Populate oblect group from DNS

[mackland1903]

Hi


Is there any way to create a access group from a DNS query online.


Want my AV to update allowing there update name (update.av.com) but as DNS names public IPS change all the times I cannot create a access group with thousands of IP's.


Seen some talk on access lists but was wondering if it can be done with access groups as well so that the access group is populated by the latest nslookup and the access list with assigned ports allows the updates to pc/s


Any help appreciated

 

[burtsbees]

Have you tried creating a network-object with the FQDN? Also, for an easy ACL, you can create a port-service object group.

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY