The subject sais it all.
Why do we have to use IP addresses and can’t we use hostnames like pretty much any other router in the world…??
It renders mikrotik useless in scenarios where you obtain dynamic IP’s. (I’m no hakzor so I’ve not mastered the art of scripting…)
so many times this has been discussed …
how many times would the router resolve each of your domain names? what happens if the DNS binding changes, and the IP is different? how much service time will you lose?
so how often should the router resolve these names?
and what happens if you have 4000 firewall rules with DNS names? how much resources would be consumed?
start with Wiki… for example, http://wiki.mikrotik.com/wiki/Use_host_names_in_firewall_rules
I’m glad it has been brought up before, it seems like it must be a popular feature request from your customers. I’d like to add my vote for some kind of support of using hostnames.
I want to set up a VPN to a host that has a dyndns.org hostname. Obviously when the IP changes I can’t access the host for 5 minutes or so. As it currently stands, when the host gets a new IP, the VPN stops working, so I lose 100% service time. It can’t get any worse!
I think everyone understands that there would be some loss of service when a host’s IP changes.
The frequency of DNS queries and caching of the results are not insurmountable problems for a programmer.
Sure it can get worse, like when your router locks up and isn’t forwarding any traffic (any traffic, not just VPN traffic) because it’s stuck on resolving names.
It would consume resources, no doubt.
Here is an idea though:
1 - Since the Mikrotik is aware of when config is added, or changes, or deleted, it could have an internal “table” of places throughout RouterOS where a hostname is entered. This would save on resources, as the Mikrotik wouldn’t have to “search” for entries throughout RouterOS containing a hostname.
2 - Since IPv4 and IPv6 have a standard structure, it would be easy to validate an IP or non-IP entered in a field.
3 - An internal command could run at a configured time interval (1s, 2s, 5min, etc…) to resolve hostname entries throughout the Mikrotik (it would know which entries have hostname from #1 above).
4 - At #3 interval, the Mikrotik could scan through it’s internal table and try to resolve hostnames that are entered.
5 - If it’s a hostname, it looks up it’s local DNS cache (whether DNS is on or not, it would always have a cache), and if it can’t find it, it resolves via external DNS servers, which then get’s cached locally for dns ttl value.
I agree, that RouterOS works at layer 3, but it does run on linux, and scripts have been made to do the above already. If it was integrated, though it would be much nicer. As mentioned, this is a popular feature, and other systems do include it.
To start, you could include an option “allow hostname entry” or something in /ip dns set. If this value is “off”, no DNS resolving would exist. If it’s “on”, then the internal program would run to resolve dns hostnames. This would give users a chance to test to functionality and make suggestions. You could start simple, and only add it to specific areas of RouterOS.