Mikrotik RouterOS Dynamic IP Firewall Address List Entries for CDN’s, etc.

Has anyone noticed a new behavior for address lists in RouterOS? The release notes for 6.37.3 show “firewall – fixed timeout option on address lists with domain name;” but I don’t see when that feature was actually added.

Specifically, if you add a DNS name as the address entry, it dynamically resolves all the IP’s for that name.

The best example is a name record that points to a CDN like WIndows’ Updates. I discovered this trying to mark and prioritize Windows’ updates, MAC Updates, iCloud photo uploads, etc.

Here is an example. Our website, www.ispsupplies.com is distributed by a CDN. One entry in the address list produces 8 dynamic entries, one for each CDN IP. I also noticed they update themselves dynamically, on an unknown schedule. I don’t see this in the Who wants to work together on a QOS system using this feature?


Source: Blog

Steve Discher

Steve Discher was born in Apple Valley, California and today makes his home in College Station, Texas with his wife and three children. He is a 1987 graduate of Texas A-M University and owns ISP Supplies, a wireless distribution company, and conducts MikroTik training classes. His hobbies include flying his Piper Cub and RV camping with his family.

Recent Posts

  • Creating Trunk and Access Ports on MikroTik CRS3xx Series Switches

    The switch menu and configuration interface is significantly different on the CRS3xx versus the CRS1xx or CRS2xx series switches and if you are trying to configure VLANs, the process is totally different. Here is a quick HowTo for configuring VLANs …

  • Ubiquiti Unifi Video NVR Upgrade Fails

    Yesterday I got tired of the nagging “Update Available” on my Ubiquiti Video NVR so I went through the upgrade process in the web GUI. It failed with Error 400. I tried several times, several browsers, same error. I then …

  • Using MikroTik LHG as a UE With a Baicells eNodeB

    This has been a dream for a long time, and a DIY project for those industrious individuals willing to cobble it together, but now it is a reality in a production device. First of all why would you want to …

See More News