Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Firewall flipping IPs for reverse DNS lookups resulting in incorrect FQDNs

TKWITSTKWITS Community Legend ✭✭✭✭✭
edited December 2022 in Mid Range Firewalls

I've run into a fun one.

As described by the title, I have a HA pair of TZ670's on 7.0.1-5095 that like to flip IP octets before performing reverse DNS lookups which subsequently results in incorrect FQDNs in the logs.

Example (sanitized) log entries:

time="2022-12-21 08:11:23" fw=173.64.X.X pri=5 c=0 m=1574 msg="Filename:" n=761440 dst= srcMac=00:e0:4c:68:0e:11 dstMac=cc:e1:7f:a9:23:c2 proto=tcp/http rule="235 (RADIO->WAN)" fw_action="NA"

time="2022-12-21 08:11:23" fw=173.64.X.X pri=6 c=262144 m=98 msg="Connection Opened" app=49169 appName='General DNS' n=4586758 dst= dstMac=00:0c:29:59:d1:d4 proto=udp/dns sent=72 dpi=0 rule="Default Access Rule" fw_action="NA"

Note the src fields.

These are RFC 1918 Private IP addresses being resolved to public FQDNs.

The firewall is configured with external DNS servers on its WAN ports, inherits the WAN settings for it's DNS (Network \ DNS \ Settings) and set to internal DNS for logs (Device \ Log \ Name Resolution).

A public PTR lookup against doesn't resolve anything. A public PTR lookup against resolves to

It's not even looking up it's own IP ( correctly! A public PTR lookup against resolves to

Again, this is set to internal DNS for logs.

I have a ticket open with support. This was occurring on the previous firmware version 5080 as well, but wasn't all the time.

Figured I'd make others aware of high strangeness.

Category: Mid Range Firewalls


  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Note, both external DNS lookups and internal reverse lookups performed via the Diagnostics page are successful.

Sign In or Register to comment.