[admin@MikroTik] > put [:resolve mt.lv] 159.148.147.196
This is true, but does not tell which dns server is resolving, which can be helpful...to find out the IP address of some domain, just ping it. or you can use the ":resolve" command, if you need it in scripts:
ros code
[admin@MikroTik] > put [:resolve mt.lv] 159.148.147.196
put [resolve google.com server 8.8.8.8]
[admin@rb1.magrathea] > put [:resolve host.fqdn server=8.8.4.4]
172.16.42.25
[root@nas1] ~# nslookup host.fqdn 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: host.fqdn
Address: 216.58.218.206
[user@GV-FV155] > put [resolve remote.my-server.com]
10.10.10.32
[user@GV-FV155] > put [resolve remote.my-serve.com server 8.8.8.8]
92.xxx.xxx.134
[user@GV-FV155] >
NO! How can I discover DNServer? Which server return address? (Yeah, I have a very long list DNS and I am use every server.)you can specify target dns server to query easily:Code: Select allput [resolve google.com server 8.8.8.8]
nslookup 8.8.8.8
Server: *******
Address: 10.5.50.177
Name: google-public-dns-a.google.com
Address: 8.8.8.8
nslookup microsoft.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: microsoft.com
Address: 134.170.185.46
Name: microsoft.com
Address: 134.170.188.221
[admin@MikroTestRouter] > /ip firewall address-list add address="microsoft.com" list="list1"
[admin@MikroTestRouter] > /ip firewall address-list print where list="list1"
Flags: X - disabled, D - dynamic
# LIST ADDRESS CREATION-TIME TIMEOUT
0 list1 microsoft.com oct/02/2019 11:38:55
1 D ;;; microsoft.com
list1 40.112.72.205 oct/02/2019 11:38:55
2 D ;;; microsoft.com
list1 40.113.200.201 oct/02/2019 11:38:55
3 D ;;; microsoft.com
list1 104.215.148.63 oct/02/2019 11:38:55
4 D ;;; microsoft.com
list1 13.77.161.179 oct/02/2019 11:38:55
5 D ;;; microsoft.com
list1 40.76.4.15 oct/02/2019 11:38:55
[admin@MikroTestRouter] > /ip firewall address-list remove [find list="list1" !dynamic]
is there a way to get this output as a variable?you can specify target dns server to query easily:Code: Select allput [resolve google.com server 8.8.8.8]
:global dns [:resolve "www.google.com"]
:put $dns
216.58.212.4
:set $result [:resolve mt.lv]; :put $result
thanks mate...Code: Select all:set $result [:resolve mt.lv]; :put $result
:local result
:set $result [:resolve mt.lv]
:put $result
:local result [:resolve mt.lv]
:put $result
local result [:resolve mt.lv]; :put $result
The problem with this tact is that it only allows to resolve the first A record. NSLOOKUP allows record type lookups like MX, SOA, etc.to find out the IP address of some domain, just ping it. or you can use the ":resolve" command, if you need it in scripts:
ros code
[admin@MikroTik] > put [:resolve mt.lv] 159.148.147.196
What I wrote in #12 is the only other way I think we have right now.The problem with this tact is that it only allows to resolve the first A record. NSLOOKUP allows record type lookups like MX, SOA, etc.to find out the IP address of some domain, just ping it. or you can use the ":resolve" command, if you need it in scripts:
ros code
[admin@MikroTik] > put [:resolve mt.lv] 159.148.147.196
How to accomplish this on Mikrotik?? Need an NSLOOKUP type tool.
What I wrote in #12 is the only other way I think we have right now.
The problem with this tact is that it only allows to resolve the first A record. NSLOOKUP allows record type lookups like MX, SOA, etc.
How to accomplish this on Mikrotik?? Need an NSLOOKUP type tool.
Other than that, use an actual Windows mashie.
Why do you even need all that information on the router itself?
And this is something you need to do from your router? When exactly?First, try to ping fqdn of an MX record (or any non A record) and all above methods will fail and no IP will be returned.
What is the difference between doing the NSLOOKUP command on your network edge/gateway, and using it on any machine on the network? Does your network block and/or reroute all DNS queries leaving your network?Second, as a troubleshooting tool, if there is a problem inside the network that appears to be affecting all machines (as the reason I was googling and what brought me here) then we check first outside the network to verify if it's external DNS or problem is elsewhere.
If it works outside, then where is next logical step if not to check if problem exists at the edge/gateway? (and in some cases said gateway is the DHCP and even DNS server (or caching relay)...)
