> First post. Beginner- to intermediate user. > > How does PF update a table with hostnames resolved by round-robin DNS? > Is it just the first DNS response that is added to the table, or > multiple DNS responses?
pf doesn't do this, since it is in the kernel. pf only knows about addresses. It does not know about hostnames. pfctl is what is doing this; so this DNS translation happens when you run pfctl. So it depends on whether your pf.conf is dynamically adding it each time you run it. And if you only run pfctl once... > For example, is it possible to block a well-known social networking > site which resolves to multiple IP addresses, using a PF table > <socialnet> with just the hostname of the website? No. What you want is to expand to all of the addresses. Since address keep being added for such hostnames on the fly, it won't work.
