6 Replies Latest reply on Aug 23, 2010 5:24 PM by Jan.Krivanek

    Name resolution in NTA

    Swine

      I've found that our NTA only resolves hostnames for "local" IP addresses, not for IP addresses on the Internet.  I've been testing this by watching Youtube videos on my PC.  Then I'll check NTA and I'll see the conversation between my PC and Youtube.com, but it only shows youtube.com as 74.125.211.54.  If you look at NTA on SolarWind's live demo site, you see that the endpoints show up as "youtube.com", "wikipedia.org" and so on.  Is is because the DNS that we point our Orion server to isn't resolving those addresses?  Do we have to somehow point NTA to an external/public DNS server?

        • Re: Name resolution in NTA

          Hi Swine,

          NTA is using DNS on machine where service is installed (if DNS resolution set to 'persistent') or where web server resides (if DNS resolution set to 'on demand'). Also there are some know limitation when changing DNS resolution from 'on demand' to 'persistent' - is there a chance that you performed this change in NetFlow Settings?

            • Re: Name resolution in NTA
              Swine

              Yes, at some point after we installed NTA I see the DNS resolution to 'persistent'.  Maybe I'll try setting it to 'on demand' and see if that makes a difference.

                • Re: Name resolution in NTA

                  I would rather recommend trying reverse dns lookup (e.g. by nslookup) on that machine where you have NTA service installed and if you can confirm that you are able to find DNS name of the problematic endpoint from that machine then the best bet would be opening a ticket so that our support can assist you with addressing this issue.

                    • Re: Name resolution in NTA

                      Also just one more quick check - this can also be a symptoms of changing name resolution from DNS to NetBIOS. In such a case changing name resolution back to DNS would probably resolve the problem.

                        • Re: Name resolution in NTA
                          Swine

                          I think it's something in the way our local DNS resolves, because I am not, in fact, able to do a successful reverse lookup through an nslookup on the Orion server.  So I guess that would be the issue: NTA pulls the endpoint IP address from the Netflow records, then looks to whatever DNS the local machine is using, but since our local DNS doesn't resolve that IP address to a well known name (like youtube.com), then NTA just shows the remote IP address.  I suspect it's something we need to fix with our DNS and the the forwarders it uses.

                          Thanks for the input.

                            • Re: Name resolution in NTA

                              Yes, exactly as you wrote - NTA is just using DNS of the local machine (or machine of web server in case of 'on demand' resolution). So once you set-up resolution of well known names on that machine, NTA should start resolve external names correctly.