Pinging Hosts - Different Hostnames in Return

Network DNS
1

Hi there. I use the “Hosts” configuration page of iPFire to define internal IPs (that from the DMZ, for example) for external hostnames, eg:

192.168.15.45 www.mydomain.com
192.168.15.45 mail.mydomain.com
192.168.15.45 autoconfig.mydomain.com
192.168.15.45 analytics.mydomain.com

and so on. This works quite well, a client in the intranets (GREEN, BLUE) is directly routed to the DMZ IP, and WAN clients in the internet are natted via the RED interface into the DMZ.

But, when pinging (in the intranet), for example:

$ ping www.mydomain.com

it often doesn’t reply with the pinged hostname but with a different one, e.g:

64 bytes from analytics.mydomain.com (192.168.15.45): icmp_seq=1 ttl=63 time=0.771 ms
64 bytes from analytics.mydomain.com (192.168.15.45): icmp_seq=2 ttl=63 time=0.669 ms
64 bytes from analytics.mydomain.com (192.168.15.45): icmp_seq=3 ttl=63 time=0.605 ms

In addition, when repeating the ping towards www after a break it answers again but often with a different hostname:

64 bytes from mail.mydomain.com (192.168.15.45): icmp_seq=1 ttl=63 time=0.640 ms
64 bytes from mail.mydomain.com (192.168.15.45): icmp_seq=2 ttl=63 time=0.708 ms
64 bytes from mail.mydomain.com (192.168.15.45): icmp_seq=3 ttl=63 time=0.677 ms

I’d like to have a response here from www hostname rather than analytics or mail.

Is there anything I can do about this? Thank you for suggestions :slight_smile:

2

Ping works on IP level. The name resolution is done using unbound.
ping www.mydomain.com first determines the IP for the destination (192.168.15.45) and send a request to this IP. The target computer answers with a packet ‘from 192.168.15.45 to sender IP’.
This packet is handled by the initiator. The name is determined by reversed DNS ( find the name for IP ).
But the (name,IP) relations are not bijective. There are multiple members (name,IP) with the same IP allowed. rDNS choses one of the possible names for the IP as answer.
Your server in DMZ has multiple names, for the various taks it serves ( the real name for www.mydomain.com is 192.168.15.45:80, but the port part isn’t handled by DNS/rDNS ).

In short, I think you can’t do anything to distinguish the parts of your server.