^(?![\w]*[-][\d]{2})(.*[\.]?ad\.example\.com)$

Here is a little run down on how to do this, the only thing left to do is to check what janisk says but im pretty sure this handles it decently enough.

Code: Select all

/ip firewall layer7-protocol
add name=testdns regexp=lantest.mindlesstux.com

/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-address=4.2.2.2 dst-port=53 layer7-protocol=testdns protocol=udp to-addresses=8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=no dst-address=4.2.2.2 dst-port=53 layer7-protocol=testdns protocol=tcp to-addresses=8.8.8.8 to-ports=53

1. Change the regex to match your domain.
2. Change 4.2.2.2 to be your RB DNS server
3. Change 8.8.8.8 to be your AD DNS server

*edit*
/me applies this little craft for his work domain on his home RB

/ip firewall layer7-protocol
add name=testdns regexp=lantest.mindlesstux.com

/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-address=4.2.2.2 dst-port=53 layer7-protocol=testdns protocol=udp to-addresses=8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=no dst-address=4.2.2.2 dst-port=53 layer7-protocol=testdns protocol=tcp to-addresses=8.8.8.8 to-ports=53

Why would you use this in Layer7 when dns already allows for regex and forwarding requests

/ip/dns/static> add regexp="^(?![\\w]*[-][\\d]{2})(.*[\\.]?ad\\.localdomain)$" forward-to=10.10.10.10
failure: name or regexp required

Because I want to forward DNS requests to different servers based on hostname request.

Using this rules:

Code: Select all

/ip firewall layer7-protocol
add name=testdns regexp=lantest.mindlesstux.com

/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-address=4.2.2.2 dst-port=53 layer7-protocol=testdns protocol=udp to-addresses=8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=no dst-address=4.2.2.2 dst-port=53 layer7-protocol=testdns protocol=tcp to-addresses=8.8.8.8 to-ports=53

Apparently you can do it for a host in regexp. But using the expression that I post above I can filter requests based on my needs.

Why would you use this in Layer7 when dns already allows for regex and forwarding requests

> /ip dns static add regexp="^(?![\\w]*[-][\\d]{2})(.*[\\.]?ad\\.localdomain)$" match-subdomain=yes type=FWD forward-to=10.10.10.10             
failure: name or regexp required

Maybe I misunderstand what you are trying to do, but everything you said can be done by dns.

/ip dns static add forward-to=8.8.8.8 match-subdomain=yes name=example.com type=FWD

/ip dns static add regexp="^(?![\\w]*[-][\\d]{2})(.*[\\.]?ad\\.localdomain)$"…
failure: name or regexp required

I have checked it several times in https://regex101.com/.

@tanget's right, RouterOS is closer to the C-runtime's more limited subset. But I'm not sure your doing anything tricky in the regex...

You can run a simple test on RouterOS CLI to check a regex too:

Code: Select all

:put ("aaa"~"[a]{3}")      
# true
:put ("aaa"~"[a]{4}") 
# false

But often what is more problematic is RouterOS's string interpolation rules - since regex's can have variables (not in /ip/dns/static, but generally, regardless string rules still apply). So the final $" is at least one problem, since that need to be escaped for RouterOS since $ is reserved for variable substitution, like \$.

RouterOS will process the string BEFORE regex evaluation, so stuff like " and \ also need to be escaped, \" or \\. The "?" is a special character in RouterOS v6, so it need to be escaped - but NOT in V7.

@tanget's right, RouterOS is closer to the C-runtime's more limited subset. But I'm not sure your doing anything tricky in the regex...

You can run a simple test on RouterOS CLI to check a regex too:

Code: Select all

:put ("aaa"~"[a]{3}")      
# true
:put ("aaa"~"[a]{4}") 
# false

But often what is more problematic is RouterOS's string interpolation rules - since regex's can have variables (not in /ip/dns/static, but generally, regardless string rules still apply). So the final $" is at least one problem, since that need to be escaped for RouterOS since $ is reserved for variable substitution, like \$.

RouterOS will process the string BEFORE regex evaluation, so stuff like " and \ also need to be escaped, \" or \\. The "?" is a special character in RouterOS v6, so it need to be escaped - but NOT in V7.

