Filtering L3 based on DNS, ASN

I’m setting up a new firewall, hopefully Mikrotik’s but to do so I need to be able to filter traffic by DNS but not in DNS itself (filter layer 3 without being the resolver) as well as by whole ASNs, similar to pfBlockerNG on pfSense or IP sets on OpenWRT, but I’ve been just staring at winbox for a while not really knowing what to do.

Basically DNS addresses would need to resolved preemptively — full recursion so it has all possible matches. I have recursive resolvers already on the network, so that part’s done, at least — and so ASN ranges would need to be resolved without BGP (I don’t know how to set it up, let alone am peering with anybody!). It’d also be great if it takes DNSBL and RBL data too, but not as necessary as basic DNS-, and ASN-sourced filtering.

Is this possible in RouterOS/CHR?

Sorry I can’t understand at all, can you provide an example?

Sometimes I use something called layer7 to filter some pages and drop them.

Regards.

IMO best RouterOS can do is IP address filter using dynamic firewall address-list updated by means difficult to implement in Router OS.

If your objective is managing bad actors then using DNS is conceptually flawed as bad actor owned domains have unreliable DNS.
BGP is ruled out despite the fact BGP is the only platform that knows ASN and IP mappings in real time.
TL;DR the stated goals have serious conceptual flaws. I suggest careful reconsideration.