SophosXL lookups

Question

I have an acceleration network device that is trying to accelerate the SophosXL HTTP lookups. 
 https://community.sophos.com/kb/en-us/117936 
 http.0X.a.sophosxl.net HTTP SXL3.1 Web category lookups (Web control), Web protection http.0X.s.sophosxl.net HTTP SXL3.1 Alias for above Web category lookups (Web control) 
 I need to whitelist them.. there's no need for acceleration to be performed on this HTTP.. pointless.. and it overloads the engine. 
 Now.. that is the hard part now.. trying to whitelist these... 
 Strangely... if you nslookup against http.00.a.sophosxl.net and http.00.s.sophosxl.net you only get one IP address coming back (say.. as opposed to, nslookup'ing google.com). 
 But there is some DNS round-robin'ing/CDN on this service.. because last octet's bounce around the 54.251.46.0 /24 range (or that's as narrowed down as I can see). 
 
 It would be nice if we have a dedicated range to this service ? IP wise ? 
 Or, there would be ALL IP addresses broadcasted in the DNS pointer for this FQDN. 
 
 Thoughts all ?

QC · Accepted Answer

Hello MichaelGioia, 
 if you do a reverse lookup you'll see the addresses belong to amazonaws.com . Guess you won't be able to obtain a range more specific than the AWS IP Range for your region or a list of addresses other than by performing a number of lookups. While you can assume that the host will still be there after the TTL (I see 60 seconds) has expired you can't tell for how long the address will actually be valid. 
 Christian