L7 RegExp - bug

RouterOS Scripting
1

Hello!
It is necessary certain TLD, at DNS a request, to send to specific DNS servers.

Test regexp

/ip firewall layer7-protocol add comment="OpenNIC - dns relay" name=OpenNIC regexp="^([A-Za-z0-9.-]*\.)?(.+\.bbs|.+\.chan|.+\.cyb|.+\.dyn|.+\.geek|.+\.gopher|.+\.indy|.+\.libre|.+\.neo|.+\.null|.+\.o|.+\.oss|.+\.oz|.+\.parody|.+\.pirate|.+\.opennic.glue|.+\.dns.opennic.glue|.+\.bazar|.+\.coin|.+\.emc|.+\.lib|.+\.fur1|.+\.bit|.+\.ku|.+\.te|.+\.ti|.+\.uu)"

/ip firewall nat add action=dst-nat chain=dstnat comment="OpenNIC - dns relay" connection-mark=OpenNIC-forward to-addresses=185.121.177.177
/ip firewall nat add action=masquerade chain=srcnat comment="OpenNIC - dns relay" connection-mark=OpenNIC-forward
/ip firewall mangle add action=mark-connection chain=prerouting comment="OpenNIC - dns relay" dst-address=192.168.68.1 dst-port=53 layer7-protocol=OpenNIC new-connection-mark=OpenNIC-forward passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="OpenNIC - dns relay" dst-address=192.168.68.1 dst-port=53 layer7-protocol=OpenNIC new-connection-mark=OpenNIC-forward passthrough=yes protocol=udp

But nothing gets to it.
Wrote to technical support - answered nothing specific, or did not understand my question.

2

What you actually need is this, but unfortunatelly it’s not available in RouterOS.

Anyway, your regexp is too complicated and basically all wrong. Browse this thread for some helpful tips, make it work for single TLD first and then continue to expand it. And remember, it will only ever work for udp, only for other devices and not the router itself (unless you use another extremely ugly hack), so it won’t be good solution anyway. If you still communicate with support, you may tell them about the proposed solution (feature request) in first linked thread, maybe if more people ask about it, they will consider it.

3

Thanks!
Works at the only thing, but at the big list it already parse incorrectly.
If to zmenit on simpler, then also other domains, for example *.com therefore I try to set more specific request get.

4

Post more details, what works, what doesn’t, maybe it can be improved.