Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Auto resolve IPaddress -> DomainName at FW logs

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HDM21KW
      last edited by

      Using PFSense , FW flows many logs . is there auto dnslookup function ? (not manually)
      if it is included , please point whereby to setup PFSense.
      Even in awkward sentences, Thank you for reading.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So sounds like you want your firewall log to list fqdn of the IP addresses.. While that might work for some - your talking about a PTR, not all ips address have PTR setup, and even when they do its quite often just the IP address ;)

        Example.. My public IP is 24.13.x.x – with comcast.  If you do a PTR you get this.

        ;; ANSWER SECTION:
        xx.xx.13.24.in-addr.arpa. 7194 IN      PTR    c-24-13-xx-xx.hsd1.il.comcast.net.

        You do understand that logging PTR would be a lot of extra work for the firewall to have to query for every single IP it sees and logs..  Most of that would be blocked is just noise in the first place..  And as stated not all IPs have ptr setup.

        So for example

        ping www.cnn.com
        PING cnn-cop.gslb.vgtf.net (157.166.238.17) 56(84) bytes of data.

        if you try a PTR on 157.166.238.17 you get nxdomain

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • H
          HDM21KW
          last edited by

          Thanks for reply , Since wireshark is worked like that , i guess pfsense also do work or add packages…but this function accordingly noisy :'( , i understand.

          For PTR , I think to try to read some topics. Still beginner i am, i want to learn more.
          Even in awkward sentences, Thank you for reading.and thanks for reply :)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Wireshark is a limited set of IPs, that only has to resolves the IPs in your capture.  This is normally geared and even limited in the capture to a handful of ips.

            Your asking for pfsense in real time to look up every single IP it sees – that is just nonsense, never seen a firewall ever do that.  Click the little i if you want to lookup an IP.. But most of the time its going to get you nothing..

            See example

            clicklittleI.png
            clicklittleI.png_thumb
            norecordfound.png
            norecordfound.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • H
              HDM21KW
              last edited by

              I see example , and i also do nslookup on firewall log screen. and many dns(port:53) logs up ..like this matter is existing , should not Introduce auto resolve function in PFSense , i interpreted.

              I still like study of English is not enough :-[
              Even in awkward sentences,Thank you for reading.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.