Mikrotik RouterOS Dynamic IP Firewall Address List Entries for CDN’s, etc.

Posted on by

Has anyone noticed a new behavior for address lists in RouterOS?  The release notes for 6.37.3 show “firewall – fixed timeout option on address lists with domain name;” but I don’t see when that feature was actually added.

Specifically, if you add a DNS name as the address entry, it dynamically resolves all the IP’s for that name.

The best example is a name record that points to a CDN like WIndows’ Updates. I discovered this trying to mark and prioritize Windows’ updates, MAC Updates, iCloud photo uploads, etc.

Here is an example. Our website, www.ispsupplies.com is distributed by a CDN. One entry in the address list produces 8 dynamic entries, one for each CDN IP. I also noticed they update themselves dynamically, on an unknown schedule. I don’t see this in the Who wants to work together on a QOS system using this feature?

 

No automatic alt text available.
No automatic alt text available.


Source: Blog

This entry was posted in ISP Supplies News, MikroTik by Steve Discher. Bookmark the permalink.

About Steve Discher

Steve Discher was born in Apple Valley, California and today makes his home in College Station, Texas with his wife and three children. He is a 1987 graduate of Texas A-M University and owns ISP Supplies, a wireless distribution company, and conducts MikroTik training classes. His hobbies include flying his Piper Cub and RV camping with his family.

Leave a Reply