Page 1 of 1

dns to address lists scripts.

Posted: Wed Apr 22, 2009 12:06 pm
by spire2z
Hello, I found this script on the forums somewhere see it below after this post, the question is that I can't seem to quite understand it's behaviour? It looks pretty simple from the code which I can understand except for the odd punctuation.

Anyway as you can probably see it will find DNS names and get the IPs into an address list for giving priority to certain VOIP services so we don't have to keep checking the IPs manually.

The problem is that even if you ping a site and see it in the DNS cache it dosent always get added to the address list for some reason. Some DNS names do and some don't. Some seem to end up with different IPs in the list than you read in the cache? It seems strange and I can't get any debug info on whats going on?

Best Regards, - script below:

Just wondered if anyone could shed any light?

# check every dns entry
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
# check if dns name contains tescointernetphone
:if ([:find [/ip dns cache get $i name] "tescointernetphone"] != 0) do={
:local tmpAddress [/ip dns cache get $i address] ;
#---- if address list is empty do not check ( add address directly )
:if ( [/ip firewall address-list find ] = "") do={
/ip firewall address-list add address=$tmpAddress list=voip disabled=no;
} else={
#------- check every address list entry
:foreach j in=[/ip firewall address-list find ] do={

#---------- set bNew variable to false if address exists in address list
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
#------- if address is new then add to address list

:if ( $bNew = "true" ) do={
/ip firewall address-list add address=$tmpAddress list=voip disabled=no
}
}
}
}
# [ THE END ]

Re: dns to address lists scripts.

Posted: Wed Apr 22, 2009 12:22 pm
by mrz
You can add comments to address list entries, so that it is later easier to compare dns cache entries with created address list entries
http://wiki.mikrotik.com/wiki/Scripting ... c_websites

Also add :put commands to print needed values to console, it is very useful when debugging scripts.

Re: dns to address lists scripts.

Posted: Wed Apr 22, 2009 1:35 pm
by spire2z
Cheers, that helps with debug and now I know whats going in. I think the issue is that the script does not add ips whos domain is the fist level for example a domain like:

stun.sipgate.net & www.sipgate.co.uk & gatway.tescointernetphone.com

will go into the list but:

sipgate.net & tescointernetphone.com

alone will not be entered by the script? I don't know enough about the scripting language to know why that is?

Any pointers much appreciated?

Best Regards.

Re: dns to address lists scripts.

Posted: Wed Apr 22, 2009 1:53 pm
by mrz
'/ip dns cache' contains only A records
if you want NS records then use
'/ip dns cache all' instead

Re: dns to address lists scripts.

Posted: Wed Apr 22, 2009 1:55 pm
by spire2z
No it's OK I solved it.

:if ((([:find $cacheName "domain"] >= 0) gets the domains properly

:if ((([:find $cacheName "domain"] != 0) only grabs the *.domains

Re: dns to address lists scripts.

Posted: Mon Sep 19, 2011 11:37 pm
by navidrasi
hi
this script is very slow and high cpu usage i had to change it
i think this one is quicker
:foreach i in=[/ip dns cache all find where (name~"facebook" ||  name~"fbcdn" || name~"bbc" || name~"akamai" || name~"youtube") && (type="A") ] do={
     :local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
#prevent script from using all cpu time
    :if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={         
     :local cacheName [/ip dns cache get $i name] ;
     :log info ("added entry: $cacheName  $tmpAddress");
     /ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;

}

}
i am using this script to find facebook and youtube and bbc address which is restricted in iran so i can route these ip address throw VPN

Re: dns to address lists scripts.

Posted: Thu Dec 29, 2011 4:40 am
by rviteri
navidrasi, I am also looking for a script for a similar purpose can you please tell me how this script works?

Does it check every time a connection is made to a new website?

Re: dns to address lists scripts.

