Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS reverse lookup in Report Tab

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 2 Posters 952 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Beerman
      last edited by

      Hi,

      why are internal IP addresses not resolved in the report tab?
      This would be helpful, especially in larger networks.

      External IP addresses are resolved, but internal IP addresses are always described as "unknown" although it would be resolvable.

      Thx!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Beerman
        last edited by Gertjan

        @beerman said in DNS reverse lookup in Report Tab:

        why are internal IP addresses not resolved in the report tab?

        Because IP addresses don't need resolving ;)

        See here for what resolving does.

        On that same page you can also find what is called "Reverse lookup". From an IP address, to a host name.

        When I ask what the host name (url) of my device 192.168.1.2, it answers :

        [2.5.2-RELEASE][admin@pfsense.brit-hotexxx.tld]/root: nslookup 192.168.1.2
        2.1.168.192.in-addr.arpa        name = Bureau2.brit-hotexxxx.tld.
        

        or

        [2.5.2-RELEASE][admin@pfsense.brit-hotexxx.tld]/root: dig -x 192.168.1.2 +short
        Bureau2.brit-hotexxx.tld.
        

        ( I'm a dig-man )

        Under the pfBlockerNG -> Reports ->DNS replies, I found :

        0086ce91-3bfe-4a56-b218-d7c27caaa4ea-image.png

        The DNS operation type is 'PRT'.

        @beerman said in DNS reverse lookup in Report Tab:

        internal IP addresses are always described as "unknown"

        My 'internal' == RFC1918 IP addresses are not geolocated - GeoIP locations has no meaning for RFC1918.
        TTL is also Unknown, as most of my LAN IPs are DHCP-MAC-Static, so 'valid for the eternity'. The relation between the DNS name <=> will not get refreshed of xx seconds (the TTL).

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        B 1 Reply Last reply Reply Quote 0
        • B
          Beerman @Gertjan
          last edited by

          Thanks for the answer! :)

          Perhaps I have not expressed myself clearly enough.

          I'm talking specifically about the Alert tab, where internal IP addresses are not resolved to host names, but external IPs are.

          pfBlockerNG_Reverse_Lookup.png

          It would be nice if the internal IP addresses would be resolved to host names via reverse lookup. (If the DNS resolver is able to do this).

          I hope it's a little clearer now. :)

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @Beerman
            last edited by Gertjan

            @beerman said in DNS reverse lookup in Report Tab:

            I hope it's a little clearer now. :)

            👍

            One of mine :

            10e1036e-d26c-473b-b846-09cd9eba4170-image.png

            where "samsungtvbarwifi" is the host name of a smart TV (a huge Samsung TYV in the bar) connect to your LAN using Wifi.
            The Samsung TV tend to visit "8.8.8.8" (to "call home" I guess) but I blocked 8.8.8.8 using DNSBL, of the IP lists I guess ( pfB_DoH_IP_v4 ).

            If the source host name isn't known, then that is because it isn't in your local DNS !
            Assign a static IP (and other settings) to your host device - AND declare a host over ride in the unbound / Resolver, and it will be known.
            Or do like me : take all your known equipment, assign them all, ones, an IP using the DHCP server using the device's MAC. (== DHCP static mac leases) No need to change any device settings, everything has to been done on pfSense.

            Btw, I've no other options, as for extremely known reasons this option :

            e3f5a29c-c7b1-4c86-904e-d30188dc2a25-image.png :

            has to be un-checked.

            edit : is the 10.10.1.2 also 'local' for you : do the same ting for all the devices on that network : make them known to pfSense, the resolver.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • B
              Beerman
              last edited by

              That´s of course the first thing, I tested. :)
              The pfSense box can resolve the internal addresses.

              I have realized this by using "Domain Overrides" at the DNS resolver. In which for the domain "10.in-addr.arpa" points to an internal DBNS server.

              On the console I can resolve the addresses and in "Diagnostics"->"DNS Lookup" also works.

              Only in the Alerts tab it doesn't seem to work...

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.