1 Reply Latest reply on Jun 24, 2010 6:45 AM by Jan.Krivanek

    The oft talked about DNS lookup

      I know that this topic has been tread upon in other threads.  But I havent been able to get a coherent response from the threads i have looked at.  I blame myself for this, so thought I would ask for some assistance.  I apologize if this repetition causes people pain. :)

      I am running NTA 3.6 pulling netflow from lots of sources.  DNS is set to persistent and it is allowed to spend as long as it wants trying to resolve unknown ip addresses.  The machine that NTA sits on is internal on RFC1918 space with the host OS configured to use a DNS server that is also internal.  The server looks up internal and external ip addresses forwards and backwards without problem.  However, when I do a lookup through NTA, i consistently get the response i would get from something on the internet.  With no internal resolution of names at all. 

      Does NTA try and do lookups from the root servers or only accept authoritative responses?


      Not quite sure what i need to modify here.  Manually entering host names is getting tiresome.

        • Re: The oft talked about DNS lookup

          Hello inrouted,

          Absolutely no need to apologize for your question – obviously it was not such an easy one if it took so long to receive some answer.

          From what you described I can imagine just a three possible problems:

          -         If you enable NetBIOS resolution on Netflow Setting page, Netflow service is using only NetBIOS. But you also wrote that NTA seems to be able to resolve external IPs, so than this doesn’t seem to be your case.

          -         NTA service can send hundreds of request to your DNS server if resolution set to persistent, so this can stop respond if configured to prevent DNS flood attacks.

          -         There is some internal problem in NTA.

          In a case that you will be able to refute first two cases, than I would definitely suggest you to submit support ticket, so that our stuff can closer investigate your problem.