1 Reply Latest reply on Jan 21, 2010 12:31 PM by ecklerwr1

    manually resolving the host and domain name for an ip address

      NetFlow Monitor appears to use reverse DNS lookup for host and domain name resolution.  However many ip addresses are "obscured" for various reasons, so reverse DNS lookup fails, or resolves to the company who owns the IP address range and may be hosting a web site under contract, such as akamai technologies does.

      If I am able to identify the correct forward reference to a given ip address, say using an alternative site like www.datakitteh.org, how can I manually update my Orion NetFlow database to correctly report the host and domain ?

      It appears that Orion keeps unresolved IP addresses in a table called NetFlowAddressToResolve, and when it resolves the ip it moves the record into FlowCorrelationPostDNS.  How can I do this manually with SQL statements and maintain data integrity within the Orion application ??  Is there a procedure call I can use ??

      Are there other alternate domain name resolution processes I can use here ?

      thanks

      Kirt

        • Re: manually resolving the host and domain name for an ip address
          ecklerwr1

          You could have those entries in hosts file you maintain checked before regular DNS lookup.  nsookup can resolve using a hostsfile for reverse lookups.

          Host name resolution generally uses the following sequence:


          The client checks to see if the name queried is its own.
          The client then searches a local Hosts file, a list of IP address and names stored on the local computer.

          NOTE: The Hosts file location depends on the operating system: 
             Windows NT                  %Systemroot%\System32\Drivers\Etc      

          Where %Systemroot% is the folder in which Windows NT is installed

          Domain Name System (DNS) servers are queried.
          If the name is still not resolved, NetBIOS name resolution sequence is used as a backup. This order can be changed by configuring the NetBIOS node type of the client. (Note you have to enable this in Netflow DNS and NetBIOS Resolution under netflow setting if you want it to use NetBIOS for endpoint resolution)