pfsense is setup like this:
pfsense--WAN (public IP x)
--OPT1 (public IP y/30)
Connected to OPT1 is client's cisco firewall which is NATing for a
172.21.50/23 subnet. Their dhcp is handing out pfsense's OPT1 address
as DNS server, and pfsense is running DNS forwarder. This works well,
but I see a lot of this in tcpdump:
12:16:56.091858 IP 172.21.253.1.52683 > 69.165.225.178.53: 55447+ SOA?
166.50.21.172.in-addr.arpa. (44)
12:16:57.104593 IP 172.21.253.1.52683 > 69.165.225.178.53: 55447+ SOA?
166.50.21.172.in-addr.arpa. (44)
12:16:58.118720 IP 172.21.253.1.52683 > 69.165.225.178.53: 55447+ SOA?
166.50.21.172.in-addr.arpa. (44)
12:17:00.130979 IP 172.21.253.1.52683 > 69.165.225.178.53: 55447+ SOA?
166.50.21.172.in-addr.arpa. (44)
12:17:04.140636 IP 172.21.253.1.52683 > 69.165.225.178.53: 55447+ SOA?
166.50.21.172.in-addr.arpa. (44)
12:17:08.150841 IP 172.21.253.1.64392 > 69.165.225.178.53: 20581+ SOA?
172.50.21.172.in-addr.arpa. (44)
12:17:09.162988 IP 172.21.253.1.64392 > 69.165.225.178.53: 20581+ SOA?
172.50.21.172.in-addr.arpa. (44)
12:17:10.177054 IP 172.21.253.1.64392 > 69.165.225.178.53: 20581+ SOA?
172.50.21.172.in-addr.arpa. (44)
12:17:12.189584 IP 172.21.253.1.64392 > 69.165.225.178.53: 20581+ SOA?
172.50.21.172.in-addr.arpa. (44)
12:17:16.198448 IP 172.21.253.1.64392 > 69.165.225.178.53: 20581+ SOA?
172.50.21.172.in-addr.arpa. (44)
12:17:20.210048 IP 172.21.253.1.62240 > 69.165.225.178.53: 5700+ SOA?
175.50.21.172.in-addr.arpa. (44)
12:17:21.221601 IP 172.21.253.1.62240 > 69.165.225.178.53: 5700+ SOA?
175.50.21.172.in-addr.arpa. (44)
12:17:22.235856 IP 172.21.253.1.62240 > 69.165.225.178.53: 5700+ SOA?
175.50.21.172.in-addr.arpa. (44)
12:17:24.247893 IP 172.21.253.1.62240 > 69.165.225.178.53: 5700+ SOA?
175.50.21.172.in-addr.arpa. (44)
12:17:28.256892 IP 172.21.253.1.62240 > 69.165.225.178.53: 5700+ SOA?
175.50.21.172.in-addr.arpa. (44)
12:17:32.267370 IP 172.21.253.1.53081 > 69.165.225.178.53: 32343+ SOA?
177.50.21.172.in-addr.arpa. (44)
12:17:33.280650 IP 172.21.253.1.53081 > 69.165.225.178.53: 32343+ SOA?
177.50.21.172.in-addr.arpa. (44)
172.21.253.1 is the Windows DNS server on the client's network which
they were using, but won't be using for this subnet in the future. The
DNS server option was changed in DNS just a few hours short of 7 days
ago, and dhcp leases are 1 week, so I suppose it's possible but not
likely that there are dhcp clients active on that network that are
still using (or trying to use) the old DNS server.
So I'm just wondering exactly what these packets are about and whether
I should be concerned at all for proper DNS function. I did a bit of
searching on SOA DNS but no lights are going on for me yet.
db
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
