24 Replies Latest reply on Feb 2, 2014 10:36 PM by wanine39

    Netflow does not update DNS names

    Debbi

      We are doing a massive PC replacement here over the last few months.  PCs replaced 3 weeks ago are still resolving in netflow (when I search for a PC's IP address) with their old names, even though a reverse lookup on the app server command prompt shows the correct PC name, and our DNS servers show the correct names.  If I search on the old name I can get a hit, on the new name nothing.  This is a big problem.  Solution?  -Debbi

        • Re: Netflow does not update DNS names

           Run the following query, and replace ${OLD_DNS_NAME} with the old DNS name that you want NTA to re-resolve:

          UPDATE FlowCorrelation SET CacheExpiration = '2007-9-18T00:00:00' WHERE Hostname LIKE '${OLD_DNS_NAME}'

          Be sure to keep the single-quotes around the name.   You can leave out the "WHERE Hostname LIKE '${OLD_DNS_NAME}'" bit to have NTA re-resolve all hostnames.  NTA should detect the cache expiration, and queue up each IP for re-resolving.

          "Resolve DNS for this IP Address Right Now" is a feature slated for a future release, but I'll add "re-resolve every IP address".
           

            • Re: Netflow does not update DNS names
              SamuelB

              Floyd,

              I see that you are forcing the cache to expire on the example above. Currently, what is the normal duration between an entry being made in that table and it expiring?
               

              Thanks,

              Samuel 

                • Re: Netflow does not update DNS names

                  NTA will cache DNS lookups for two days. 

                    • Re: Netflow does not update DNS names
                      Debbi

                      Thanks for your kind replies. 


                      I would like to avoid having to do this individually or globally (this would be tens of thousands of names because it would include Internet destinations.)   If Netflow caches lookups for two days why would it not have expired in three weeks and re-resolved the names?  Is this indicative of a problem with my installation?  -Debbi


                        • Re: Netflow does not update DNS names

                           my two cents- we previously had something similar but with orion- 

                          In the SolarWinds database manager, the DNS field in the Node table showed the incorrect (old) name. I changed this value manually through the database manager (update node set DNS= ...) . However, when I selected rediscover for the node, it changed the "Reverse DNS" field to the wrong (old) name

                          The solution was to actually reboot the machine. The only thing that made sense, is that Windows had it cached somewhere and Orion was reading that place although nslookup was looking somewhere else. I would assume the code queries the resolver directly and uses something like gethostbyaddr as opposed to calling an external program like nslookup. anyway, a simple reboot helped us.

                          • Re: Netflow does not update DNS names

                             Debbi,

                             Try doing this with a handful of hosts, and see if it re-resolves the way you expect for those hosts.  If not, try running "ipconfig /flushdns" from a command-line and re-trying for those same hosts.  Our NTA product uses Windows' built-in DNS resolution mechanism, so if Windows has cached these hostnames, it will appear to NTA as though they've never changed.  Also, verify that "nslookup <IP Address>" gives you the results you expect on the server that is running NTA.
                             

                              • Re: Netflow does not update DNS names
                                Debbi

                                Using one as an example, Nslookup on the app box shows the correct hostname.  I looked at the DNS server and the WINS server and neither have the old hostname anywhere.  I must confess I never do direct manipulation of the db so I may be doing it wrong.  When  I run the query you suggested using the SQL Query Analyzer, I get "Invalid object name 'FlowCorrelation'."


                                 Debbi


                                  • Re: Netflow does not update DNS names

                                     Did you select the right database in Query Analyzer?  It generally selects 'master' by default.

                                      • Re: Netflow does not update DNS names
                                        Debbi

                                        Thanks.  The dba's have already enlightened me on my lack of enlightenment!  We did the update command (removing the "T" from what you said to do): UPDATE FlowCorrelation SET CacheExpiration = '2007-09-18 00:00:00' WHERE Hostname LIKE 'kelly-22296.co.multnomah.or.us'


                                        Netflow still thinks the IP goes with this hostname.  I imagine it might just be queued to expire.  How long should it take?  -Debbi

                                          • Re: Netflow does not update DNS names

                                             The 'T' is part of the ISO 8601 specification for locale-insensitive dates; removing the 'T' will break if your DB user is set to use British English; although, it will also break if you forget the leading zero before the 9 like I did =)

                                             As for the cache expiration, let's try another method:

                                            DELETE FROM FlowCorrelation WHERE Hostname LIKE 'kelly-22296.co.multnomah.or.us'

                                            Give that about 2 minutes, and see if it begins resolving properly.  I'm starting some investigation as to why this didn't happen automatically.


                                              • Re: Netflow does not update DNS names
                                                Debbi

                                                Do I sound British to you?  :)


                                                OK I did that.  Now the IP address is not resolved at all (which is probably a good sign).  I will check it in the AM.


                                                BTW, the two times I did these little "update" commands directly on the app server in Query Analyzer, I lost my web connection to the web server on my workstation and had to close my browser to reconnect.  Is that normal when you do a manual update to the db? 


                                                I do want to know that there is a regular refresh process without manual intervention for all stored entries so that I would never have to have the program do new DNS lookups on every address in the db in one fell swoop, queued or not.  In the infamous original version of NTA, I brought our firewalls down because NTA was doing thousands of netbios lookups to the Internet.  The developers fixed that but it made me permanently lookup-shy.


                                                Thanks for your help so far.


                                                Debbi

                                                  • Re: Netflow does not update DNS names

                                                    We actually have tracked this down as a bug, and are actively working on a fix.  As for losing your connection to the web server, that sounds really weird; I've NEVER seen or heard of that happening.  Could it have possibly been a coincidence?

                                                    I definitely understand your concern about DoS by DNS requests given the "infamy" of NTA v1.0 =)  We should be putting out a service release for NTA 2.2 in the near future that will have this fix in it.

                                                      • Re: Netflow does not update DNS names
                                                        Debbi

                                                        Glad you are tracking this and will have a fix.  I am hoping it will be a periodic update that functions well and will not be something manual we have to do.


                                                        The disconnection from the Web interface I am unable to duplicate today, so will treat it as a coincidence for now.


                                                        The IP that I did the Delete on in the database has not reverse-resolved to a name yet after almost 24 hours.


                                                        Debbi


                                                          • Re: Netflow does not update DNS names

                                                            Right; it's definitely not intended to be a manual thing.  We've got the manual "update right now" functionality slated for the next release, but not as a replacement to the automatic refresh of DNS names every two days.

                                                              • Re: Netflow does not update DNS names

                                                                let me make sure I am reading this right. Solarwinds is comming out with a manual "update now" button.


                                                                Is the automatic "refresh of the DNS" comming out in a later release? I see this post was from 9-21-07 the next release is out and I am having the same issue. I have to go to the database and "refresh" manually still. This is a pretty big issue with my company, the reports generated by Orion cannot be trusted since the name resolution is not correct. Seems like this should be pretty high on the priority list since this renders Netflow useless if you cannot trust what you see.


                                                                  • Re: Netflow does not update DNS names
                                                                    NetFlow Traffic Analyzer includes two schedules for automatically updating the DNS entries.  If NetFlow was unable to resolve the DNS entry, then NetFlow will try to pull the DNS information every 2 days until the DNS information is retrieved.  Once the DNS information is populated, NetFlow updates the DNS values every 7 days.
                                                                      • Re: Netflow does not update DNS names
                                                                        SamuelB

                                                                        Is this configurable or will this be configurable in the next release?

                                                                          • Re: Netflow does not update DNS names


                                                                            Is this configurable or will this be configurable in the next release?

                                                                             

                                                                             

                                                                             

                                                                            These settings are not currently configurable.  We are evaluating whether we can slip the ability to configure these settings into this upcoming release or whether it will be a part of the following release.

                                                                              • Re: Netflow does not update DNS names

                                                                                I guess we need to make sure we're on the same page. I am using the Netflow Module within Orion. 

                                                                                Unfortunatly it does not work. I called support (Case # 35603) and worked with them and the ending result was for me to manually clear the DNS in the FlowCorrelation table. Once I did this NetFlow was correctly resolving names. There were DNS entry's in there from 8/07 the expiration date was well past due and still the dns would not resolve via NetFlow. The server would resolve the correct name/ IP via nslookup. I have the latest ver of Orion and Netflow as of 2 weeks ago, I have not had a chance to see if there were any update out there.

                                                                                Any Ideas???

                                                                                • Re: Netflow does not update DNS names
                                                                                  njoylif

                                                                                  Whew, this is a long thread.  but I'm updating my DNS based on the page to indicate needed IP entries (long story).  I am wondering if there is a way to force the update.  I tried clicking on the update button within the netflow page, but that is not doing it.  I've verified the server pulls the DNS name correctly.  Cleared the ipconfig cache, but didn't do anything with SQL because all of the examples are 8.x.  I am currently running 9.x with NF3.x.


                                                                                  Any suggestions?


                                                                                  Thanks much!

                                                                                    • Re: Netflow does not update DNS names
                                                                                      njoylif

                                                                                      seems to me the "lookup" button is worthless on netflow (drill into an IP).


                                                                                      I set cacheexpiration to past date (in DB) and clicked - nothing


                                                                                      I set cachedelete to past date and clicked - nothing


                                                                                      I set FullHostname to '' (emptyset) and clicked - nothing


                                                                                      How can I force a DNS update in Netflow v3.x (latest and greatest, I think).


                                                                                      Thanks

                                                                                • Re: Netflow does not update DNS names

                                                                                  I guess we need to make sure we're on the same page. I am using the Netflow Module within Orion. 


                                                                                  Unfortunatly it does not work. I called support (Case # 35603) and worked with them and the ending result was for me to manually clear the DNS in the FlowCorrelation table. Once I did this NetFlow was correctly resolving names. There were DNS entry's in there from 8/07 the expiration date was well past due and still the dns would not resolve via NetFlow. The server would resolve the correct name/ IP via nslookup. I have the latest ver of Orion and Netflow as of 2 weeks ago, I have not had a chance to see if there were any update out there.