Destination domain in Outbound Policy rule

Product Discussion
#1

From https://forum.peplink.com/t/understanding-and-configuring-outbound-policy/15156:

Domain Name - applies to traffic destined to a particular domain name, ex- foobar.com and .foobar.com. *
NOTE - Placing wildcards in any other position is not supported.

I think there is an issue with page formatting there (Markdown syntax?) where the domain name wildcards are formatted incorrectly. Can someone from Peplink please take a look and adjust?

Reason for request: I have an issue with a corresponding rule not working as expected and would like to ensure I am interpreting the documentation correctly.

#2

The outbound policy for domain name doesn’t always work. It requires a reverse DNS to match your domain name. Since most stuff is done via the cloud - reverse DNS seldom resolves to the DNS entry that you used to get the IP address. i.e. www.xbox.com will give you 5 returned IP addresses. If you do a reverse DNS lookup on any of those IP addresses - you won’t get back xbox.com.

I brought it up back in 2017. Routing by DNS name

Is that something that might be causing what you are seeing?

#3

Yes, I suppose it could be. That’s one reason for asking Peplink to update that documentation page.

None of the Outbound Policy rules around this seem to work. For example, I’ve tried the following:

image
image1472×641 41.8 KB

And then bumped it to the top like this:

image
image1677×803 81.6 KB

In this example the “WAN: Ethernet” connection is disabled in the interface (and physically not plugged). Requests to domain.com still go via the next Outbound Policy rule.

#4

Just confirming that you also hit the “Apply Changes” and then waited a minute before trying to send traffic?

An easy test is to open up a command shell and do a DNS lookup

nslookup domain.com

You will see it return an IP address or a list of IP addresses. Now, do a reverse DNS lookup against the IPs that were returned from the query for domain.com

nslookup 127.0.0.1

If the response from the reverse DNS query gives you the DNS name domain.com – the routing by DNS rule should work for you.