Feature Request(s): Address-list quality of life improvements

qoole · June 23, 2016, 11:13am

Hiya,

First off - THANK YOU for the DNS resolving address-lists - this makes whitelisting domains (for things like Chromebooks) SO SIMPLE.
I have a couple of requests for quality of life improvements for the winbox/webfig interfaces as follows:

1.
A tree based system for address-lists.
The “trunk” of the tree being the address-list name, then expanded one layer to show the ip-only entries above dns entries then expanded to the third layer (yes, we’re going three layers deep) to show ip addresses of those dns entries.
This would make it a great deal easier to manage instead of the mess that the current list shows.
It should be doable without having to change the way the internals of the address-lists work. DNS Entries already add a ‘comment’ to an IP entry to show which domain they belong to. So use that to work out where in the tree they live.

2.
If a DNS entry resolves to an IP address already contained within the list - could it be added anyway but disabled just as a visual reference that there is no issue with the DNS entry (eg. typo). It would have to be automatically re-enabled if the address disappeared from the list.

chromebook_bypass
 |---<IP ADDRESS HERE>
 |
 |---accounts.google.com
 | |----216.58.213.141
 |
 |---clients1.google.com
 | |----62.252.169.163
 | |----62.252.169.162
 | |----62.252.169.173
 | |----62.252.169.148
 | |----62.252.169.187
 | |----62.252.169.182
 | |----62.252.169.172
 | |----62.252.169.167
 | |----62.252.169.177
 | |----62.252.169.152
 | |----62.252.169.158
 | |----62.252.169.178
 | |----62.252.169.183
 | |----62.252.169.168
 | |----62.252.169.157
 | |----62.252.169.153
 |
 |---clients2.google.com
 | |----62.252.169.163*
 | |----62.252.169.162*
 | |----62.252.169.173*
 | |----62.252.169.148*
 | |----62.252.169.187*
 | |----62.252.169.182*
 | |----62.252.169.172*
 | |----62.252.169.167*
 | |----62.252.169.177*
 | |----62.252.169.152*
 | |----62.252.169.158*
 | |----62.252.169.178*
 | |----62.252.169.183*
 | |----62.252.169.168*
 | |----62.252.169.157*
 | |----62.252.169.153*

IP Addresses marked with a * are disabled because they appear elsewhere in the address-list already

Thanks,

Alex

nz_monkey · June 23, 2016, 11:51am

+1

For my sanity and eye sight!

pe1chl · June 23, 2016, 12:24pm

Actually I am surprised that it works at all for that purpose.
Those DNS replies are a subset of a large list and differ for every request. It is their method of loadbalancing and redundancy.
When the MikroTIk is the DNS server for the local equipment it could work because the address list and the client see the same
cached DNS results, but a Chromebook will normally request its DNS from 8.8.8.8 directly so there is no guarantee whatsoever that
the address-list in the MikroTik has the same content as the addresses seen by the Chromebook.

qoole · June 23, 2016, 12:29pm

It was only an example. They have to go through internal DNS so that’s probably why. No access to WAN at all except the IPs in the address_list.

Not the subject of this post anyway - if you want to talk further, PM me.

qoole · June 26, 2017, 12:56pm

Just a quick bump, almost exactly a year later. Is this something that could be implemented?