Blocking specific top-level domains (TLDs) on a Meraki MX security appliance or MR wireless access point can be accomplished through the use of content filtering or layer 7 firewall rules.

Here's how you might do it:

1. Content Filtering on an MX:

The Meraki MX security appliances have built-in content filtering that can block access to specific websites or domains.

1. Navigate to "Security & SD-WAN" or "Security Appliance" > "Configure" > "Content filtering" in the Meraki Dashboard.
2. Under "Blocked website categories", you can select categories to block, or under "Blocked URL patterns", you can add specific domains or TLDs that you wish to block. For example, to block all zip domains, you would add zip

2. Layer 7 Firewall Rules on an MX:

The Meraki MX also allows you to set up Layer 7 firewall rules that can block traffic based on the application, port, or protocol.

1. Navigate to "Security & SD-WAN" or "Security Appliance" > "Configure" > "Firewall" in the Meraki Dashboard.
2. Under "Layer 7 firewall rules", you can add rules to block traffic based on patterns in the application data. However, this may not be as straightforward for blocking TLDs.

3. Layer 3 Firewall Rules on an MR:

For MR series access points, you can set up Layer 3 firewall rules to block traffic to specific IP addresses or ranges, but not specific TLDs. This would only be useful if the TLDs you want to block correspond to specific IP addresses or ranges.

4. DNS-Based Filtering:

For both MX and MR devices, another approach could be to use a custom DNS server that blocks specific TLDs. This would involve setting up or using a third-party DNS service that allows for custom filtering rules, and then pointing your MX or MR device to use this DNS server.