Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA 4.2.3 Administrator Guide > NTA settings > How does default DNS resolution work in SolarWinds NTA?

How does default DNS resolution work in SolarWinds NTA?

Table of contents
No headers

In SolarWinds NTA, host or domain names are stored directly in individual flows. SolarWinds NTA receives a flow from an IP address and waits for the DNS server to resolve it:

  • Until the DNS server responds, flows are stored under the IP address.
  • When the DNS server resolves the hostname, SolarWinds NTA uses this hostname or domain for flows from this IP address for the next seven days. Then the query is repeated.
  • When SolarWinds NTA cannot reach the DNS server, it retries the query in one minute, and keeps repeating the query until the DNS server responds.
  • If the DNS server cannot find out the host or domain name, for example if the administrator had not specified it, SolarWinds NTA adds the IP address to the list of unresolved IP addresses. Flows from this IP address are stored in the database under the appropriate IP address. SolarWinds NTA repeats the query to the DNS server to resolve the hostname in two days.

You can also configure the interval between DNS lookups. SolarWinds NTA performs regular DNS lookups on all monitored devices. By default, if the domain of a monitored device resolves successfully, SolarWinds NTA will not attempt another DNS lookup on the same device for seven days. If the domain name of a monitored device does not resolve successfully, by default, Orion will attempt to resolve the same device again in two days.

 
Last modified
08:58, 13 Apr 2017

Tags

Classifications

Public