When you do a DNS lookup, you send a string of characters (e.g. www.domain.com) to your DNS server and you get back an IP address. If in the DNS record of a certain domain (e.g. domain.com) is specified the PTR (pointer) field, you can do the opposite: you can send an IP address and get back the string of characters. This is called reverse DNS (rDNS).
What happens in the WUI image you posted is that all your DNS servers upstream of IPFire (ironically) do not have a PTR record registered with their ISPs (*) and therefore they fail the reverse DNS lookup. However this rarely has consequences in the functionality of a service, with the remarkable exception of a mail server (which basically would get all its email rejected as spam if it does not have a PTR record). In your case everything seems to be working.
(*) the PTR record has to be created by the owner of the IP address, commonly the ISP
Good explanation. I would have thought otherwise, that it was expected. What do you mean: upstream of IPFire (ironically)? What is unusual about “ironically”?
.
I re reread your comment. Right on. And enabled TLS which works with a VPN service, when previous IPFire did not work. Version 171 does not feel complete, for instance, the Proxy Report parsed 271 lines and reported 271 errors, all from OSCP.
Thanks to all. The FW is as Hard as it can get.
OUTSTANDING: The BlockList updates still reports an error:
Could not update BLOCKLIST_DE blocklist - Download error! : 1 Time(s)
OUTSTANDING The Proxy Reports still reports CA Certificates blocked:
*.pki.goog *.apple.com *.digicert.com *.godaddy.com