I want to implement a Windows Service that will by default block/allow all network connections and whitelist/blacklist specific domain names (like google.com).
I looked at Windows Filtering Platform but it does not seem I can filter on domain names, only on exact IPs. The problem is that IPs corresponding to domain names might change over the time and there might be multiple for one domain name.
How can I do this filtering on domain names ?
Note that if you only filter by DNS name, your filter can easily be circumvented by using an IP address. So filtering by IP address will be more robust.
You can do reverse IP lookups to get associated domain names. You'll probably want to implement a reverse IP address lookup cache. You would flush entries in the cache when they've exceeded their DNS TTL.
If you want to stick solely with domain names (and depending on where you want to do the filtering) you could hook winsock.dll. See this on SO. Your winsock hook would filter gethostbyname() and other APIs that resolve DNS names.