Firewall DNS reverse- forward lookup
admjcd at volpe.dot.gov
Thu Jan 1 06:52:10 UTC 2004
WE are having an issue with our Raptor firewall dropping packets because of a reverse - forward lookup fails. Here is the log and a link to why raptor logs it:
"mw203.mail2world.com 126.96.36.199: reverse address 188.8.131.52 doesn't match -- denied"
My questions is : Is this a valid security check (reverse-forward)? Is Raptors' rule to just drop these connections valid? How would such a rule handle round-robin, where a forward lookup can return a a different IP? Or a number of IP's? Do any of you have any experience with this? TIF so much if you do!! And happy new Year!!!.
More information about the bind-users