Firewall Making Many DNS PTR Queries
Jason C. Wells
jcw at highperformance.net
Sat Nov 8 13:00:12 PST 2003
If one of my clients makes a DNS query for a hostname that is not cached,
my firewall subsequently makes a flurry of PTR queries. I am at a loss to
explain why.
For example:
XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR/IN
XX+/192.168.1.13/www.davinci.com/A/IN
XX+/192.168.1.1/49.0.229.193.in-addr.arpa/PTR/IN
XX+/192.168.1.1/10.24.230.130.in-addr.arpa/PTR/IN
XX+/192.168.1.1/132.248.214.128.in-addr.arpa/PTR/IN
XX+/192.168.1.1/10.102.230.130.in-addr.arpa/PTR/IN
XX+/192.168.1.1/64.46.214.128.in-addr.arpa/PTR/IN
XX+/192.168.1.1/64.4.214.128.in-addr.arpa/PTR/IN
... and many more ...
The firewall is 192.168.1.1.
But if I do the query on a cached hostname, no such wierdness occurs.
XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR/IN
XX+/192.168.1.13/www.davinci.com/A/IN
My DNS servers are behind the firewall. I use port translation to run the
DNS through the firewall. The DNS queries complete successfully. I fixed
the problem with my secondary nameserver not responding (thanks Pete
Elkhe, my NAT was buggered).
The PTR records the firewall is seeking are mostly for nameservers.
Sometimes the PTRs the firewall is looking for are not resolvable. The
PTRs don't seem to be related to the domain in question.
What the heck is my firewall doing looking for those PTR records?
Thanks,
Jason C. Wells
More information about the freebsd-questions
mailing list