groove/routeros-scripts-main
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2026-01-17 22:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

netwatch-dns: support multiple certificates

Browse source 
Some services use certificates issued by differnt CA certificates,
depending on geolocation. One example is dns.google, which may require
either of 'GTS Root R1' or 'GTS Root R4'.

    /tool/netwatch/add comment="doh, dns, name=google-dns-ipv4, doh-cert=GTS Root R1:GTS Root R4" host=8.8.8.8 type=simple;
This commit is contained in:
Christian Hesse 2026-01-16 13:51:37 +01:00
parent 330a616406
commit 0fffb5198e
1 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
netwatch-dns.rsc
View file

@ -17,6 +17,7 @@
:local ScriptName [ :jobname ];
:global CertificateAvailable;
:global CharacterReplace;
:global EitherOr;
:global IsDNSResolving;
:global LogPrint;
@ -103,10 +104,12 @@
}
:foreach DohServer in=$DohServers do={
:if ([ :len ($DohServer->"doh-cert") ] > 0) do={
:if ([ $CertificateAvailable ($DohServer->"doh-cert") "fetch" ] = false || \
[ $CertificateAvailable ($DohServer->"doh-cert") "dns" ] = false) do={
$LogPrint warning $ScriptName ("Downloading certificate failed, trying without.");
:foreach DohCert in=[ :toarray [ $CharacterReplace ($DohServer->"doh-cert") ":" "," ] ] do={
:if ([ :len $DohCert ] > 0) do={
:if ([ $CertificateAvailable $DohCert "fetch" ] = false || \
[ $CertificateAvailable $DohCert "dns" ] = false) do={
$LogPrint warning $ScriptName ("Downloading certificate '" . $DohCert . "' failed, trying without.");
}
}
}