ACLs with FQDN

Answered Question
Oct 8th, 2008

Hello folks!!

Is there some way to permit or deny the traffic using ACLs with FQDN names instead of IP address?.

Thanks in advance!!

Correct Answer by ozzyosbu1 about 8 years 4 months ago

hello if i have understood your question correctly

access-list 101 permit ip any host host.domain.com

this is allowed in ACLs

you need to have ip domain-lookup enabled and should have ip name-server configured in the router

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ozzyosbu1 Wed, 10/08/2008 - 06:45

hello if i have understood your question correctly

access-list 101 permit ip any host host.domain.com

this is allowed in ACLs

you need to have ip domain-lookup enabled and should have ip name-server configured in the router

elias.manchon Mon, 10/13/2008 - 00:10

Hello Again!!

I have tried the next on my cisco router:

ip domain-lookup

...

ip name-server xxx.xxx.xxx.xxx

ip name-server yyy.yyy.yyy.yyy

If I send a ping like FQDN (example: www.cisco.com), there is not domain resolution. Appear the next:

Translating "www.cisco.com"... domain server (xxx.xxx.xxx.xxx) (yyy.yyy.yyy.yyy)

% Unrecognized host or address, or protocol not running.

Where the X address and Y address are the DNS of my ISP.

Could somebody help me please?.

Thanks in advance!!

ozzyosbu1 Mon, 10/13/2008 - 05:38

Make sure u are able to reach the DNS server from the router(using ping); also recheck if any access-lists are blocking the DNS requests from being forwarded to your ISP DNS Server.

Actions

This Discussion