SECTION:
ftp.service.us-west-1.consul. 0 IN A 10.10.10.10
ftp.service.us-west-1.consul. 0 IN A 10.20.20.20
ftp.service.us-west-1.consul. 0 IN A 10.30.30.30
Now, the ANSWER SECTION matches the QUESTION SECTION (due to the answer name line of code):
$ dig @10.1.1.1 ftp-us-west-1.coredns.rocks
;; QUESTION SECTION:
;ftp-us-west-1.coredns.rocks. IN A
;; ANSWER SECTION:
ftp-us-west-1.coredns.rocks. 0 IN A 10.10.10.10
ftp-us-west-1.coredns.rocks. 0 IN A 10.20.20.20
ftp-us-west-1.coredns.rocks. 0 IN A 10.30.30.30
I have a feeling the moment, I’ll need to setup the DNS server separately on the LAN and be lucky if I can use RouterOS to direct specific client IPs to that DNS server for specific domain (providing can do regex for that), can’t do the DNS rewrite question and answer itself on the RouterOS though, correct?
I had the following, which does work to a degree, matches the regex and replaces with a “static” cname:
/ip dns static add regex=".*-us-west-1\\.coredns\\.rocks" type=CNAME cname="ftp.service.us-west-1.consul"
I then tried the following and doesn’t seem to work, guessing it can’t pass the expression match groups:
/ip dns static add regex="(.*)-(us-west-1)\\.coredns\\.rocks" type=CNAME cname="{1}\\.service\\.{2}\\.consul"