Overview
Kerio Control can perform Reverse DNS lookups. The default configuration may generate a huge amount of HTTP connections in certain environments, e.g. Kerio Control firewall is behind another NAT device. Such configuration may cause Kerio Control to become exhausted and reach the Connection limits.
This article provides information about the default value for the ReverseDNSLookupType variable and how to modify it if needed.
Information
ReverseDNSLookupType has 2 possible values (1, 2):
- DNS_RESV_LOCAL = (DNS_RESV_IPONLY | DNS_RESV_CACHE | DNS_RESV_HOSTFILE | DNS_RESV_DHCP)
- DNS_RESV_ALL = (DNS_RESV_LOCAL | DNS_RESV_DIRECT_DNS)
Note: for any other value (i.e. 0), it is DNS_RESV_NONE.
Description of each sub-value:
- DNS_RESV_IPONLY = Return IP directly if the hostname has already an IP address
- DNS_RESV_HOSTFILE = Check host file if enabled (using DNS screen)
- DNS_RESV_DHCP = Check DHCP leases if enabled (using DNS screen)
- DNS_RESV_CACHE = Check Cache if enabled (using DNS screen)
- DNS_RESV_DIRECT_DNS = Send DNS query and return the result
All these 5 flags are executed in order if “ReverseDNSLookupType” contains them.
So DNS_RESV_ALL means the first 4 flags checked and if it is not resolved yet, the DNS query is sent directly to the DNS server.
If there is a need to change the default value (equal to 2) of the variable, it can be done via Kerio Control SSH console by executing the following commands, for example, to disable Reverse DNS lookups:
cd /opt/kerio/winroute
./tinydbclient "update Misc set ReverseDNSLookupType=0"
-
/etc/boxinit.d/60winroute restart
Note: this command will restart Kerio Control.