Date: Sat, 8 Nov 2003 13:00:06 -0800 (PST) From: "Jason C. Wells" <jcw@highperformance.net> To: freebsd-questions@freebsd.org Subject: Firewall Making Many DNS PTR Queries Message-ID: <Pine.BSF.4.44.0311081243460.16121-100000@s1.stradamotorsports.com>
next in thread | raw e-mail | index | archive | help
If one of my clients makes a DNS query for a hostname that is not cached, my firewall subsequently makes a flurry of PTR queries. I am at a loss to explain why. For example: XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR/IN XX+/192.168.1.13/www.davinci.com/A/IN XX+/192.168.1.1/49.0.229.193.in-addr.arpa/PTR/IN XX+/192.168.1.1/10.24.230.130.in-addr.arpa/PTR/IN XX+/192.168.1.1/132.248.214.128.in-addr.arpa/PTR/IN XX+/192.168.1.1/10.102.230.130.in-addr.arpa/PTR/IN XX+/192.168.1.1/64.46.214.128.in-addr.arpa/PTR/IN XX+/192.168.1.1/64.4.214.128.in-addr.arpa/PTR/IN ... and many more ... The firewall is 192.168.1.1. But if I do the query on a cached hostname, no such wierdness occurs. XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR/IN XX+/192.168.1.13/www.davinci.com/A/IN My DNS servers are behind the firewall. I use port translation to run the DNS through the firewall. The DNS queries complete successfully. I fixed the problem with my secondary nameserver not responding (thanks Pete Elkhe, my NAT was buggered). The PTR records the firewall is seeking are mostly for nameservers. Sometimes the PTRs the firewall is looking for are not resolvable. The PTRs don't seem to be related to the domain in question. What the heck is my firewall doing looking for those PTR records? Thanks, Jason C. Wells
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.44.0311081243460.16121-100000>