Why Doesn't pfSense Use It's Resolver for Reverse IP Lookups?



  • 99% of the time, if there's an IP in the logs, it's an IP that was resolved from a DNS lookup.  So why doesn't pfSense use the DNS service's cache (if enabled) to quickly lookup an IP address?

    When it comes to generating alias lists from hostnames for blocked IPs and/or tons of other uses, finding the actual domain that was requested would be a huge help.

    If this isn't possible because of no interest or some other reason, is there a way to get access to the DNS cache of lookups from within pfSense manually?

    Thanks in advance!!



  • @abujammy:

    99% of the time, if there's an IP in the logs, it's an IP that was resolved from a DNS lookup.

    Not necessarily true that often, and that's only from a forward lookup. The logs show reverse DNS, which you won't have cached after doing a forward lookup. There is no way to lookup an A record from an IP, you have to lookup the PTR to go in that direction. There is also no ability to do a hostname lookup only if it's in cache, which is why everything that does PTRs works the way it does. It'd take ages to load the pages awaiting timeouts in many situations otherwise.


Log in to reply