Checkpoint and dns lookups

SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
Anyone know how Checkpoint products do their DNS lookups? Quite often I can look at a log, see an IP-name and then go do a lookup online and the name-ip pairings are different. so it will say a user visited google.com (191.32.16.2) when I do a lookup online of google.com it resolves to 74.125.228.199. So what is checkpoint doing here?

Comments

  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Check point is probable doing a reverse look up (IP to name). Where as you are doing a forward look up ( name to IP). Google will have lots of ip's maped to the same name, and depending how they have it set up for load balancing when you do a look up you will get one of these addresses returned. Google will use intelligent load balancing so you get the IP address of a server near you and often it will "stick", to your client so if you domany look ups from a single client you always get the same IP.
    Try doing an nslook up from the command line on your PC for both addresses. " nslookup 192.16.45.7" etc. This will give you the dns name "first" that the owner has in there DNS config. Same way you can have a single name pointed to many ip' s for load balancing. You can have many names to one IP for things like multiple web servers on single host.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    And I see you mentioned you do the lookup on line. For global companies where you do the look up from is important. When trouble shooting always do the look up from the same IP addesss . load balancing for DNS takes in to consideration of where you are coming from and talyors the responce . so if you cmong from a UK IP address you get a UK server IP in response. Us and you get a us sever IP. And in it will also be further loclised with in a country. F5 have a product call bigIP that is built for this. There is a good video on there site outlining how it works and what its for with out going I. To to much technical depth.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Sign In or Register to comment.