Firewall Making Many DNS PTR Queries
Alex de Kruijff
freebsd at akruijff.dds.nl
Sat Nov 8 15:28:52 PST 2003
On Sat, Nov 08, 2003 at 01:00:06PM -0800, Jason C. Wells wrote:
> If one of my clients makes a DNS query for a hostname that is not cached,
> my firewall subsequently makes a flurry of PTR queries. I am at a loss to
> explain why.
> For example:
> ... and many more ...
> The firewall is 192.168.1.1.
> But if I do the query on a cached hostname, no such wierdness occurs.
> My DNS servers are behind the firewall. I use port translation to run the
> DNS through the firewall. The DNS queries complete successfully. I fixed
> the problem with my secondary nameserver not responding (thanks Pete
> Elkhe, my NAT was buggered).
> The PTR records the firewall is seeking are mostly for nameservers.
> Sometimes the PTRs the firewall is looking for are not resolvable. The
> PTRs don't seem to be related to the domain in question.
> What the heck is my firewall doing looking for those PTR records?
Could you mail the output of ipfw to me. I'll take a look in the
morning if i see something wierd. (I'll prefere this command:
'ipfw s | mail -s 'ipfw & dns' freebsd-reply at akruijff.dds.nl')
Articles based on solutions that I use:
More information about the freebsd-questions