Ping Identity servers perform some numeric IP address-to-host name lookups, including the following:
  • Binding to the Directory: Decoding, examining, or evaluating a DNS bind rule
  • Logging: Logging information to certain monitors or writing to the error log
  • JMX: Creating a server socket
  • Key Management: Generating a truststore
  • Replication Server: Creating an SSL socket
  • Replication Session Management: Obtaining a session or performing a handshake with a replication server
  • SASL Authentication: Applying configuration changes
  • SMTP Alert Handler: Initializing or sending an alert notification

Address masks configured in Access Control Lists (ACIs), Connection Handlers, Connection Criteria, and Certificate handshake processing might trigger implicit reverse name lookups. For more information about how address masks are configured in the server, review the following information for each server:

  • ACI dns: bind rules under Managing Access Control (PingDirectory server and PingDirectoryProxy servers)
  • ds-auth-allowed-address: Adding Operational Attributes that Restrict Authentication (PingDirectory server)
  • Connection Criteria: Restricting Server Access Based on Client IP Address (PingDirectory server and PingDirectoryProxy servers)
  • Connection Handlers: Restrict Server Access Using Connection Handlers (Configuration Reference Guide for all PingData servers)