dns to address lists scripts.

RouterOS Scripting
1

Hello, I found this script on the forums somewhere see it below after this post, the question is that I can't seem to quite understand it's behaviour? It looks pretty simple from the code which I can understand except for the odd punctuation.

Anyway as you can probably see it will find DNS names and get the IPs into an address list for giving priority to certain VOIP services so we don't have to keep checking the IPs manually.

The problem is that even if you ping a site and see it in the DNS cache it dosent always get added to the address list for some reason. Some DNS names do and some don't. Some seem to end up with different IPs in the list than you read in the cache? It seems strange and I can't get any debug info on whats going on?

Best Regards, - script below:

Just wondered if anyone could shed any light?

check every dns entry

:foreach i in=[/ip dns cache find] do={
:local bNew "true";

check if dns name contains tescointernetphone

:if ([:find [/ip dns cache get $i name] "tescointernetphone"] != 0) do={
:local tmpAddress [/ip dns cache get $i address] ;
#---- if address list is empty do not check ( add address directly )
:if ( [/ip firewall address-list find ] = "") do={
/ip firewall address-list add address=$tmpAddress list=voip disabled=no;
} else={
#------- check every address list entry
:foreach j in=[/ip firewall address-list find ] do={

#---------- set bNew variable to false if address exists in address list
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
#------- if address is new then add to address list

:if ( $bNew = "true" ) do={
/ip firewall address-list add address=$tmpAddress list=voip disabled=no
}
}
}
}

[ THE END ]

2

You can add comments to address list entries, so that it is later easier to compare dns cache entries with created address list entries
http://wiki.mikrotik.com/wiki/Scripting-examples#Block_access_to_specific_websites

Also add :put commands to print needed values to console, it is very useful when debugging scripts.

3

Cheers, that helps with debug and now I know whats going in. I think the issue is that the script does not add ips whos domain is the fist level for example a domain like:

stun.sipgate.net & www.sipgate.co.uk & gatway.tescointernetphone.com

will go into the list but:

sipgate.net & tescointernetphone.com

alone will not be entered by the script? I don’t know enough about the scripting language to know why that is?

Any pointers much appreciated?

Best Regards.

4

‘/ip dns cache’ contains only A records
if you want NS records then use
‘/ip dns cache all’ instead

5

No it’s OK I solved it.

:if ((([:find $cacheName “domain”] >= 0) gets the domains properly

:if ((([:find $cacheName “domain”] != 0) only grabs the *.domains

6

hi
this script is very slow and high cpu usage i had to change it
i think this one is quicker

:foreach i in=[/ip dns cache all find where (name~"facebook" ||  name~"fbcdn" || name~"bbc" || name~"akamai" || name~"youtube") && (type="A") ] do={
     :local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
#prevent script from using all cpu time
    :if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={         
     :local cacheName [/ip dns cache get $i name] ;
     :log info ("added entry: $cacheName  $tmpAddress");
     /ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;

}

}

i am using this script to find facebook and youtube and bbc address which is restricted in iran so i can route these ip address throw VPN

7

navidrasi, I am also looking for a script for a similar purpose can you please tell me how this script works?

Does it check every time a connection is made to a new website?

8

Sorry for bad English.
i use some part off this script to update the new feature of ROS 6.36 with dynamic address list.
Tanks to navidrasi for original.
In Sweden we have a play service from the state that never uses the same dna name for streaming services but the name on all start with svtplay then something lik: svtplay3c-f.akamaihd.net

My problem is that it sometimes ads the address 0.0.0.0 as dynamic address and i am not so good at scripting so some help would be nice.

I think this script can be used for other service/sites as well ex. windowsupdate, avira, as long as they have same name part in the dns request.
i run the script every 10 minutes because the heavy load on the CPU
Script below.

:foreach i in=[/ip dns cache all find where (name~“svtplay”) ] do={
:local cacheName [/ip dns cache get $i name];
delay delay-time=10ms
#prevent script from using all cpu time
:if ( [/ip firewall address-list find where address=$cacheName] = “”) do={
:local cacheName [/ip dns cache get $i name] ;
:log info (“added entry: $cacheName”);
/ip firewall address-list add address=$cacheName list=A3-SVTPLAY comment=A3-SVTPLAY;

}

}

9

Hey, I modified the script to fit my needs, It works for the most part but I keep getting “script,error script error: no such item (4)” and cannot figure out why It is so.
any ideas?
Any help is appreciated, thanks in advance.

:do {
 :foreach i in=[/ip dns cache all find where (name~"supercell" ||  name~"clashofclans" || name~"clashroyale" || name~"instagram" || name~"izbank.ir" || name~"rb24.ir" || name~"bankmellat.ir" || name~"shaparak.ir" || name~"shaparak.com" || name~"bmi.ir" || name~"cbi.ir" || name~"postbank.ir" || name~"tejaratbank.ir" || name~"edbi.ir" || name~"ttbank.ir" || name~"bankrefah.ir" || name~"banksepah.ir" || name~"refah-bank.ir" || name~"banksepah.ir" || name~"bim.ir" || name~"qmb.ir" || name~"ghbi.ir" || name~"bki.ir" || name~"bank-maskan.ir" || name~"enbank.ir" || name~"ansarbank.com" || name~"parsian-bank.ir" || name~"bpi.ir" || name~"ba24.ir" || name~"hibank24.ir" || name~"bank-day.ir" || name~"sinabank.ir" || name~"sb24.com" || name~"sbank.ir" || name~"shahr-bank.ir" || name~"city-bank.net" || name~"bsi.ir" || name~"rqb.ir" || name~"rqbank.ir" || name~"karafarinbank.ir" || name~"tourismbank.ir" || name~"tourism-bank.com" || name~"aparat.com" || name~"irancell" || name~"gsm.ir") && (type="A")  && (static=no) ] do  ={
    :local tmpAddress [/ip dns cache get $i address];
    :local cacheName [/ip dns cache get $i name] ;
    :if ( [:len $tmpAddress] != 0) do={
      :if ( [/ip firewall address-list find where list="All Direct" address=$tmpAddress] = "" ) do={     
      :log info ("added entry To All Direct: \"$cacheName\"  \"$tmpAddress\"");
       /ip firewall address-list add address=$tmpAddress list="All Direct" timeout="247d00:00:00" comment=$cacheName;
      }
    }
  }
} on-error={}
10

What is the point in using that script today? Address lists have built in support for DNS.

11

Thanks for the info , I checked it out today,
the issue is when I add a domain it will only search and apply for that specific exact domain name, and websites tend to have a ton of domains associated with them with differing addresses.
It’s not possible for me to add every single one since not only a lot of them can be dynamic but it’ll take a ton of time to do so as well.

If you know of a way that I can add only part of a domain and it working perfectly, please let me know.