Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

beginner: blocking domains using list

I read somewhere that the IOS I'm using recognises domain names, so I was wondering if it is possible to create a master blacklist of domains and store the list in a text file on the flash, and then create a rule that will deny/block access to any domain in the list. Can this be done?

If not, is there any other (easy) way to block a large number of domains? - preferably something that can be easily updated and added to.

thanks for any advice.

1 REPLY
New Member

Re: beginner: blocking domains using list

Unless it has changed recently, IOS doesn't allow you to use domain names in ACLs. If DNS is set up on the router and you enter a FQDN, it will convert it to IP address.

For the list, the best option for that are Network Object Groups. To do this you would enter something like:

object-group BadServers

host 1.1.1.1

host 2.2.2.2

access-list 100 extended deny ip any object-group BadServers

access-list 100 extended ...

To update the list, you would just add hosts to the object group

99
Views
0
Helpful
1
Replies