Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

reverse DNS entries (PTR)

The resouce says: states:

"IP addresses in the pool of global addresses specified with the global command require reverse DNS entries to ensure that all external network addresses are accessible through the PIX. To create reverse DNS mappings, use a DNS Pointer (PTR) record in the address-to-name mapping file for each global address. Without the PTR entries, sites can experience slow or intermittent Internet connectivity and FTP requests fail consistently."

Assume a network topology is like this:

A PIX with 3 interfaces:

inside interface (private static IP of

outside interface (public static IP of

DMZ interface (private static IP of

1)Will the above said "reverse DNS entries" apply to this case?

2)If not, in what circumstances will the "reverse DNS entries" apply?

Thanks to help.


New Member

Re: reverse DNS entries (PTR)


What they are trying to say is if you have a NAT pool or are doing PAT, then put an "A" record in DNS. When you hit some sites for FTP or in my experience if a site is using the IDENT protocol, the site will do a reverse lookup on your IP address.

For example, lets say that you are using PAT, so that all of your internal users look like or the outside interface of your PIX to the outside world. Then the recommendation would be to put an "A" record in dns that maps to or whatever you want.

In the above example when your users hit a website that is using the ident protocol or an ftp site, the site will do a reverse dns lookup on ip address and receieve and in theory everyone will be happy.

Hope this helps. Let me know if anything is unclear.

New Member

Re: reverse DNS entries (PTR)


I just wanted to make a correction to my original post. I inadvertently told you to create an "A" record. You need to create a "ptr" record. The idea is the exact same which is the fact that when you hit the website / ftp site it will do a reverse dns lookup to map your ip address to a hostname.

CreatePlease login to create content