Community discussions

MikroTik App
 
iam8up
Member
Member
Topic Author
Posts: 333
Joined: Sun Oct 28, 2007 10:58 pm
Location: Troy, OH
Contact:

Firewall address-list DNS names update

Tue Aug 03, 2021 10:40 pm

I have 6 different DNS names in an address-list. My question is, will these ever update? It looks like when they're created there's a set creation time but there is no timeout/expiration time. Is there any solution to this besides disable/enable them every n interval?

/ip firewall address-list
add address=cdn.auth0.com list=allowed4suspended
add address=fonts.googleapis.com list=allowed4suspended

14 D ;;; cdn.auth0.com
allowed4suspended 52.85.87.58 aug/03/2021 15:11:17

16 D ;;; fonts.googleapis.com
allowed4suspended 172.217.2.106 aug/03/2021 15:11:17

Image
 
iam8up
Member
Member
Topic Author
Posts: 333
Joined: Sun Oct 28, 2007 10:58 pm
Location: Troy, OH
Contact:

Re: Firewall address-list DNS names update

Tue Aug 10, 2021 3:49 pm

Mikrotik support says "IP address-list dynamic entries should be updated once per 5 minutes."
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Firewall address-list DNS names update

Tue Aug 10, 2021 4:21 pm

They are kept up to date on my unit as I use them for wireguard connections for example.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Firewall address-list DNS names update

Tue Aug 10, 2021 4:26 pm

DNS entries in firewall address lists are resolved at TTL expiry for that entry.
No need to update them manually.
 
A9691
newbie
Posts: 25
Joined: Sat May 14, 2016 10:58 am

Re: Firewall address-list DNS names update

Wed Sep 20, 2023 2:53 pm

Try this one:
/ip firewall address-list
add list=test address=[:resolve forum.mikrotik.com] comment="X"
add list=test address=forum.mikrotik.com
remove [find comment="X"]
print

Columns: LIST, ADDRESS, CREATION-TIME
# LIST  ADDRESS             CREATION-TIME      
0 test  forum.mikrotik.com  2023-09-20 14:46:4
There is no ip address in the list and it will stay that way for a very long time.
I've set DHCP cache max TTL to 1 minute, the entry forum.mikrotik.com was present, expired and renewed, but the address list remained unchanged.
(Ros v7.10.2)

Who is online

Users browsing this forum: ivicask, onnyloh, tim427 and 88 guests