Created
April 18, 2013 05:49
-
-
Save Pablo1/5410433 to your computer and use it in GitHub Desktop.
Mikrotik RouterOS Script - Sync Address List from DNS Lookup Results - CNAME and A Records This script might come in handy if you're trying to use domain names in firewall rules. To use this script you might write a script like the one below and schedule it. Be sure to declare three globals first : ListName, Servers, and Done. ListName and Serve…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :global ListName | |
| :global Servers | |
| :global Done | |
| #has $Done been initialized? | |
| :if ([:typeof $Done] != "boolean") do={ | |
| :set Done true; | |
| } | |
| #make sure previous runs have finished | |
| while (!$Done) do={ | |
| :nothing; | |
| } | |
| #block any other runs | |
| :set Done false; | |
| #delete old address lists | |
| :foreach aListItem in=[/ip firewall address-list find list=$ListName] do={ | |
| /ip firewall address-list remove $aListItem; | |
| } | |
| :foreach aServer in=$Servers do={ | |
| #force the dns entries to be cached | |
| :resolve $aServer; | |
| :foreach dnsRecord in=[/ip dns cache all find where (name=$aServer)] do={ | |
| #if it's an A records add it directly | |
| :if ([/ip dns cache all get $dnsRecord type]="A") do={ | |
| /ip firewall address-list add list=$ListName address=[/ip dns cache all get $dnsRecord data] comment=$aServer; | |
| } | |
| #if it's a CNAME follow it until we get A records | |
| :if ([/ip dns cache all get $dnsRecord type]="CNAME") do={ | |
| :local cname; | |
| :local nextCname | |
| :set cname [/ip dns cache all find where (name=$aServer && type="CNAME")]; | |
| :set nextCname [/ip dns cache all find where (name=[/ip dns cache all get $cname data] && type="CNAME")]; | |
| :while ($nextCname != "") do={ | |
| :set cname $nextCname; | |
| :set nextCname [/ip dns cache all find where (name=[/ip dns cache all get $cname data] && type="CNAME")]; | |
| } | |
| #add the a records we found | |
| :foreach aRecord in=[/ip dns cache all find where (name=[/ip dns cache all get $cname data] && type="A")] do={ | |
| /ip firewall address-list add list=$ListName address=[/ip dns cache all get $aRecord data] comment=$aServer; | |
| } | |
| } | |
| } | |
| } | |
| #allow other scripts to call this | |
| :set Done true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :global ListName google_voice | |
| :global Servers {"talkr.l.google.com"} | |
| /system script run dnsToAddressList |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment