NTA will use DNS for the labeling of endpoints on Netflow data. NPM will also use DNS for a Node's DNS field.
It is likely that one of the netflows NTA is monitoring contained an endpoint for those domains. You can check this by searching for the Endpoint Domain on the search bar for NTA. This will also allow you to pinpoint exactly which nodes are in fact communicating to those domains.
That certainly makes a lot of sense. I'll do a search for the Endpoint Domain as suggested to see where that leads me and will let you know the results. Gotta love working on a mystery. Thnx...F
we are facing the same issue in our environment .please help us how to fix the and we did the following option to fix the prt lookup from npm but no luck still it is throwing dns queries
disable the dns reverse lookup in server
disable the nta persistant
disable the netpath pathe server
If you've already turned off whatever you can turn off within SolarWinds itself, try checking if there's anything else within the Windows OS that hosts SolarWinds that's sending out reverse dns lookups.
Remote in to the polling engine, and try using Netmon from Microsoft to run a packet capture (I'm more familiar with netmon, but I can also use wireshark)
It may help you in identifying what process name is doing the PTR. If the process name that does the PTR request is not a SolarWinds-related process, then try isolating that one process, figure out which app runs that process and continue from there.
Un-check "Perform reverse DNS lookup"
Hope this helps.