help to solve issue in script " dns to address lists scripts "

anassar26 · August 29, 2020, 2:35am

hi all
i am using this script to collect YouTube & Facebook IP addresses in DNS cache ( for block or separate route )
but it is not working and get result “input does not match any value of value-name”
please help me to solve issue

i print dns cash to find Facebook and YouTube in cach and get result below but when i run script get “input does not match any value of value-name” :
[admin@MikroTik] /ip dns cache> print
Flags: S - static

NAME TYPE DATA TTL

4 S www.youtube.com A 216.239.38.120 1d
10 www.facebook.com CNAME star.c10r.facebook.com 44m31s
11 graph.facebook.com CNAME api.facebook.com 44m31s

Script :

:foreach i in=[/ip dns cache all find where (name~“facebook” || name~“youtube”) && (type=“A”) ] do={
:local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
#prevent script from using all cpu time
:if ( [/ip firewall address-list find where address=$tmpAddress] = “”) do={
:local cacheName [/ip dns cache get $i name] ;
:log info (“added entry: $cacheName $tmpAddress”);
/ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;
}}

anassar26 · August 30, 2020, 1:14pm

any help please

msatter · August 30, 2020, 2:25pm

Try this:

:foreach i in=[/ip dns cache find name~("facebook"|"youtube") type="A"]

anassar26 · August 30, 2020, 6:51pm

first many thanks
i try script after your modification but i got no result in address list
please help to get correct result “create list in address list for youtube and facebook” :

:foreach i in=[/ip dns cache find name~("facebook"|"youtube") ] do={
:local tmpAddress [/ip dns cache get $i address];
:local cacheName [/ip dns cache get $i name] ;
delay delay-time=10ms
:if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={         
:log info ("added entry: $cacheName  $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;
}}

[/quote]

msatter · August 31, 2020, 7:52am

An example and it contains the assumption that the IP address is labeled address but it data in real:

:foreach i in=[/ip dns cache all find where name~"tiktok" && static=no] do={
	:local tmpIP [/ip dns cache get $i data]
	if ([:len [/ip firewall address-list find where address=$tmpIP list=tiktok-hosts]]=0) do {
		/ip firewall address-list add address=$tmpIP list=tiktok-hosts
		:log info "added entry: $tmpIP"
	}
}

http://forum.mikrotik.com/t/script-for-adding-dns-entries-to-an-address-list-fails/138932/1

Yours with data instead of address and matching is now correctly name~“(facebook|youtube)”, to try:

:foreach i in=[/ip dns cache find name~"(facebook|youtube)" ] do={
:local tmpAddress [/ip dns cache get $i data];
:local cacheName [/ip dns cache get $i name] ;
delay delay-time=10ms
:if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={         
:log info ("added entry: $cacheName  $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;
}}

I assume that something changed since we can use also other types of DNS entries since a few versions.

msatter · September 1, 2020, 7:49pm

I assume it is working now?

anassar26 · September 2, 2020, 4:41am

Its working awesome
Thanks

Wangz · September 11, 2020, 7:37pm

Tried this script and it crumbles my cpu lol. Is this normal?

Edit: I’m using Hap Ac2. Getting 30% cpu usage spike just by running a single script.

msatter · September 14, 2020, 7:40am

You can optimize it a bit if you leave out the check and logging and then I can compress the write to one line:

:foreach i in=[/ip dns cache find name~"(facebook|youtube)" ] do={
:do {/ip firewall address-list add address=[/ip dns cache get $i data] list=restricted comment=[/ip dns cache get $i name]} on-error={};
}

NOT TESTED! So please confirm if this is better.

elico · December 28, 2020, 3:42pm

I tried the script from the wiki at:
https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Block_access_to_specific_websites

But it just didn’t ran..
So I came up with:

:foreach i in=[/ip dns cache find name~"(youtube-ui.l.google.com|youtube.com|googlevideo.com)\$" && $type ~ "^(A|CNAME)\$" ] do={
    :local tmpAddress [/ip dns cache get $i data];
    :local cacheName [/ip dns cache get $i name] ;
    delay delay-time=10ms
    
    :if ( [/ip firewall address-list find where address=$tmpAddress list=YOUTUBE_DOMAINS ] = "") do={         
        :log info ("added entry: $cacheName  $tmpAddress");
        /ip firewall address-list add address=$tmpAddress list=YOUTUBE_DOMAINS comment=$cacheName;
    }
}

And it works pretty nice.
My basic difference was the “$” which will only match for suffix and not the whole domain.

Updated for Address type A and CNAME

anassar26 · October 13, 2021, 6:21am

tonny:

You can optimize it a bit if you leave out the check and logging and then I can compress the write to one line:
:foreach i in=[/ip dns cache find name~"(facebook|youtube)" ] do={
:do {/ip firewall address-list add address=[/ip dns cache get $i data] list=restricted comment=[/ip dns cache get $i name]} on-error={};
}
NOT TESTED! So please confirm if this is better.

Best , Nice Job

msatter · October 13, 2021, 10:02am

Thank, it took a while I noticed.