beginner: blocking domains using list

Unanswered Question
Apr 22nd, 2009

I read somewhere that the IOS I'm using recognises domain names, so I was wondering if it is possible to create a master blacklist of domains and store the list in a text file on the flash, and then create a rule that will deny/block access to any domain in the list. Can this be done?

If not, is there any other (easy) way to block a large number of domains? - preferably something that can be easily updated and added to.

thanks for any advice.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mmacdonald70 Wed, 04/22/2009 - 14:22

Unless it has changed recently, IOS doesn't allow you to use domain names in ACLs. If DNS is set up on the router and you enter a FQDN, it will convert it to IP address.

For the list, the best option for that are Network Object Groups. To do this you would enter something like:

object-group BadServers

host 1.1.1.1

host 2.2.2.2

access-list 100 extended deny ip any object-group BadServers

access-list 100 extended ...

To update the list, you would just add hosts to the object group

Actions

This Discussion