Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

allowing acl to a dns address

Hi all, if I want to allow my hosts to access a certain host name, how can I do this ?

6 REPLIES
New Member

Re: allowing acl to a dns address

I cannot see access list to a dns name on there, is it possible?

Re: allowing acl to a dns address

Carl,

Let me bring your attention to a specific part of the URL I posted:-

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1

access-list 101 permit udp host 10.1.1.2 host 172.16.1.1

access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255

So now lets think about DNS - typically a DNS query is UDP port 53 right?

So in URL I posted and the above capture of some of the post, a typical extended access-list you specify:-

1) Permit or Deny

2) Layer 3 IP or Layer 4 TCP/UDP - there are more options...but for this we can forget about them

3) Source network or source host

4) Source tcp/udp port number

5) Destination network or desintation host

6) Destination tcp/udp port number

I think the above explains it all.

Green

Re: allowing acl to a dns address

I believe he's asking if you can use an fqdn in the acl.

Re: allowing acl to a dns address

In that case - no it's not possible to use a fqdn in an acl.

I mis-understood the post.

New Member

Re: allowing acl to a dns address

yes thats correct

139
Views
0
Helpful
6
Replies