Mikrotik RouterOS Dynamic Update Script for OpenDNS

There is a need to provide some level of parent control and kids safe Internet access at home. Using OpenDNS is a easy and cost free solution.

To customize the web security filtering policies for your own case, you need to update home Internet public IP to OpenDNS so that the customized your policy will be applied. In a dynamic IP situation, it is essential to keep telling OpenDNS the latest correct Internet IP. Instead of install OpenDNS updater client on MAC/WIN/LINUX, we can use Mikrotik RouterOS scripts to update the IP directly.

Open Mikrotik Winbox, system-scripts, create a new one.

The following permissions are required for this script to run:

  • write
  • test
  • read
  • policy

Use the below script to update the IP when Internet IP changes.

#--------------- Change Values in this section to match your setup ------------------

# User account info of OpenDNS

# Update-only password (obtained from OpenDNS Support). With two-factor authentication enabled, the use of an update only password is required. 

:local odnsuser "[email protected]"
:local odnspass "update-only-password"

# Set the hostname or label of network to be updated. This is the name of your OpenDNS network on the Dashboard. 
# Hostnames with spaces are unsupported. Replace the value in the quotations below with your host name.
# Only one host is supported
# Use "all.dnsomatic.com" for the matichost to update all items in dnsomatic with this IP.

# Note, you must have admin or edit (Read/Write/Grant in the OpenDNS Dashboard) to update IP addresses. 

:local odnshost "networkname"

# Change to the name of interface that gets the changing IP address

# May not be needed for your model number - commenting out this line may still work for single interface devices or if this is not supplied in the DNS-O-Matic script currently being used

:local inetinterface "ether1"

#------------------------------------------------------------------------------------

# No more changes needed, one optional change

:global previousIP;

:log info "Fetching current IP"

# Get the current public IP using DNS-O-Matic service.
/tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=mypublicip.txt

# Read the current public IP into the currentIP variable.
:local currentIP [/file get mypublicip.txt contents]

:log info "Fetched current IP as $currentIP"

# --------- Optional check to only run if the IP has changed (one line: :if)

# to disable, set line below to: ":if ($currentIP != 1) do={"

:if ($currentIP != $previousIP) do={
:log info "OpenDNS: Update needed"
:set previousIP $currentIP

# The update URL. Note the "\3F" is hex for question mark (?). Required since ? is a special character in commands.

# Some older editions of the MicroTik/WinBox OS require the following line instead (http) whereas newer versions require https.

# :local url "http://updates.opendns.com/nic/update\3Fhostname=$odnshost"


:local url "https://updates.opendns.com/nic/update\3Fhostname=$odnshost"
:log info "OpenDNS: Sending update for $odnshost"

/tool fetch url=($url) user=$odnsuser password=$odnspass mode=http dst-path=("/net_odns.txt")

:delay 2;

:local odnsReply [/file get net_odns.txt contents];

:log info "OpenDNS update complete."

:log info "OpenDNS reply was $odnsReply";

} else={

:log info "OpenDNS: Previous IP $previousIP and current IP equal, no update need"
}

Then create another ‘scheduler’ to run above script eg. every hour.

You will probably want a second scheduler event run this script upon RouterOS startup.

If for whatever reason the update fails, the script will not update until the IP address changes again. This is rare, but could happen. It would be recommended to set up a third scheduler with longer intervals (maybe 4 hour) to run a script with the following code:

:global previousIP;
:set previousIP ""

:log info "Cleared previousIP to force DNS-O-Matic update on next run."

The following permissions are required for this script to run:

  • write
  • test (for ROS 6.0+)
  • read (for ROS 6.0+)
  • policy (for ROS 6.0+)

It will silently fail if it doesn’t have this permission.

Leave a Reply

Your email address will not be published. Required fields are marked *