IN-ADDR.ARPA domain name

Discussion in 'other firewalls' started by stalker, Oct 18, 2004.

Thread Status:
Not open for further replies.
  1. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia
    Hey all, today I have one very simple question.


    It is that I've seen many blocked entries in ZoneAlarm log for this particular domain lately. Namely connections from my p2p sharing app. Well, after googleing a bit, I found out, it is a Reverse DNS lookup (Classless delegation), so as topic title already hints, I am talking about this particular common and "so-many-times-seen" domain name:

    .in-addr.arpa



    Here is an explanation:

    www.dns.net/dnsrd/rfc/rfc2317.html
    explanation-guide.info/meaning/Reverse-DNS-lookup.html



    My question is - is it recommended (clever) or not, to put it to Trusted Zone ??

    In my case, beside loopback and/or localhost (both 127.0.0.1), and my ISP's DNS servers.


    I got used to put localhost in Trusted Zone, and disable ZA Pro "Privacy" for loopback (because I use Proxomitron, and it connects through), but btw., at least for loopback under "Privacy", I don't know if this is required though.




    Thanks for any explanation
     
    stalker, Oct 18, 2004
    #1
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi stalker

    Is it the blocked entries in the log and/or the way they resolve that is of concern?

    What are you trying to accomplish? Should these in fact be blocked or do you want to allow them. I would not put any remote addresses used by a p2p application into a trusted zone.

    Regards,

    CrazyM
     
    CrazyM, Oct 18, 2004
    #2
  3. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia
    No, I just meant like, if there are so many blocked entries, it is probably some kind of "trusted traffic", that should be allowed (also cause I saw, it is related to DNS lookups, see the links I posted)




    Thanks for answer.
     
    stalker, Oct 18, 2004
    #3
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Not necessarily, how is your p2p app configured in the firewall?

    I would not worry about how these blocked packets resolve, but whether they should remain blocked or if you need to reconfigure you rule(s). Can you post some samples from the logs?

    Regards,

    CrazyM
     
    CrazyM, Oct 20, 2004
    #4
  5. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia


    Well, here are the two examples of lines I got lately (other lines are usually preety similar):


    Code:
    IP: 141.157.7.137
DNS: 1.in-addr-arpa
Source port: 61263
Destination port: 6012
    Code:
    IP: 209.63.57.76
DNS: in-addr-arpa
Source port: 16331
Destination port: 6860



    cheers and thanks for help
     
    stalker, Oct 29, 2004
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...