Does centos 6.4 always do dns reverse query?

Question

When I used tcpdump to monitor network traffic, I found that a lot of dns reverse query records.

Like this: A_IP.55276 > DNS_IP.domain: 9247+ PTR? Query IP.in-addr.arpa. (45) DNS_IP.domain > A_IP.55276: 9247* 1/2/2 Query IP.in-addr.arpa. PTR XXX.XXX.XX. (155) ...

The query ip are subnet of A_IP.

I try to turn off all the services, but the situation is the same.

My OS is centos 6.4, and I didn't install/start any dns service on this machine.

Could anyone help me?

Thanks for your help!!

score 1 · Answer 1 · answered Aug 09 '13 at 14:08

1

tcpdump, by default, attempts to do a reverse DNS query. You can disable this by adding the "-n" switch. From the man page:

-n     Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.

answered Aug 09 '13 at 14:08

dtorgo

2,066
1
16
10

Does centos 6.4 always do dns reverse query?

1 Answers1