Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2954
Views
1
Helpful
2
Replies

reverse DNS entries (PTR)

otnj2ee
Level 1
Level 1

‎11-10-2005 10:47 AM - edited ‎03-09-2019 01:00 PM

The resouce says: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml#topic9 states:

"IP addresses in the pool of global addresses specified with the global command require reverse DNS entries to ensure that all external network addresses are accessible through the PIX. To create reverse DNS mappings, use a DNS Pointer (PTR) record in the address-to-name mapping file for each global address. Without the PTR entries, sites can experience slow or intermittent Internet connectivity and FTP requests fail consistently."

Assume a network topology is like this:

A PIX with 3 interfaces:

inside interface (private static IP of 10.10.10.1)

outside interface (public static IP of 69.110.38.35)

DMZ interface (private static IP of 30.30.30.1)

1)Will the above said "reverse DNS entries" apply to this case?

2)If not, in what circumstances will the "reverse DNS entries" apply?

Thanks to help.

Scott

Labels:
0 Helpful
2 Replies 2

estamey
Level 1
Level 1

‎11-10-2005 01:05 PM

Scott,

What they are trying to say is if you have a NAT pool or are doing PAT, then put an "A" record in DNS. When you hit some sites for FTP or in my experience if a site is using the IDENT protocol, the site will do a reverse lookup on your IP address.

For example, lets say that you are using PAT, so that all of your internal users look like 69.110.38.35 or the outside interface of your PIX to the outside world. Then the recommendation would be to put an "A" record in dns that maps 69.110.38.35 to nat01.mycompany.com or whatever you want.

In the above example when your users hit a website that is using the ident protocol or an ftp site, the site will do a reverse dns lookup on ip address 69.110.38.35 and receieve nat01.mycompany.com and in theory everyone will be happy.

Hope this helps. Let me know if anything is unclear.

estamey
Level 1
Level 1
In response to estamey

‎11-10-2005 06:15 PM

Scott,

I just wanted to make a correction to my original post. I inadvertently told you to create an "A" record. You need to create a "ptr" record. The idea is the exact same which is the fact that when you hit the website / ftp site it will do a reverse dns lookup to map your ip address to a hostname.

0 Helpful
Customers Also Viewed These Support Documents