Posted: Tue Sep 06, 2016 10:14 pm
by kivimart
hi
this script is very slow and high cpu usage i had to change it
i think this one is quicker
:foreach i in=[/ip dns cache all find where (name~"facebook" ||  name~"fbcdn" || name~"bbc" || name~"akamai" || name~"youtube") && (type="A") ] do={
     :local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
#prevent script from using all cpu time
    :if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={         
     :local cacheName [/ip dns cache get $i name] ;
     :log info ("added entry: $cacheName  $tmpAddress");
     /ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;

}

}
i am using this script to find facebook and youtube and bbc address which is restricted in iran so i can route these ip address throw VPN
Sorry for bad English.
i use some part off this script to update the new feature of ROS 6.36 with dynamic address list.
Tanks to navidrasi for original.
In Sweden we have a play service from the state that never uses the same dna name for streaming services but the name on all start with svtplay then something lik: svtplay3c-f.akamaihd.net

My problem is that it sometimes ads the address 0.0.0.0 as dynamic address and i am not so good at scripting so some help would be nice.

I think this script can be used for other service/sites as well ex. windowsupdate, avira, as long as they have same name part in the dns request.
i run the script every 10 minutes because the heavy load on the CPU
Script below.

------------------------------
:foreach i in=[/ip dns cache all find where (name~"svtplay") ] do={
:local cacheName [/ip dns cache get $i name];
delay delay-time=10ms
#prevent script from using all cpu time
:if ( [/ip firewall address-list find where address=$cacheName] = "") do={
:local cacheName [/ip dns cache get $i name] ;
:log info ("added entry: $cacheName");
/ip firewall address-list add address=$cacheName list=A3-SVTPLAY comment=A3-SVTPLAY;

}

}

------------------------------------------

Re: dns to address lists scripts.

Posted: Tue Oct 15, 2019 11:35 pm
by shahani
Hey, I modified the script to fit my needs, It works for the most part but I keep getting "script,error script error: no such item (4)" and cannot figure out why It is so.
any ideas?
Any help is appreciated, thanks in advance.
:do {
 :foreach i in=[/ip dns cache all find where (name~"supercell" ||  name~"clashofclans" || name~"clashroyale" || name~"instagram" || name~"izbank.ir" || name~"rb24.ir" || name~"bankmellat.ir" || name~"shaparak.ir" || name~"shaparak.com" || name~"bmi.ir" || name~"cbi.ir" || name~"postbank.ir" || name~"tejaratbank.ir" || name~"edbi.ir" || name~"ttbank.ir" || name~"bankrefah.ir" || name~"banksepah.ir" || name~"refah-bank.ir" || name~"banksepah.ir" || name~"bim.ir" || name~"qmb.ir" || name~"ghbi.ir" || name~"bki.ir" || name~"bank-maskan.ir" || name~"enbank.ir" || name~"ansarbank.com" || name~"parsian-bank.ir" || name~"bpi.ir" || name~"ba24.ir" || name~"hibank24.ir" || name~"bank-day.ir" || name~"sinabank.ir" || name~"sb24.com" || name~"sbank.ir" || name~"shahr-bank.ir" || name~"city-bank.net" || name~"bsi.ir" || name~"rqb.ir" || name~"rqbank.ir" || name~"karafarinbank.ir" || name~"tourismbank.ir" || name~"tourism-bank.com" || name~"aparat.com" || name~"irancell" || name~"gsm.ir") && (type="A")  && (static=no) ] do  ={
    :local tmpAddress [/ip dns cache get $i address];
    :local cacheName [/ip dns cache get $i name] ;
    :if ( [:len $tmpAddress] != 0) do={
      :if ( [/ip firewall address-list find where list="All Direct" address=$tmpAddress] = "" ) do={     
      :log info ("added entry To All Direct: \"$cacheName\"  \"$tmpAddress\"");
       /ip firewall address-list add address=$tmpAddress list="All Direct" timeout="247d00:00:00" comment=$cacheName;
      }
    }
  }
} on-error={}

Re: dns to address lists scripts.

Posted: Wed Oct 16, 2019 6:31 am
by mducharme
What is the point in using that script today? Address lists have built in support for DNS.

Re: dns to address lists scripts.

Posted: Wed Oct 16, 2019 8:33 am
by shahani
Thanks for the info , I checked it out today,
the issue is when I add a domain it will only search and apply for that specific exact domain name, and websites tend to have a ton of domains associated with them with differing addresses.
It's not possible for me to add every single one since not only a lot of them can be dynamic but it'll take a ton of time to do so as well.

If you know of a way that I can add only part of a domain and it working perfectly, please let me know.