Login or Register to Ask a Question and Join Our Community


IP Networking

RDNS Queries

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking RDNS Queries
# 1  
Old 02-10-2014
RDNS Queries
Hey everyone,

I have a question, I've been playing around with tcpdump, and noticed my machine making numerous rdns look ups. They are displayed like:

Code:
10.80.80.141.51234 > 10.80.80.1.domain: 9950+ PTR? 223.114.55.65.in-addr.arpa. (44)

My question is, if dns works based on numerical addresses... why does my machine care what the domain name of a site is..? And where are these requests coming from? I'm obviously not the one typing the addresses into my browser?
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Red Hat

NFS Queries

Hi, I would like to know on one server how many mouting can be done? wheather there is limitation on number of mounting? wheather it is possible to increase NFS Performance? if yes then which parameters needs to given while mounting? (3 Replies)
Discussion started by: manoj.solaris
3 Replies

2. UNIX for Dummies Questions & Answers

FTP Queries

Hi, 1) How to get exact permissions, group names for files while transferring with FTP 2) Is there any command to transfer entire directory and sub directories. Thanks (1 Reply)
Discussion started by: nag_sathi
1 Replies

3. Shell Programming and Scripting

Crontab queries

Hi Expert, How to schedule a job on last day of the month. Need your kind help. Regards, PK (3 Replies)
Discussion started by: pkrabi78
3 Replies

4. UNIX for Advanced & Expert Users

How many DNS queries

Is there any way to see how many queries come into our external DNS server? In looking at DNS providers, most of them base pricing on number of queries per month so I just wanted to see if you had any idea/way of gathering that data? A rough ballpark figure would even work. Our DNS server is... (1 Reply)
Discussion started by: raggmopp
1 Replies

5. Programming

Combine 3 queries

can these 3 be combined into 1 query? createtablea1as selecta.tps_Res_nb, b.tkt_prod_cd, b.tkt_prod_typ_nm, b.prod_intrnl_ds, b.tkt_prod_typ_nm AS TKT_ENTL_NM, casewhen b.tkt_prod_nm isnotnullthen b.tkt_prod_nm when b.tkt_prod_nm isnulland b.prod_intrnl_ds isnotnullthen... (1 Reply)
Discussion started by: dwr80
1 Replies

6. Homework & Coursework Questions

Queries

Any help on like where to get started on this? I'm just confused. 1. The problem statement, all variables and given/known data: Enter text here.Queries to satisfy these two report requests (use your CCI database): Retrieve all rows of active inventory where current on hands is less than... (0 Replies)
Discussion started by: lakers34kb
0 Replies

7. Shell Programming and Scripting

queries about exit

hi all, please tell me clearly the difference between exit 1 and exit 2 one more question i want to know the difference between some basic shells like bsh, csh, ksh, bash. i refered in net i get wast of text pages can any one give me any link to show the diff precisely or any blogs.... (2 Replies)
Discussion started by: Arunprasad
2 Replies

8. Shell Programming and Scripting

my queries

hi guys Well, i need to have a report generation script or any script which will show me all the content/information of a file when i run that script. Please help me on this isssue at the earliest.As i am little bit aware of scripting.Thanks in advance! regards ash (4 Replies)
Discussion started by: whizkidash
4 Replies

9. UNIX for Advanced & Expert Users

Some queries...

Guys need some advice on how to check some of the questions below? i'm running on an open VMS platform... which i am an idiot to... appreciate if anyone can give some hints or source on how to check on.. a script that is running on cron job... but doesn't run as the login user name.. 1. why... (6 Replies)
Discussion started by: 12yearold
6 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

mxallowd

mxallowd(1)							   User Manuals 						       mxallowd(1)

NAME

       mxallowd - dynamically whitelist your Mail eXchanger

SYNOPSIS

       mxallowd  [-d]  [-c  configfile]  [-t whitelist-time] [-p pflog-interface] [-l pcap-filter] [-F] [-s] [-q] [-p] -f fake-mailserver -r real-
       mailserver -n queue-num

DESCRIPTION

       mxallowd is a daemon which uses libnetfilter_queue (on Linux) or pf and pflog (on BSD) to allow (or deny) connections to a  mailserver  (or
       similar application) if the remote host hasn't connected to a fake daemon before.

