Before FWD was implemented, I used layer7+NAT to conditionally forward DNS requests.
This is a working example of a regex:
/ip firewall layer7-protocol add name=opennic regexp="(\\x03bbs|\\x04chan|\\x03cyb|\\x03dyn|\\x04epic|\\x04geek|\\x06gopher|\\x04indy|\\x05libre|\\x03neo|\\x04null|\\x01o|\\x03oss|\\x02oz|\\x06parody|\\x06pirate|\\x05bazar|\\x04coin|\\x03emc|\\x03lib|\\x03fur|\\x02ku|\\x02te|\\x02ti|\\x02uu).\\x01\$"
And finally, the opportunity presented itself to get rid of this design.
Changed (simplified) the regular expression a little, and introduced the command to /ip/dns/static:
[admin@MikroTik] > /ip dns static add forward-to=<address> regexp="\\.(bbs|chan|cyb|dyn|epic|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate|bazar|coin|emc|lib|fur|ku|te|ti|uu)\$"
failure: regular expression too complex
failure: regular expression too complex
“Too complex”? Seriously? This is the simplest regular expression!
Further more interesting. Removed several domains from the regex, and the command ran without errors:
[admin@MikroTik] > /ip dns static add forward-to=<address> regexp="\\.(bbs|chan|cyb|dyn|epic|geek|gopher|indy|libre|neo|null|o|oss|oz|parody|pirate)\$"
So it’s all about artificially limiting the length of the regular expression?
WTF?
Why did you do it?
“Foolproof”? So the fools have thousands of other ways to bring the device into a state of complete inoperability!
Now what? Break the already simplest regular expressions into even simpler ones? Increase the number of configuration lines instead of simplifying it?
Why are these limits? Why such “care” about the user? Moreover, the user did not ask for it.