• State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 24 subscribers
  • Views 562 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Name resolution in NTA

FormerMember
FormerMember

I've found that our NTA only resolves hostnames for "local" IP addresses, not for IP addresses on the Internet.  I've been testing this by watching Youtube videos on my PC.  Then I'll check NTA and I'll see the conversation between my PC and Youtube.com, but it only shows youtube.com as 74.125.211.54.  If you look at NTA on SolarWind's live demo site, you see that the endpoints show up as "youtube.com", "wikipedia.org" and so on.  Is is because the DNS that we point our Orion server to isn't resolving those addresses?  Do we have to somehow point NTA to an external/public DNS server?

  • 0

    Hi Swine,

    NTA is using DNS on machine where service is installed (if DNS resolution set to 'persistent') or where web server resides (if DNS resolution set to 'on demand'). Also there are some know limitation when changing DNS resolution from 'on demand' to 'persistent' - is there a chance that you performed this change in NetFlow Settings?

  • FormerMember
    0 FormerMember in reply to Jan.Krivanek

    Yes, at some point after we installed NTA I see the DNS resolution to 'persistent'.  Maybe I'll try setting it to 'on demand' and see if that makes a difference.

  • 0 in reply to FormerMember

    I would rather recommend trying reverse dns lookup (e.g. by nslookup) on that machine where you have NTA service installed and if you can confirm that you are able to find DNS name of the problematic endpoint from that machine then the best bet would be opening a ticket so that our support can assist you with addressing this issue.

  • 0 in reply to Jan.Krivanek

    Also just one more quick check - this can also be a symptoms of changing name resolution from DNS to NetBIOS. In such a case changing name resolution back to DNS would probably resolve the problem.

  • FormerMember
    0 FormerMember in reply to Jan.Krivanek

    I think it's something in the way our local DNS resolves, because I am not, in fact, able to do a successful reverse lookup through an nslookup on the Orion server.  So I guess that would be the issue: NTA pulls the endpoint IP address from the Netflow records, then looks to whatever DNS the local machine is using, but since our local DNS doesn't resolve that IP address to a well known name (like youtube.com), then NTA just shows the remote IP address.  I suspect it's something we need to fix with our DNS and the the forwarders it uses.

    Thanks for the input.

  • 0 in reply to FormerMember

    Yes, exactly as you wrote - NTA is just using DNS of the local machine (or machine of web server in case of 'on demand' resolution). So once you set-up resolution of well known names on that machine, NTA should start resolve external names correctly.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.