At 19:05 05/06/97 -0700, Cihan Subasi <csubasi @
garanti .
com .
tr> wrote:
>I had those two line in my firewall logs, can anybody explain me what
>are they???
>
>--------------------------------------------------
>Jun 2 20:30:49 fw1 sendmail[16650]: gethostby*.getanswer: asked for
>"66.3.196.208.in-addr.arpa IN PTR", got type "CNAME"
>Jun 2 20:30:49 fw1 sendmail[16650]: gethostby*.getanswer: asked for
>"66.3.196.208.in-addr.arpa", got "66.64.3.196.208.in-addr.arpa"
>--------------------------------------------------
Your mail server has tried to do a reverse lookup on IP address 208.196.3.66
(karnov.lm.com)
and has got some VERY odd results. Reverse lookup on IP address
<a>.<b>.<c>.<d> is done by looking domain <d>.<c>.<b>.<a>.in-addr.arpa.
This should contain PTR (name->IP) records. However if you look up
208.196.3.66 you get:-
CNAME/ARPA "66.3.196.208.in-addr.arpa" 6h "66.64.3.196.208.in-addr.arpa"
CNAME records are name->name (alias) records. This is wierd for an
in-addr.arpa domain and it has not surprisingly confused your firewall. If
you follow up the (I think non-sensical CNAME) you get.
PTR/ARPA "66.64.3.196.208.in-addr.arpa" 1d "karnov.lm.com"
I have no idea why this DNS is set-up this.
Ian
Follow-Ups:
|
|