So... no \w, no \d, no ?!, etc., etc., etc.

So... no \w, no \d, no ?!, etc., etc., etc.

I am pretty sure I have code that uses "\w"...

Edit... Scratch that... It was "\b". Confusing these two all the time.

> :put ("abc" ~ "^\\w\\w\\w\$")    
true

If using :put with your regex does not work to match true/false correct, it ain't going to work as a /system/script. As I said the $ is WRONG and needs escaping. A :put at the CLI would catch that.

You've never said what it should match, so hard to know what's right/wrong (and the ?! may not be allowed). Assuming the $ becomes a \$ - you can use the :put ("matchtest"~"[m][a][t][c][h].*") like you're using regex101 to test it.

Code: Select all

:put ("test-01.ad.localdomain"~"^(?![\\w]*[-][\\d]{2})(.*[\\.]?ad\\.localdomain)\$")
# false
 :put ("matchtest"~"[m][a][t][c][h].*")
# true
:put ("matchtest"~"^[t][e][s][t].*") 
# false

But yeah in a /system/script, you need to use /log/info "msg", instead of :put to "see" output from /system/script or schedule.

 > :put ("test.ad.localdomain"~"^(?![a-zA-z0-9]*[-][0-9]{2})(.*[\\.]?ad\\.localdomain)\$")   
false
 > :put ("test.ad.localdomain"~"^([\\W]*[-][\\D]{2})(.*[\\.]?ad\\.localdomain)\$")   
false
 > :put ("test.ad.localdomain"~"^([\\W]*[-][\\D]{2})(\\.*[\\.]?ad\\.localdomain)\$")
false

Yes, the obsolete help from MikroTik must be updated...

\w and \W work on both v6 and v7 (from what version? on 6.48.7 work),
\d and \D do NOT work on v6 (tested on 6.48.7) but work on v7 (tested on 7.15.1),

(?!) is not supported from both:

Code: Select all

v7] > :put ("test0"~"test(?!\\d)")       
false

v7] > :put ("testX"~"test(?!\\d)") 
false
# must be true, ?! is unsupported

# but can be writed on this way, for same result...
v7] > :put ("testX"~"test\\D") 
true

Probably the wrong RegEx provided from the OP can be replaced with working one, if the OP provide some examples for what must match and what not....


Notice: Some section, like DNS, layer7, or script, apparently have different rules for RegEx syntax............

Still... Looks like "\w" does work:

Code: Select all

> :put ("abc" ~ "^\\w\\w\\w\$")    
true

:put ("a"~"[\\D]")   
# false
:put ("a"~"[\\w]") 
# false

:put ("a"~"\\w")  
true
:put ("a"~"\\D") 
true

Good to hear. You do kinda have to test them, since RouterOS has its own flavor. I kinda knew the ?! was likely not going work here.

But \\D \\w etc stuff I'm not sure about... and seemingly the 3rd problem here (1st being the lack of escaped "\$", 2nd the "?!" does not work) since OP using the [A-z] style...

Still... Looks like "\w" does work:

Code: Select all

> :put ("abc" ~ "^\\w\\w\\w\$")    
true

While those work "standalone", RouterOS does not seem to process them in a character class. Maybe this right in some flavor, but these should be "true" IMO:

Code: Select all

:put ("a"~"[\\D]")   
# false
:put ("a"~"[\\w]") 
# false

Matching without the char-class [], and just char-class-escape, they do work:

Code: Select all

:put ("a"~"\\w")  
true
:put ("a"~"\\D") 
true

I generally use the [A-z] or [^A-z] style - since I think it's more readable. But I would have thought "[\\w]" would work...

I already pulled my hair out because of this limited POSIX regex implemention of ROS. In my case, make it very hard to impossible to write a regex for FWD for any subdomain except not matching 2 explicit 3rd Level Domains. Easy with negative lookahead, but Mikrotik likes us to suffer.

So, just use: .*[^lan|^wlan].ad.localdomain$|^ad.localdomain$

:put ("a1com"~"a\\.com") 
# false
:put ("a1com"~"a.com")  
# true

:put ("a.com"~"a[.]com") 
# true
:put ("a1com"~"a[.]com") 
# false