C:\Users\admin>NSLOOKUP google.com 8.8.8.8
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:400f:801::200e
142.250.74.142
# resolveAllHostAddresses : a function to return an array of IP addresses for a host, resolved using a specific DNS server
# arguments:
# - host : host name to be resolved
# - server (default: local DNS server) : DNS server to be used
# - confirmations (default: 2) : number of confirmations for every address to be obtained in a series of DNS queries, for the result to be considered as complete
# return value: array of IP addresses for the host
:global resolveAllHostAddresses do={
# actual repetition count value to be used for every address
:local sufficientCount;
if ([:type $confirmations]!="nothing") do={
:set sufficientCount $confirmations;
} else={
:set sufficientCount 2;
}
# array of addresses to be returned, initialized as empty
:local addressesToReturn [:toarray ""];
# array of remaining confirmation counts, initialized as empty
:local counts [:toarray ""];
# variable to be used as loop exit flag
:local done true;
# safeguard against infinite looping
:local attempts 100;
# perform resolving in a loop until every address is received more than once
:do {
# decrement the safeguard count
:set attempts ($attempts - 1);
# get a new DNS query result
:local address;
if ([:type $server]!="nothing") do={
:set address [:resolve $host server $server];
} else={
:set address [:resolve $host];
}
# check if the obtained address is known already
:local idx [:find $addressesToReturn $address];
:if ([:type $idx]="nil") do={
# new address: add it to the array to be returned as-is
:set addressesToReturn ($addressesToReturn, $address);
# add one more remaining count value to the counts array
:set counts ($counts, $sufficientCount);
} else={
# known address: decrement confirmation count in the counts array with zero as limit
:local count ($counts->$idx);
:local newCount ($count - 1);
:if ($newCount>=0) do={
# set decreased value
:set ($counts->"$idx") $newCount;
}
}
# check the counts array to see if all the addresses were received required number of times
:set done true;
:foreach count in=$counts do={
:if ($count>0) do={
:set done false;
}
}
} while=((!done)&&($attempts>0));
:return $addressesToReturn;
};
> :global resolveAllHostAddresses; :put [$resolveAllHostAddresses host=www.google.com server=8.8.8.8]
64.233.161.104;74.125.205.147;74.125.131.147;64.233.164.147;64.233.161.105
> :global resolveAllHostAddresses; :put [$resolveAllHostAddresses host=www.google.com server=1.1.1.1]
173.194.222.104;209.85.233.106;74.125.131.106;173.194.222.99;74.125.131.105;209.85.233.105;173.194.222.147;74.125.131.103;74.125.131.104;209.85.233.147;173.194.222.105;74.125.131.99;74.125.131.147;209.85.233.103;173.194.222.103;173.194.222.106;209.85.233.99;209.85.233.104
Sorry for late response must have missed the notif.And this is something you need to do from your router? When exactly?First, try to ping fqdn of an MX record (or any non A record) and all above methods will fail and no IP will be returned.
I am not saying it wouldn't be nice if the ":resolve" got some more options, for example to lookup MX records or whatever, but it at least isn't possible right now. So the question was why you needed it at all, to try and help you find an alternative. I however guess it is impossible for you to lookup an MX record on the router currently, unless someone has a fancy trick.
I mean, maybe there is a DNS server out there that you can ask specifically for MX records and have it return them as if they were A records. You can't possibly be the first person in the world that need the IP-address of an MX record returned as an A record result. At worst you might have to make this custom DNS server yourself if one doesn't exist, maybe others would find it useful too.
What is the difference between doing the NSLOOKUP command on your network edge/gateway, and using it on any machine on the network? Does your network block and/or reroute all DNS queries leaving your network?Second, as a troubleshooting tool, if there is a problem inside the network that appears to be affecting all machines (as the reason I was googling and what brought me here) then we check first outside the network to verify if it's external DNS or problem is elsewhere.
If it works outside, then where is next logical step if not to check if problem exists at the edge/gateway? (and in some cases said gateway is the DHCP and even DNS server (or caching relay)...)
If you simply specify the DNS server in the NSLOOKUP command, you will ask any DNS server. If your machine can't make DNS queries or doesn't have internet access, you have found out that the issue is in your network.
Code: Select allC:\Users\admin>NSLOOKUP google.com 8.8.8.8 Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: google.com Addresses: 2a00:1450:400f:801::200e 142.250.74.142
Again, yes it would be nice with something similar to the NSLOOKUP command on the router, but I really don't see why it important.
If you just need to check if a DNS request would work from the gateway router, the [:resolve google.com server=8.8.8.8]The recent case that brought me here was me remoting into a user's machine who's complaining of xyz (that smelled DNS related) and from that machine I tried to do a nslookup that failed.
Now, I KNOW internet works, I'm remoting into the machine FROM the internet.
I see that most things work in the browser (google,etc. Incl. some obscure url I know they would not ever have tried so it's not just cached) but SOME things won't work and again, the nslookup fails.
Tried two other machines on the network, same deal.
Eventually I realized that ALL nslookups were failing and on all the machines.
So that's a case where I ABSOLUTELY could have benefited from being able to do a lookup at the gateway. Just for a sanity check if nothing else.
In this case it turned out user was using a VPN software, restricted only to vpn some apps (whitelist). Whether it's a bad implementation or for whatever reason, this app borks all attempts to nslookup from the machines.
If I'd been able to isolate quickly that the issue was endemic to the endpoints and not network wide (remember, multiple machines, same behavior. Because all the users used same vpn brand/software) I'd likely not have gone down a couple of rabbit holes that (obviously) were not the right answer.
I'm sure there have also been other times that nslookup would have been useful to me at the edge but this is the latest and freshest in my memory. I'm sure I'm not alone either.
I have not found any reference in the official documentation to the parameters of the resolve command. Do you know any website where to find it?you can specify target dns server to query easily:Code: Select allput [resolve google.com server 8.8.8.8]
https://wiki.mikrotik.com/wiki/Manual:S ... g#CommandsI have not found any reference in the official documentation to the parameters of the resolve command. Do you know any website where to find it?you can specify target dns server to query easily:Code: Select allput [resolve google.com server 8.8.8.8]
:resolve <tab><tab>
domain-name server server-port
:put [:resolve hostname.example.com server=1.1.1.1]
[admin@Mikrotik] > put [resolve dishy.starlink.com server=8.8.8.8]
192.168.100.1
[admin@Mikrotik] /ip/address> put [resolve dishy.starlink.com server=8.8.8.8]
bad command name resolve (line 1 column 6)
[admin@Mikrotik] /ip/address> :put [:resolve dishy.starlink.com server=8.8.8.8]
192.168.100.1