ACLs with FQDN

Answered Question
Oct 8th, 2008
User Badges:

Hello folks!!


Is there some way to permit or deny the traffic using ACLs with FQDN names instead of IP address?.


Thanks in advance!!

Correct Answer by ozzyosbu1 about 8 years 9 months ago

hello if i have understood your question correctly


access-list 101 permit ip any host host.domain.com


this is allowed in ACLs

you need to have ip domain-lookup enabled and should have ip name-server configured in the router


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ozzyosbu1 Wed, 10/08/2008 - 06:45
User Badges:

hello if i have understood your question correctly


access-list 101 permit ip any host host.domain.com


this is allowed in ACLs

you need to have ip domain-lookup enabled and should have ip name-server configured in the router


elias.manchon Mon, 10/13/2008 - 00:10
User Badges:

Hello Again!!


I have tried the next on my cisco router:


ip domain-lookup

...

ip name-server xxx.xxx.xxx.xxx

ip name-server yyy.yyy.yyy.yyy


If I send a ping like FQDN (example: www.cisco.com), there is not domain resolution. Appear the next:


Translating "www.cisco.com"... domain server (xxx.xxx.xxx.xxx) (yyy.yyy.yyy.yyy)

% Unrecognized host or address, or protocol not running.


Where the X address and Y address are the DNS of my ISP.


Could somebody help me please?.


Thanks in advance!!


ozzyosbu1 Mon, 10/13/2008 - 05:38
User Badges:

Make sure u are able to reach the DNS server from the router(using ping); also recheck if any access-lists are blocking the DNS requests from being forwarded to your ISP DNS Server.

Actions

This Discussion