Palo always resolves rDNS - any way to override?

cancel
Showing results for 
Search instead for 
Did you mean: 

Palo always resolves rDNS - any way to override?

L4 Transporter

Let's say you have a single physical host with multiple IP addresses with each IP running one or more websites/services.

DNS best practice is apparently to have PTRs pointing to the physical host name, so you might have:

  • PTR hostname.domain.com 1.1.1.1
  • PTR hostname.domain.com 1.1.1.2
  • PTR hostname.domain.com 1.1.1.3

when your forward DNS is:

  • A hostname.domain.com 1.1.1.1
  • A someothersite.com 1.1.1.2
  • A thissite.com 1.1.1.3
  • A thatsite.com 1.1.1.3
  • A othersite.com 1.1.1.3

and CNAME's for www pointing to the A record for each domain.

By default the ACC resolves source/destination by reverse dns, so using the best practise above you wouldn't quickly and easily see which traffic was for which website.

Is there any workaround for this please?

Thanks.

2 REPLIES 2

L4 Transporter

You could write an App-ID for each one - this will then give you more reporting and control functions.

Thanks

James

Hmm is there a dummies guide on how to do this please?

What I seem to be finding so far is that the ACC always goes of rDNS, but the "resolve" option in traffic monitor goes off rDNS but overrides it with the name of an "address" object that matches the IP.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!