In the past I have used a content=“” firewall filter to limit DNS queries to certain domains, and/or NAT them to an authoritative server:
/ip firewall add action=accept chain=input comment="Router DNS UDP Input" dst-port=53 protocol=udp content="\02my\07example\03com"
This worked fine (my.example.com being an example of course). However, when doing DNS verification with Let’s Encrypt, the verification bot uses mixed-case domain names to prevent spoofing, and those obviously don’t match the content attribute anymore. So I tried L7, where the documentation in very bold letters specifies that it is case-insensitive anyway. I tried the following (I’ll just focus on the last domain segment):
- \03com (as literal characters for the binary content, showing up as blocks)
- \x03com
- \x03[cC][oO][mM]
- \x03[\x63\x43][\x6f\x4f][\x6d\x4d]
They all match when the query from the client is lower case, but any variation like cOm will not match anymore.
What is the issue here? Maybe I am misunderstanding what “case-insensitive” means? To me it feels like ROS is lower-casing the pattern, instead of the packet contents. Is this a bug?