restriction on domains

[jeetu_chaudhari]

I am having NGX checkpoint with server based firewall module.

we have last rule as any any service any drop.
now i am making one domain object as .microsoft.com
then i am making rule as src=>xyz dst=> .microsoft.com service=> http https action=>allow
but my firewall droping my connection according to last rule.

Also,
Access to DNS server on UDP port is allowed from any source
& in global properties also i checked accept UDP queries then
why my connection is droping ? why firewall is not resolving the domain to IP ?

[ButlerKevinD]

I've tried the same thing. We were attempting to block anything resolving to .easynews.com as a destination, and doing so blocks everything going out of our network. I read where there was a delay or something until the domain name and ip was resolved and added into the cache, but how long of a delay are we talking about?? A few minutes?? Thanks in advance for any replied!!

[Sergej]

jeetu:

May be the problem is Microsoft use Akamay internet proxy and acceleration services to deliver content and reverse DNS lookup is not always correct?

As a workaround you can use HTTP URI resourse with match on HTTP host. So the solution is to deny enytind but HTTP with URI wit one or several sites (several sites can be imported from file).