I cannot see access list to a dns name on there, is it possible?

Carl,

Let me bring your attention to a specific part of the URL I posted:-

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1

access-list 101 permit udp host 10.1.1.2 host 172.16.1.1

access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255

So now lets think about DNS - typically a DNS query is UDP port 53 right?

So in URL I posted and the above capture of some of the post, a typical extended access-list you specify:-

1) Permit or Deny

2) Layer 3 IP or Layer 4 TCP/UDP - there are more options...but for this we can forget about them

3) Source network or source host

4) Source tcp/udp port number

5) Destination network or desintation host

6) Destination tcp/udp port number

I think the above explains it all.

I believe he's asking if you can use an fqdn in the acl.

In that case - no it's not possible to use a fqdn in an acl.

I mis-understood the post.

yes thats correct