On Sat, Nov 08, 2003 at 01:00:06PM -0800, Jason C. Wells wrote: > If one of my clients makes a DNS query for a hostname that is not cached, > my firewall subsequently makes a flurry of PTR queries. I am at a loss to > explain why. > > For example: > > XX+/192.168.1.13/126.96.36.199.in-addr.arpa/PTR/IN > XX+/192.168.1.13/www.davinci.com/A/IN > XX+/192.168.1.1/188.8.131.52.in-addr.arpa/PTR/IN > XX+/192.168.1.1/10.24.230.130.in-addr.arpa/PTR/IN > XX+/192.168.1.1/184.108.40.206.in-addr.arpa/PTR/IN > XX+/192.168.1.1/10.102.230.130.in-addr.arpa/PTR/IN > XX+/192.168.1.1/220.127.116.11.in-addr.arpa/PTR/IN > XX+/192.168.1.1/18.104.22.168.in-addr.arpa/PTR/IN > ... and many more ... > > The firewall is 192.168.1.1. > > But if I do the query on a cached hostname, no such wierdness occurs. > > XX+/192.168.1.13/22.214.171.124.in-addr.arpa/PTR/IN > XX+/192.168.1.13/www.davinci.com/A/IN > > My DNS servers are behind the firewall. I use port translation to run the > DNS through the firewall. The DNS queries complete successfully. I fixed > the problem with my secondary nameserver not responding (thanks Pete > Elkhe, my NAT was buggered). > > The PTR records the firewall is seeking are mostly for nameservers. > Sometimes the PTRs the firewall is looking for are not resolvable. The > PTRs don't seem to be related to the domain in question. > > What the heck is my firewall doing looking for those PTR records?
Could you mail the output of ipfw to me. I'll take a look in the morning if i see something wierd. (I'll prefere this command: 'ipfw s | mail -s 'ipfw & dns' [EMAIL PROTECTED]') -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"