From: "Paul Taylor" <PaulTaylor at winn dash dixie dot com>
> If there is a big call for this feature, I'm pretty sure it could be
> implemented... I'm just not sure that it's a good idea. A process would
> have to occasionally run to ensure that the IP Address for each FQDN that
> you're using hasn't changed, and if it has you'd have to update all the
> entries pointing to the old address to the new address. What would you do
> if DNS couldn't be resolved? Leave the old address? Time out the rule
> after a certain amount of time?
Here is the real fun... With inbound traffic do you have the FQDN
prefetched, or do you do a reverse lookup, which is probably different from
the forward lookup? And which ever way you go, someone will say you did it
wrong. :-) A lot of work for that 1 time in 10 when it would be handy.
However, with the popularity of dynamic DNS, it may by required in the
> Perhaps I'm just "old school" when it comes to firewalls...
And most of the time, that is the correct choice.
PS: Most people LIKE my car analogy. Usually brings a laugh... :-)