Hi you can use this
Used to match packets containing DNS names in a given dnslist. Following dnslist, there
needs to be a name of a DNS list as specified by the #dns command.
For example, consider the following DNS list:
#dns gglist www.Digi.co.,www..co.nz
The following firewall rule blocks all DNS lockups to DNS names matching the above list:
block out break end on ppp 1 proto udp dnslist gglist from any to any port=dns
This is the other way round.
you would allow the list and block all dns lookups
#dns gglist .Digi.com ,.microsoft.com
pass out break end on ppp 1 proto udp dnslist gglist from any to any port=dns
block out break end on ppp 1 proto udp from any to any port=dns
if you are only after a very few sites you could use
pass out break end from any to www.digi.com port=http
block break end from any to any port=http
hope this helps