Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DNS Pointer (PTR) record and a PIX (Reverse Lookups)

I read the document with the following URL of...

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

And the following reads...

"IP addresses in the pool of global addresses specified with the global command require reverse DNS entries to ensure that all external network addresses are accessible through the PIX. To create reverse DNS mappings, use a DNS Pointer (PTR) record in the address-to-name mapping file for each global address. Without the PTR entries, sites can experience slow or intermittent Internet connectivity and FTP requests fail consistently.

For example, if a global IP address is 175.1.1.3 and the domain name for the PIX firewall is pix.caguana.com, the PTR record would be:

3.1.1.175.in-addr.arpa. IN PTR

pix3.caguana.com

4.1.1.175.in-addr.arpa. IN PTR

pix4.caguana.com & so on."

I assume they are talking about creating a reverse lookup with whomever hosts our external DNS?

Do anyone think this creates a security risk putting a PTR record out on the public internet? Just looking for a securiy expert opinion.

Thanks

Paul

1 REPLY
Silver

Re: DNS Pointer (PTR) record and a PIX (Reverse Lookups)

As far as my knowledge goes,letting out PTR record is not a threat.

566
Views
0
Helpful
1
Replies
CreatePlease login to create content