1 Reply Latest reply on Oct 5, 2012 10:57 AM by eelsasser

    DNS Resolution Issue

    leibbrandtsa

      Hi all,

       

      I have a quick question regarding the use of DNS when calling for a reverse lookup in a MWG 7 rule.  It appears that any reverse DNS lookup (ie. DNS.Lookup.Reverse (Client.IP)) must be from an authoritative server.  Any non-authoritative response will not work.  Given the way our DNS is structured, this is not ideal.  Is this the case and is there no way of over-riding it ?  Has anyone run into this issue and have a workaround/recommendation (other than making the required DNS servers authoritative) ?

       

      Thanks for any info you can provide !

       

      -S

        • 1. Re: DNS Resolution Issue

          It is not recommended to use reverse lookup of the client ip address except in rare circumstances. It will reduce the performance of MWG substantially.

           

          The only time i would even consider doing this is in the access_denied.log for entries that are blocked. And only if the DNS servers are well maintained and have proper PTR records int hem for the client population.

          1 of 1 people found this helpful