script to resolve DNS names and update address list

palmczak · February 22, 2007, 12:13am

my apologies if this has been covered. I spent some time searching but have not found a solution.

We use firewall input chain to stop login attempts to router from non trusted IP’s. The problem is we have a few sites that now use dynamic IP and DDNS to update ChangeIp.

What I am looking for is a script that resolves a list of DNS names and updates an address list (trusted IP list) with the IP’s they resolve to. It would be nice to check the list for to see if address exists already.

Thanks,

cmit · February 28, 2007, 4:39pm

Perhaps this one helps…

It will iterate over all entries in an address-list (named “testlist” in this example) and update the associated ip address. It is made so that the comment for the address-list entry does hold the DNS name for the entry (like “myhomeoffice.dyndns.org” or “www.mikrotik.com” or whatever).

When run, the script does resolve the address-list’s comment as a host name and does put the ip address in the address field of the entry.

After that there’s another loop disabling all address-list entries which now do have a “0.0.0.0” as address (which does mean that the DNS resolving has failed for whatever reason).

You could run this every minute from the scheduler for example…

:foreach a in=[/ip firewall address-list find list=testlist] do={
  /ip firewall address-list set $a address=[:resolve [/ip firewall address-list get $a comment]]
}
:foreach a in=[/ip firewall address-list find address=0.0.0.0] do={
  /ip firewall address-list set $a disabled=yes
}

Best regards,
Christian Meis

palmczak · February 28, 2007, 5:19pm

Thanks!

I am going to tweek it a bit but this is a great start!

Thanks again.

Joe

sergiom99 · April 25, 2008, 8:55pm

Hey,
could a script like this one help in a scenerio like this one?
http://forum.mikrotik.com/t/how-to-nat-from-a-hostname/15922/1

I haven’t solved it yet.
Thanks!

vchrizz · December 4, 2018, 1:48am

was looking for a similar solution and came up with an own script. wanted to share it, in case someone can need it:

[/Codebox]system scheduler export :
/system scheduler
add interval=1m name=auto-add-static-routes on-event=Add-static-routes-from-DNS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=dec/03/2018 start-time=21:47:34
system script: Name: Add-static-routes-from-DNS (dont forget to edit gateway and vrf-mark like you need it)

this script resolves given dns names and adds routes for resolved ips.

important: edit static route options to fit your network!

custom routes can also be defined.

skips adding routes if already added.

created 2018 by chil.at

declare variables

local dnsNames
local customRoutes
local ipAddress
local gateway
local type
local distance
local scope
local targetscope
local routingmark

define dns records

set dnsNames ($dnsNames , “upgrade.mikrotik.com”)
set dnsNames ($dnsNames , “www.ubnt.com”)
set dnsNames ($dnsNames , “security.debian.org”)
set dnsNames ($dnsNames , “security-cdn.debian.org”)
set dnsNames ($dnsNames , “ftp.us.debian.org”)

define custom static routes

cloudflare DNS

set customRoutes ($customRoutes , “1.1.1.1/32”)

google DNS

set customRoutes ($customRoutes , “8.8.8.8/32”)

define static route options

set gateway “1.2.3.4@main”
set type “unicast”
set distance 200
set scope 30
set targetscope 10
set routingmark “VRF-MANAGEMENT”

do not edit below here!

clear DNS cache and all AutoAdded routes (enable only temporarily to clear in case of problems)

#ip dns cache flush
#ip route remove [find comment~“AutoAdded”]
#log info “cleared DNS cache and all AutoAdded routes.”

set DNS cache Max TTL to 10 minutes

#ip dns set cache-max-ttl=“10m”

set static routes from defined customRoutes

foreach route in=$customRoutes do={
if ([ip route find dst-address=“$route” gateway=$gateway type=$type distance=$distance scope=$scope target-scope=$targetscope routing-mark=$routingmark] != “”) do {
log debug “route exists to $route, skipping.”
} else {
ip route add dst-address=$route gateway=$gateway type=$type distance=$distance scope=$scope target-scope=$targetscope routing-mark=$routingmark comment=“AutoAdded”;
log info (“route added to $route”);
};
}

set static routes from defined dnsNames

foreach dnsName in=$dnsNames do={
set ipAddress ([:resolve $dnsName])
if ([ip route find dst-address=“$ipAddress/32” gateway=$gateway type=$type distance=$distance scope=$scope target-scope=$targetscope routing-mark=$routingmark] != “”) do {
log debug “route exists to $ipAddress ($dnsName), skipping.”
} else {
ip route add dst-address=$ipAddress gateway=$gateway type=$type distance=$distance scope=$scope target-scope=$targetscope routing-mark=$routingmark comment=“AutoAdded for dnsName: $dnsName”;
log info (“route added to $ipAddress ($dnsName)”);
};
}