i've noticed a lot of my ENDPOINTS (which get DHCP IP addresses) do not match their host names from DNS.
what do i need to do in NTA to make this accurate and keep it accurate?
lchance,ecklerwr1 is absolutely right. By default NTA performs DNS resolution one's per 7 days. Furthermore, if you have lots of quick expiring IP addresses, service will not be able to resolve all of them.
Especially for that scenario in NTA 3.5 we announced On Demand DNS resolution feature. Enabling this feature should solve your problem, but as NTA service will not resolve all IP addresses, Top XX Domain resources will be not available.
Please read more about this feature here:
thanks
When you ping those endpoints from the NTA box, do you see the same problem? What about when pinging the host names from the NTA box?
From the NTA box:
As I look at an "Endpoint" shown in the NTA view named TOP ENDPOINTS (I'll call it ENDPOINT-ABC) and it has this IP in the view:
ENDPOINT-ABC 10.100.100.1
At the NTA box I perform: PING -A 10.100.100.1 and get back the name ENDPOINT-XYZ
And I then perform: PING ENDPOINT-ABC and get back an IP of 10.200.200.10 and this is the correct IP.
(ENDPOINT-XYZ is correct with it's DNS name and it's assigned IP)
Sounds like the DHCP assigned address has changed for that host since the netflow data was captured by NTA and added to the databasse. How long are leases lasting assigned by DHCP? If they have very short leases and the machines are getting new IP's there are going to be changing IP's for each host in DNS. Over time endpoints in NTA reports are going to show historical data that won't match the current assigned IP in DNS for the host.
Of course if the lease time isn't the issue then something more nefarious maybe going on with NTA. If it is the case then extend the length of lease or shorten time period in NTA report runs to more closely match lease period.
thanks for the great info...
