CIS treats host names as a single closed consecutive range of IP addresses from low to high,
How do you manage multiple single IP addresses or multiple IP address ranges that do not belong to or fall into the host name IP addresses?
In other words, how do you manage the IP address holes of a host name and how do you know what IP addresses belong to a host name and when there is change in IP addresses used by that host name?
I'm really wondering how you take care all of this.
Maybe I haven’t actually encountered a context where it failed.
To take care of that I use a DNS server since that’s why they are made for.
A firewall isn’t supposed to manage hosts in the first place. Only IP, ports and protocols depending of their implementation levels.
But since CIS has the feature, I agree that it has to be fixed.
I think that the devs are aware of the shortcomings of a FW rule based on a host name and that they are competent enough to correct the host name implementation so that it works as everyone would expect it to work. That is, look up a host name and create/update the matching IP table and create/update the FW rule based on that host name's IP table.
But maybe this is easier said than done...
It need to build it’s own DNS database somehow, and has to block DNS requests for the given hosts in the blocklist, but also to block connection to the IPs that can be DNS reversed to the ones in the blocklist, as long as the actual DNS server doesn’t bypass all its protection he try to provide.
