Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 11064 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can I use a regex in a DNS Group?

Coder68
I want to create one definition for all 20 of Box.net's CDNs.

Is there an easier way to do this? I tried regex, but that did not work. (Which makes sense).

Desired objects: https://cdn01 – 20.boxcdn.net

Thanks,

C68


This thread was automatically locked due to age.
Parents
  • 0
    Name servers don't know how to deliver IPs for multiple FQDNs, let alone for any "wildcard" pattern.

    If you have an FQDN with multiple A-records, a DNS Group definition will contain all of those IPs and a DNS Host definition will contain only one.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Doesn't *.xyzcorp.com just mean allow or block anything that ends in xyzcorp.com

    I think thats what others (and myself) have been asking for (for the last how many years now...)

    Maybe some wanted something different, but I (and I assume others) just want a match on the xyzcorp.com.

     

    Real world example for me:  Allow Amazon Echo to send traffic to ANY amazonaws.com or amazon.com domain name, who cares about subdomains, the base domain of amazonaws.com or amazon.com is all that matters in this case can't you just match the string amazonaws.com and not care whats to the left of that?

    Not exactly sure how to make that work with iptables, but there has to be some way.

Reply
  • 0 in reply to BAlfson

    Doesn't *.xyzcorp.com just mean allow or block anything that ends in xyzcorp.com

    I think thats what others (and myself) have been asking for (for the last how many years now...)

    Maybe some wanted something different, but I (and I assume others) just want a match on the xyzcorp.com.

     

    Real world example for me:  Allow Amazon Echo to send traffic to ANY amazonaws.com or amazon.com domain name, who cares about subdomains, the base domain of amazonaws.com or amazon.com is all that matters in this case can't you just match the string amazonaws.com and not care whats to the left of that?

    Not exactly sure how to make that work with iptables, but there has to be some way.

Children
  • 0 in reply to JamieBah1

    Jamie, this thread is in the Web Protection forum, so it's about skipping the Transparent Proxy for *.xyzcorp.com sites.  This only can be done by complete FQDNs as there is no DNS that knows how to include all sub-domains when responding to a name resolution request.  It would be necessary to have the proxy do rDNS on every IP to facilitate doing this.

    The more practical solution for skipping the Proxy is to use Standard mode.  In Standard, it's the browser that decides to skip the Proxy, so you can use .xyzcorp.com.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML