Firewall DNS reverse- forward lookup

admjcd admjcd at volpe.dot.gov
Thu Jan 1 06:52:10 UTC 2004




Hello all,

  WE are having an issue with our Raptor firewall dropping packets because of a reverse - forward lookup fails. Here is the log and a link to why raptor logs it:

  "mw203.mail2world.com 66.28.189.203: reverse address 66.28.189.80 doesn't match -- denied"

 http://www.firetower.com/faqs/logfiles/dnserrors.html

  My questions is :  Is this a valid security check (reverse-forward)?  Is Raptors' rule to just drop these connections valid?  How would such a rule handle round-robin, where a forward lookup can return a a different IP? Or a number of IP's?  Do any of you have any experience with this?  TIF  so much if you do!!  And happy new Year!!!.

Signed, 

   struggling


More information about the bind-users mailing list