IPTables and DNS don't match?
When I use dig to resolve a hostname to IP (ex. www.hotmail.com), I get a list of ips belonging to that domain. When I add the hostname to the firewall:
iptables -A FORWARD -j DROP -d www.hotmail.com
and look at the firewall list:
target prot opt source destination
DROP all -- 0.0.0.0/0 220.127.116.11
DROP all -- 0.0.0.0/0 18.104.22.168
DROP all -- 0.0.0.0/0 22.214.171.124
I see the related IPs.
Then when I go to test the connection on a client entering:
I am still able to access the website. However, the IP used to access the site is different than the ones listed above.
There are no proxy servers in my domain, nor is the client configured to use any proxy server.
My logic is that if the DNS server lists the above IPs, and the firewall is blocking them, then the client should not be able to connect. How is this not so?
- Throughly frustrated! :oops: