I'm running FW-1 NG FP2 on RH Linux 7.2. For the past week or so I've been driving myself nuts trying to figure out why my firewall machine was querying our ISPs DNS server non-stop. I thought my machine was compromised so I rebuilt it....twice (good practice, but still annoying). Still the same thing. So today I finally make the connection. Last night I was running ethereal, and checking every dns query sent to the dns server. I wrote them all down. There were a series of queries repeating over and over again. These queries I should point out, were arpa requests, so I got the IP of every dns query. Now...I compared this list of IPs to the firewall log from last night. Every IP on the list 'attacked' my firewall at least once. After the attack, my firewall machine would try to resolve the name of the attacker. Its not just attacker's either. Any machine that tries to contact my firewall in anyway leaves its IP behind....and my firewall tries to resolve it...over and over again. Now this could very well be normal performance, but I don't like it. Is there a way to turn this off? Even if I allow the dns quries to go through, the firewall just keeps sending them over and over regardless of the results it gets. Anyone ever hear of this before?

Thanks!