Create a Post
Showing results for 
Search instead for 
Did you mean: 

Domain Object CNAME Question

I have a query regarding how Domain objects handle CNAMES following trying to configure specific access for a customer system, which doesn't work when I specify the domains they've told me to allow.

I’ve done some testing in my lab.  Please also refer to the screenshot lower down.

A DNS lookup on returns, which in turn returns, which in turn gives an IP address to connect to.  The IP address is different every time you refresh.

In my lab I allowed the name  The page timed out and other traffic was also dropped.

In my lab I then allowed all three names:


The page still timed out.

In my lab I then allowed *  (i.e with the FQDN box unticked).  The page now loads immediately.

I’m not yet sure why it didn’t work when I allowed all of the names shown in the tcpdump.  But it seems quite clear that allowing a specific domain name in the rule doesn't automatically allow any CNAME's it resolves to.  I don't want to allow the whole of

Does anyone have any thoughts?  Am I doing something wrong?


0 Kudos
4 Replies
This widget could not be displayed.