[luch]

because firewalls filter at the IP/port level, not at DNS level

[Hikikomori]

There are firewalls with those features.

[tecleandor]

Depending on what you want to do it's not applicable. You can only easily guess the domain from HTTP connections and maybe from other tcp stuff if you have TLS + SNI in front.

For example, you can't guess the target domain for an ssh connection.

[efdee]

But some routers will let you set a rule on a domain name. They will then resolve that domain name to an IP and use that internally, and do periodic lookups to refresh the IP they're referring to.

[tecleandor]

Thing is, if you're sharing that IP with several different domains, then you can't route properly :(

[worldsavior]

Use one domain.

[Hikikomori]

No. They do a dns lookup and allow the IP addresses returned.

[worldsavior]

The DNS server should return the IP.