Skip to Content

How to allow domain and block another domain if both resolve to the same IP address

This article describes how to allow a domain but block another one when both domains resolve to the same IP address

Scope

FortiGate.

Solution

There will be two domains for this issue: footballnsw.com.au and tenantsvic.org.au.

Both these domains resolve to the same IP.

Both these domains resolve to the same IP.

It is necessary to block footballnsw.com.au and allow tenantsvic.org.au. If the firewall policy is used to block an FQDN (using an FQDN object), both domains will be blocked. Instead, use one of the following:

  1. Web filtering to allow FQDN or block it using URL filter table. This requires web filtering license and deep inspection profile
  2. Using Local Domain filter in DNS profile to block traffic

Using Local Domain filter in DNS profile to block traffic

If the firewall policy is used to block an FQDN (using an FQDN object), both domains will be blocked. Instead, use one of the following.

After this DNS filter logs will show as follows:

date=2024-07-25 time=12:41:06 eventtime=1721875266099252237 tz="+1000" logid="1501054400" type="utm" subtype="dns" eventtype="dns-response" level="warning" vd="root" policyid=2 poluuid="fe46c770-4a2e-51ef-653d-e22beadbf7ca" policytype="policy" sessionid=1118 srcip=10.14.2.106 srcport=64433 srccountry="Reserved" srcintf="port2" srcintfrole="undefined" dstip=10.56.255.20 dstport=53 dstcountry="Reserved" dstintf="port1" dstintfrole="undefined" proto=17 profile="test" xid=53595 qname="footballnsw.com.au" qtype="A" qtypeval=1 qclass="IN" ipaddr="208.91.112.55" msg="Domain was blocked because it is in the domain-filter list" action="redirect" domainfilteridx=1 domainfilterlist="test"