Sync Address List from DNS Lookup Results - C and A Records

From MikroTik Wiki
Revision as of 11:45, 14 January 2012 by ElPablo (talk | contribs)
Jump to: navigation, search

This script might come in handy if you're trying to use domain names in firewall rules. To use this script you might write a script like and schedule it. Be sure to declare three globals first : ListName, Servers, and Done.

:global ListName google_voice
:global Servers {"talkr.l.google.com"}
/system script run dnsToAddressList

This is the dnsToAddressList script:

:global ListName
:global Servers
:global Done

#has $Done been initialized?
:if ([:typeof $Done] != "boolean") do={
  :set Done true;
}

#make sure previous runs have finished
while (!$Done) do={
  :nothing;
}

#block any other runs
:set Done false;

#delete old address lists
:foreach aListItem in=[/ip firewall address-list find list=$ListName] do={
  /ip firewall address-list remove $aListItem;
}

:foreach aServer in=$Servers do={
#force the dns entries to be cached
  :resolve $aServer;

  :foreach dnsRecord in=[/ip dns cache all find where (name=$aServer)] do={
#if it's an A records add it directly
    :if ([/ip dns cache all get $dnsRecord type]="A") do={
       /ip firewall address-list add list=$ListName address=[/ip dns cache all get $dnsRecord data] comment=$aServer;
    }

#if it's a CNAME follow it until we get A records
    :if ([/ip dns cache all get $dnsRecord type]="CNAME") do={
      :local cname;
      :local nextCname
      :set cname [/ip dns cache all find where (name=$aServer && type="CNAME")];
      :set nextCname [/ip dns cache all find where (name=[/ip dns cache all get $cname data] && type="CNAME")];

      :while ($nextCname != "") do={
          :set cname $nextCname;
          :set nextCname [/ip dns cache all find where (name=[/ip dns cache all get $cname data] && type="CNAME")];
        }
  
#add the a records we found
    :foreach aRecord in=[/ip dns cache all find where (name=[/ip dns cache all get $cname data] && type="A")] do={
      /ip firewall address-list add list=$ListName address=[/ip dns cache all get $aRecord data] comment=$aServer;
      }
    }
  }
}

#allow other scripts to call this
:set Done true