-1

Okay I cant understand this, when I try to ping to a machine on my network using the name associated I get a response from that machine, thats normal..

But there are messages that the sender sends to the top machine (SOA) that I dont understand.. First he sends a type A and gets a response with the IP associated to the name used on the ping command, but after that.. the sender only sends (before each ping) messages of type PTR to the (SOA)

Saying this: Standar query 0xf66c PTR 12.45.168.192.in-addr.arpa

and SOA respond with: Standard query response 0xf66c No such name

And before each ping they do this, I dont know why... I notice this using wireshark, thanks alot again for accept me here, being able to get some answer :)

TiagoM
  • 1
  • 1
  • 1

1 Answers1

1

The ping command is attempting to reverse resolve the IP address; PTR is the opposite of an A record (or AAAA record in IPv6)

Assuming you haven't censored the information in your question, the address you're pinging is 192.168.45.12, so ping attempts to resolve 12.45.168.192.in-addr.arpa which is the fully-qualified PTR record for that IP address.

You either don't have a PTR/reverse zone setup for your 192.168.45.x network, or it isn't working properly.

This is done do display the correct hostname for the host you're actually pinging in the output. You can avoid the PTR lookups using the -n flag to ping.

For example, When you say ping google.com, an A lookup is done and finds 74.125.237.128 as the address to ping. It starts firing off the ICMP echo-request packets, and also does a PTR lookup for 128.237.125.74.in-addr.arpa which resolves to syd01s13-in-f0.1e100.net

Another example, I have a wiki that I host on a server with a generic name appserver1.example.com. So I setup wiki.example.com to point to appserver1.example.com. When I ping wiki.example.com, the PTR lookup lets me know that I'm actually pinging appserver1.example.com

fukawi2
  • 5,327
  • 3
  • 30
  • 51