Community discussions

MikroTik App
 
adlar
just joined
Topic Author
Posts: 24
Joined: Tue Aug 09, 2022 7:47 am

Feature Request: Add dns query result ip address to address list dynamicly

Thu Aug 18, 2022 6:55 am

Hi,
I need to direct netflix and other stream media traffic to a specific vpn tunnel. For the destination ip addresses are dynamic, I can't add ip addresses to address list before watching video. And because sni are encrypted in tls1.3, content and tls-host do not work anymore.

In openwrt,I can use dnsmasq and ipset to solve this problem:
“server=/netflix.com/1.1.1.1#53
ipset=/netflix.com/netflixset”

Can routeros provide similiar function to add specific domian(including uncertain subdomains) ip addresses to address list?

Thanks.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: Add dns query result ip address to address list dynamicly

Thu Aug 18, 2022 11:37 am

It looks like they added exactly this yesterday:
What's new in 7.5beta11 (2022-Aug-17 13:14):

*) dns - added "address-list" parameter for static DNS entries (CLI only);
viewtopic.php?p=952360#p952360
 
adlar
just joined
Topic Author
Posts: 24
Joined: Tue Aug 09, 2022 7:47 am

Re: Feature Request: Add dns query result ip address to address list dynamicly

Thu Aug 18, 2022 1:05 pm

Wow,it's great!
 
ykleet
newbie
Posts: 29
Joined: Thu Oct 17, 2019 11:29 am

Re: Feature Request: Add dns query result ip address to address list dynamicly

Thu Feb 09, 2023 10:34 am

My way to do this:

1. go to ip>firewall>address list, create a new name say VPNList, address = netflex.com
2. go to routing>table, create a new table for your vpn routing, say 'VPN-route' with FIB checked.
3. go to ip>firewall>mangle, add a prerouting rule that destination address list = VPNList, action = mark routing, address= 'VPN-route'.
4. go to ip>routes, add a new route rule, set dist address = 0.0.0.0/0, gateway = your vpn partner internal address and select 'VPN-route' in routing table.

this will route all your traffic with routing mark = VPN-route thru your vpn connection .

Who is online

Users browsing this forum: No registered users and 18 guests