When troubleshooting firewall issues, why do I see names like 1e100.net when doing a reverse lookup on addresses resolved from *.l.google.com?

The name 1e100.net is a valid Google domain name and identifies its servers. For more information, see Google Help.

This firewall issue can occur when an Edge resolves *.l.google.com to make a WebRTC call and then sends the request to the firewall/security device. If the firewall/security device performs a reverse lookup, it receives 1e100.net instead of *.l.google.com and the call fails.

The preferred way to avoid this issue is to disable the reverse lookup functionality on your firewall/security device.
The alternative, adding 1e100.net to your allowlist and all the records that accompany it is possible, but problematic.

Genesys Cloud best practice specifies:

  1. Do not configure your firewall to perform reverse lookups.
  2. Do not add domain names to your allowlist.