#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    2
    Rep Power
    0

    Mac OS X doing PTR lookups


    I manage a small network in the Amazon jungle. We recently had a DNS issue that got me looking at our DNS traffic. The issue has since resolved itself, but I see the MAC OS X (at least the ones running 10.7.3 and maybe the others) are doing as many reverse DNS lookups as regular lookups.

    Is that a normal behavior for Mac OS X and other operating systems?

    Why this caught my eye is that during the DNS issues we were having all DNS requests were getting "no such name". That's the response we're getting for almost all reverse DNS PTR lookups.

    Our DNS is mangled by our internet service provider's satellite modem, which is standard practice. To make the high latency satellite connections work better they typically do a lot of caching/proxy stuff. In the end it's worth it but sometimes it breaks things.

    Thanks!
    Greg
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Location
    Florida
    Posts
    248
    Rep Power
    4
    The short answer I have is I don't know.

    However, in the years of managing DNS systems, it's usually not worth asking why a client asks a certain query. You'll scratch your head and research and eventually find out it's some obscure program or feature that you can't change anyways. When I was working at an ISP, something like 30% of the inbound queries we could resolve. The rest was junk lookups, .local or PTR requests for private IP's (192. IP's were the majority of those which aaren't resolvable). Most DNS traffic can be considered negligible for bandwidth consumption. If it is actually affecting traffic, you can keep looking but if it isn't, in my opinion I wouldn't bother. Sorry I don't have a better answer but if you have some examples, the users here might be able to give you something about it.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    2
    Rep Power
    0
    Originally Posted by CaptPikel
    The short answer I have is I don't know.

    However, in the years of managing DNS systems, it's usually not worth asking why a client asks a certain query. You'll scratch your head and research and eventually find out it's some obscure program or feature that you can't change anyways. When I was working at an ISP, something like 30% of the inbound queries we could resolve. The rest was junk lookups, .local or PTR requests for private IP's (192. IP's were the majority of those which aaren't resolvable). Most DNS traffic can be considered negligible for bandwidth consumption. If it is actually affecting traffic, you can keep looking but if it isn't, in my opinion I wouldn't bother. Sorry I don't have a better answer but if you have some examples, the users here might be able to give you something about it.
    You're right. Most of the rDNS lookups are for our local subnets. I just learned that the IP address is written in reverse order for an rDNS lookup.

    We're still having occasional DNS issues. The troubleshooting continues.

    Thanks!
    Greg

IMN logo majestic logo threadwatch logo seochat tools logo