Community discussions

 
spire2z
Long time Member
Long time Member
Topic Author
Posts: 517
Joined: Mon Feb 14, 2005 2:48 am

dns to address lists scripts.

Wed Apr 22, 2009 12:06 pm

Hello, I found this script on the forums somewhere see it below after this post, the question is that I can't seem to quite understand it's behaviour? It looks pretty simple from the code which I can understand except for the odd punctuation.

Anyway as you can probably see it will find DNS names and get the IPs into an address list for giving priority to certain VOIP services so we don't have to keep checking the IPs manually.

The problem is that even if you ping a site and see it in the DNS cache it dosent always get added to the address list for some reason. Some DNS names do and some don't. Some seem to end up with different IPs in the list than you read in the cache? It seems strange and I can't get any debug info on whats going on?

Best Regards, - script below:

Just wondered if anyone could shed any light?

# check every dns entry
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
# check if dns name contains tescointernetphone
:if ([:find [/ip dns cache get $i name] "tescointernetphone"] != 0) do={
:local tmpAddress [/ip dns cache get $i address] ;
#---- if address list is empty do not check ( add address directly )
:if ( [/ip firewall address-list find ] = "") do={
/ip firewall address-list add address=$tmpAddress list=voip disabled=no;
} else={
#------- check every address list entry
:foreach j in=[/ip firewall address-list find ] do={

#---------- set bNew variable to false if address exists in address list
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
#------- if address is new then add to address list

:if ( $bNew = "true" ) do={
/ip firewall address-list add address=$tmpAddress list=voip disabled=no
}
}
}
}
# [ THE END ]
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5716
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: dns to address lists scripts.

Wed Apr 22, 2009 12:22 pm

You can add comments to address list entries, so that it is later easier to compare dns cache entries with created address list entries
http://wiki.mikrotik.com/wiki/Scripting ... c_websites

Also add :put commands to print needed values to console, it is very useful when debugging scripts.
 
spire2z
Long time Member
Long time Member
Topic Author
Posts: 517
Joined: Mon Feb 14, 2005 2:48 am

Re: dns to address lists scripts.

Wed Apr 22, 2009 1:35 pm

Cheers, that helps with debug and now I know whats going in. I think the issue is that the script does not add ips whos domain is the fist level for example a domain like:

stun.sipgate.net & www.sipgate.co.uk & gatway.tescointernetphone.com

will go into the list but:

sipgate.net & tescointernetphone.com

alone will not be entered by the script? I don't know enough about the scripting language to know why that is?

Any pointers much appreciated?

Best Regards.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5716
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: dns to address lists scripts.

Wed Apr 22, 2009 1:53 pm

'/ip dns cache' contains only A records
if you want NS records then use
'/ip dns cache all' instead
 
spire2z
Long time Member
Long time Member
Topic Author
Posts: 517
Joined: Mon Feb 14, 2005 2:48 am

Re: dns to address lists scripts.

Wed Apr 22, 2009 1:55 pm

No it's OK I solved it.

:if ((([:find $cacheName "domain"] >= 0) gets the domains properly

:if ((([:find $cacheName "domain"] != 0) only grabs the *.domains
 
navidrasi
just joined
Posts: 9
Joined: Sun Sep 18, 2011 11:22 pm

Re: dns to address lists scripts.

Mon Sep 19, 2011 11:37 pm

hi
this script is very slow and high cpu usage i had to change it
i think this one is quicker
:foreach i in=[/ip dns cache all find where (name~"facebook" ||  name~"fbcdn" || name~"bbc" || name~"akamai" || name~"youtube") && (type="A") ] do={
     :local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
#prevent script from using all cpu time
    :if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={         
     :local cacheName [/ip dns cache get $i name] ;
     :log info ("added entry: $cacheName  $tmpAddress");
     /ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;

}

}
i am using this script to find facebook and youtube and bbc address which is restricted in iran so i can route these ip address throw VPN
 
rviteri
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Fri Nov 18, 2011 5:53 pm

Re: dns to address lists scripts.

Thu Dec 29, 2011 4:40 am

navidrasi, I am also looking for a script for a similar purpose can you please tell me how this script works?

Does it check every time a connection is made to a new website?
 
kivimart
newbie
Posts: 40
Joined: Thu Oct 10, 2013 3:06 pm

Re: dns to address lists scripts.

Tue Sep 06, 2016 10:14 pm

hi
this script is very slow and high cpu usage i had to change it
i think this one is quicker
:foreach i in=[/ip dns cache all find where (name~"facebook" ||  name~"fbcdn" || name~"bbc" || name~"akamai" || name~"youtube") && (type="A") ] do={
     :local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
#prevent script from using all cpu time
    :if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={         
     :local cacheName [/ip dns cache get $i name] ;
     :log info ("added entry: $cacheName  $tmpAddress");
     /ip firewall address-list add address=$tmpAddress list=restricted comment=$cacheName;

}

}
i am using this script to find facebook and youtube and bbc address which is restricted in iran so i can route these ip address throw VPN
Sorry for bad English.
i use some part off this script to update the new feature of ROS 6.36 with dynamic address list.
Tanks to navidrasi for original.
In Sweden we have a play service from the state that never uses the same dna name for streaming services but the name on all start with svtplay then something lik: svtplay3c-f.akamaihd.net

My problem is that it sometimes ads the address 0.0.0.0 as dynamic address and i am not so good at scripting so some help would be nice.

I think this script can be used for other service/sites as well ex. windowsupdate, avira, as long as they have same name part in the dns request.
i run the script every 10 minutes because the heavy load on the CPU
Script below.

------------------------------
:foreach i in=[/ip dns cache all find where (name~"svtplay") ] do={
:local cacheName [/ip dns cache get $i name];
delay delay-time=10ms
#prevent script from using all cpu time
:if ( [/ip firewall address-list find where address=$cacheName] = "") do={
:local cacheName [/ip dns cache get $i name] ;
:log info ("added entry: $cacheName");
/ip firewall address-list add address=$cacheName list=A3-SVTPLAY comment=A3-SVTPLAY;

}

}

------------------------------------------

Who is online

Users browsing this forum: No registered users and 8 guests