Date: Sun, 09 Nov 2003 00:28:48 +0100 From: Alex de Kruijff <freebsd@akruijff.dds.nl> To: "Jason C. Wells" <jcw@highperformance.net> Cc: freebsd-questions@freebsd.org Subject: Re: Firewall Making Many DNS PTR Queries Message-ID: <20031108232848.GB532@dds.nl> In-Reply-To: <Pine.BSF.4.44.0311081243460.16121-100000@s1.stradamotorsports.com> References: <Pine.BSF.4.44.0311081243460.16121-100000@s1.stradamotorsports.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Nov 08, 2003 at 01:00:06PM -0800, Jason C. Wells wrote: > If one of my clients makes a DNS query for a hostname that is not cached, > my firewall subsequently makes a flurry of PTR queries. I am at a loss to > explain why. > > For example: > > XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR/IN > XX+/192.168.1.13/www.davinci.com/A/IN > XX+/192.168.1.1/49.0.229.193.in-addr.arpa/PTR/IN > XX+/192.168.1.1/10.24.230.130.in-addr.arpa/PTR/IN > XX+/192.168.1.1/132.248.214.128.in-addr.arpa/PTR/IN > XX+/192.168.1.1/10.102.230.130.in-addr.arpa/PTR/IN > XX+/192.168.1.1/64.46.214.128.in-addr.arpa/PTR/IN > XX+/192.168.1.1/64.4.214.128.in-addr.arpa/PTR/IN > ... and many more ... > > The firewall is 192.168.1.1. > > But if I do the query on a cached hostname, no such wierdness occurs. > > XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR/IN > XX+/192.168.1.13/www.davinci.com/A/IN > > My DNS servers are behind the firewall. I use port translation to run the > DNS through the firewall. The DNS queries complete successfully. I fixed > the problem with my secondary nameserver not responding (thanks Pete > Elkhe, my NAT was buggered). > > The PTR records the firewall is seeking are mostly for nameservers. > Sometimes the PTRs the firewall is looking for are not resolvable. The > PTRs don't seem to be related to the domain in question. > > What the heck is my firewall doing looking for those PTR records? Could you mail the output of ipfw to me. I'll take a look in the morning if i see something wierd. (I'll prefere this command: 'ipfw s | mail -s 'ipfw & dns' freebsd-reply@akruijff.dds.nl') -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031108232848.GB532>