Is there a way to combine FMC DNS SI lists by the domain name feature and a particular DNS query type? Let's say I want to avoid type A DNS queries but I let type AAAA queries to go out for domain A, but I want both A and AAAA allowed for domain B. Or I do not want type LOC queries to be sent out anywhere. Is it possible?
I don't think DNS SI can give you this. Its lookup at domain name in the query (A or AAAA) and performs the analysis but you can't tweak for specific record types.
Yep, DNS policies (via SI) is an "all inclusive" for the domain, but maybe there was anther place that I was not aware we could do DNS related policies.
It is a shame - another fine granular feature missing from FMC. Thanks, though.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
