[CentOS] Can one construct an IPTables rule to block on NS records?

[Kenneth Porter]

--On Monday, October 05, 2015 10:46 AM -0400 "James B. Byrne" 
<byrnejb at harte-lyne.ca> wrote:

> So, is there any convenient way to construct an IPTables rule to block
> all IPs associated with a given Domain Name server?

Doing DNS queries within the kernel netfilter path would be bad.

You could run a cron job to update an iptables chain periodically with the 
results of a dig query. Some Perl could be used to do the query and 
generate the iptables commands.