       This  is  an improved version of the so-called nolisting (see http://www.nolisting.org/). The assumption is that spammers are not using RFC
       2821-compatible SMTP-clients and are sending fire-and-forget spam (directly to the first or second MX-entry  without  retrying  on  error).
       This direct access is blocked with mxallowd, you'll only get a connection if you retry.

       NOTE:  It  is  highly recommended to install nscd (nameserver caching daemon) or a similar software in order to speed-up DNS lookups. Since
       version 1.3, DNS lookups are done in a thread (so they don't block the main process), however,  on  very-high-traffic-sites,  mxallowd  may
       show significantly better overall performance in combination with nscd.

OPTIONS

       -b, --no-rdns-whitelist
	      Disable whitelisting all IP-addresses that have the same RDNS as the connecting one (necessary for google mail)

       -c, --config
	      Specifies an alternative configuration file (instead of /etc/mxallowd.conf)

       -t, --whitelist-time
	      Specify the amount of time (in seconds) until an IP-address will be removed from the whitelist

       -s, --stdout
	      Log to stdout, not to syslog

       -q, --quiet
	      Don't log anything but errors.

       -f, --fake-mailserver
	      Specify which IP-address the fake mailserver has (connecting to it will whitelist you for the real mailserver)

       -r, --real-mailserver
	      Specify which IP-address the real mailserver has

       -F, --foreground
	      Do not fork into background, stay on console

       -n, --queue-num (only available when compiled for netfilter_queue)
	      Specify  the  queue  number which will be used for the netfilter_queue-link. This has to be the same which is specified in the ipta-
	      bles-rule and it has to be specified, there is no default.

       -p, --pflog-interface (only available when compiled for pf)
	      Specify the pflog(4) interface which you configured in pf(4). The default is pflog0. Also see the pcap-filter-option if you  use	an
	      interface which does not only get smtp-traffic.

       -l, --pcap-filter (only available when compiled for pf)
	      Specify the filter for pcap. The default is "port 25". See tcpdump(8) for more information on the filters.

FILES

       /etc/mxallowd.conf
	      System-wide configuration file. Use the long options without the beginning two dashes. For example:

		   stdout
		   fake-mailserver 192.168.1.3
		   fake-mailserver 192.168.1.4
		   real-mailserver 192.168.1.5
		   queue-num 23

EXAMPLES FOR NETFILTER

       The  machine  has  two  IP-addresses.  The  mailserver  only  listens  on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com
       (192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10.

       # modprobe nfnetlink_queue
       # iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j NFQUEUE --queue-num 23
       # mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4 -n 23

       Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now  connect
       to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working.

EXAMPLES FOR PF

       The  machine  has  two  IP-addresses.  The  mailserver  only  listens  on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com
       (192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10.

       Create a pf.conf like this:

	    table <mx-white> persist

	    real_mailserver="192.168.1.4"
	    fake_mailserver="192.168.1.3"

	    real_mailserver6="2001:dead:beef::1"
	    fake_mailserver6="2001:dead:beef::2"

	    pass in quick log on fxp0 proto tcp from <mx-white> to $real_mailserver port smtp
	    pass in quick log on fxp0 inet6 proto tcp from <mx-white> to $real_mailserver6 port smtp
	    block in log on fxp0 proto tcp to { $fake_mailserver $real_mailserver } port smtp
	    block in log on fxp0 inet6 proto tcp to { $fake_mailserver6 $real_mailserver6 } port smtp

       Afterwards, load it and start mxallowd using the following commands:

       # pfctl -f /etc/pf.conf
       # mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4

       Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now  connect
       to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working.

       The ruleset for pf is actually longer because pf does more than netfilter on linux -- netfilter passes the packets and lets mxallowd decide
       whether to drop/accept whilst pf blocks/passes before even "passing" to mxallowd.

SEE ALSO

       iptables(8), pf(4), pflog(4), tcpdump(8)

AUTHOR

       Michael Stapelberg <michael+mxallowd at stapelberg dot de>

Linux								    MARCH 2012							       mxallowd(1)