April 2nd, 2012, 07:33 AM
Mac OS X doing PTR lookups
I manage a small network in the Amazon jungle. We recently had a DNS issue that got me looking at our DNS traffic. The issue has since resolved itself, but I see the MAC OS X (at least the ones running 10.7.3 and maybe the others) are doing as many reverse DNS lookups as regular lookups.
Is that a normal behavior for Mac OS X and other operating systems?
Why this caught my eye is that during the DNS issues we were having all DNS requests were getting "no such name". That's the response we're getting for almost all reverse DNS PTR lookups.
Our DNS is mangled by our internet service provider's satellite modem, which is standard practice. To make the high latency satellite connections work better they typically do a lot of caching/proxy stuff. In the end it's worth it but sometimes it breaks things.
April 4th, 2012, 10:41 PM
The short answer I have is I don't know.
However, in the years of managing DNS systems, it's usually not worth asking why a client asks a certain query. You'll scratch your head and research and eventually find out it's some obscure program or feature that you can't change anyways. When I was working at an ISP, something like 30% of the inbound queries we could resolve. The rest was junk lookups, .local or PTR requests for private IP's (192. IP's were the majority of those which aaren't resolvable). Most DNS traffic can be considered negligible for bandwidth consumption. If it is actually affecting traffic, you can keep looking but if it isn't, in my opinion I wouldn't bother. Sorry I don't have a better answer but if you have some examples, the users here might be able to give you something about it.
April 4th, 2012, 11:08 PM
You're right. Most of the rDNS lookups are for our local subnets. I just learned that the IP address is written in reverse order for an rDNS lookup.
Originally Posted by CaptPikel
We're still having occasional DNS issues. The troubleshooting continues.