Object Group from DNS query

neil.mackland1 · ‎11-08-2016

Hi

Is there any way to create a access group from a DNS query online.

Want my AV to update allowing there update name (update.av.com) but as DNS names public IPS change all the times I cannot create a access group with thousands of IP's.

Seen some talk on access lists but was wondering if it can be done with access groups as well so that the access group is populated by the latest nslookup and the access list with assigned ports allows the updates to pc/s

Any help appreciated

Kanwaljeet Singh · ‎11-08-2016

Hi Neil,

Yes, you can. Please go through the below link for details:

https://supportforums.cisco.com/document/66011/using-hostnames-dns-access-lists-configuration-steps-caveats-and-troubleshooting

Hope this helps!

Regards,

Kanwal

Note: Please mark answers if they are helpful.

neil.mackland1 · ‎11-08-2016

Hi

and thanks for the info but I get a error on the command to create the object on the q of fqdn

IASA(config)# object network AV-UPDATES
IASA(config-network)# fqdn v4 update.av.com

any ideas?

Kanwaljeet Singh · ‎11-09-2016

Hi Neil,

It works fine for me.

ciscoasa(config)# object network AV-UPDATES
ciscoasa(config-network-object)# fqdn v4 update.av.com
ciscoasa(config-network-object)# exit

ciscoasa(config)# sh run object
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network AV-UPDATES
fqdn v4 update.av.com

I notice "IASA(config-network)#" it should be config-network-object. What is the version running on your ASA?

Regards,

Kanwal

Note: Please mark answers if they are helpful.