I'm by default blocking all outgoing (as well incoming) traffic, I do allow it only by explicitly adding the address to an "allow" list.
This works fine, but today I experienced this funny problem: the address www.edn.com gets not blocked eventhough it's not explicitly allowed to pass out or in.
A little research and testing shows that this address has a canonical name www.edn.com.edgekey.net in the DNS:
So, does this indicate an error in RouterOS DNS ?$ nslookup www.edn.com
Server: 192.168.x.x
Address: 192.168.x.x#53
Non-authoritative answer:
www.edn.com canonical name = www.edn.com.edgekey.net.
www.edn.com.edgekey.net canonical name = e1899.a.akamaiedge.net.
Name: e1899.a.akamaiedge.net
Address: 104.81.79.46
Thx