Community discussions

MikroTik App
 
qoole
just joined
Topic Author
Posts: 19
Joined: Tue Jul 02, 2013 4:20 pm

Feature Request(s): Address-list quality of life improvements

Thu Jun 23, 2016 2:13 pm

Hiya,

First off - THANK YOU for the DNS resolving address-lists - this makes whitelisting domains (for things like Chromebooks) SO SIMPLE.
I have a couple of requests for quality of life improvements for the winbox/webfig interfaces as follows:

1.
A tree based system for address-lists. 
The "trunk" of the tree being the address-list name, then expanded one layer to show the ip-only entries above dns entries then expanded to the third layer (yes, we're going three layers deep) to show ip addresses of those dns entries.
This would make it a great deal easier to manage instead of the mess that the current list shows.
It should be doable without having to change the way the internals of the address-lists work. DNS Entries already add a 'comment' to an IP entry to show which domain they belong to. So use that to work out where in the tree they live.

2.
If a DNS entry resolves to an IP address already contained within the list - could it be added anyway but disabled just as a visual reference that there is no issue with the DNS entry (eg. typo). It would have to be automatically re-enabled if the address disappeared from the list.

chromebook_bypass
 |---<IP ADDRESS HERE>
 |
 |---accounts.google.com
 | |----216.58.213.141
 |
 |---clients1.google.com
 | |----62.252.169.163
 | |----62.252.169.162
 | |----62.252.169.173
 | |----62.252.169.148
 | |----62.252.169.187
 | |----62.252.169.182
 | |----62.252.169.172
 | |----62.252.169.167
 | |----62.252.169.177
 | |----62.252.169.152
 | |----62.252.169.158
 | |----62.252.169.178
 | |----62.252.169.183
 | |----62.252.169.168
 | |----62.252.169.157
 | |----62.252.169.153
 |
 |---clients2.google.com
 | |----62.252.169.163*
 | |----62.252.169.162*
 | |----62.252.169.173*
 | |----62.252.169.148*
 | |----62.252.169.187*
 | |----62.252.169.182*
 | |----62.252.169.172*
 | |----62.252.169.167*
 | |----62.252.169.177*
 | |----62.252.169.152*
 | |----62.252.169.158*
 | |----62.252.169.178*
 | |----62.252.169.183*
 | |----62.252.169.168*
 | |----62.252.169.157*
 | |----62.252.169.153*

IP Addresses marked with a * are disabled because they appear elsewhere in the address-list already
Thanks,

Alex
Last edited by qoole on Thu Jun 23, 2016 3:31 pm, edited 1 time in total.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2180
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature Request(s): Address-list quality of life improvements

Thu Jun 23, 2016 2:51 pm

+1

For my sanity and eye sight!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request(s): Address-list quality of life improvements

Thu Jun 23, 2016 3:24 pm

Hiya,

First off - THANK YOU for the DNS resolving address-lists - this makes whitelisting domains (for things like Chromebooks) SO SIMPLE.
Actually I am surprised that it works at all for that purpose.
Those DNS replies are a subset of a large list and differ for every request.  It is their method of loadbalancing and redundancy.
When the MikroTIk is the DNS server for the local equipment it could work because the address list and the client see the same
cached DNS results, but a Chromebook will normally request its DNS from 8.8.8.8 directly so there is no guarantee whatsoever that
the address-list in the MikroTik has the same content as the addresses seen by the Chromebook.
 
qoole
just joined
Topic Author
Posts: 19
Joined: Tue Jul 02, 2013 4:20 pm

Re: Feature Request(s): Address-list quality of life improvements

Thu Jun 23, 2016 3:29 pm


Actually I am surprised that it works at all for that purpose.
Those DNS replies are a subset of a large list and differ for every request.  It is their method of loadbalancing and redundancy.
When the MikroTIk is the DNS server for the local equipment it could work because the address list and the client see the same
cached DNS results, but a Chromebook will normally request its DNS from 8.8.8.8 directly so there is no guarantee whatsoever that
the address-list in the MikroTik has the same content as the addresses seen by the Chromebook.
It was only an example. They have to go through internal DNS so that's probably why. No access to WAN at all except the IPs in the address_list.

Not the subject of this post anyway - if you want to talk further, PM me.
 
qoole
just joined
Topic Author
Posts: 19
Joined: Tue Jul 02, 2013 4:20 pm

Re: Feature Request(s): Address-list quality of life improvements

Mon Jun 26, 2017 3:56 pm

Just a quick bump, almost exactly a year later. Is this something that could be implemented?

Who is online

Users browsing this forum: gfunkdave, jacuinde, miankamran7100 and 38 guests