Search 85,258 posts and 649 resources contributed by 42,945 members or post a topic.

Already Joined? Sign in
NetFlow packets and DNS problem

Page 1 of 1 (3 items) | RSS

rated by 0 users
Answered (Verified) This post has 1 verified answer | 2 Replies | 0 Followers | 365 Views


698 Posts
Points 2,286
Thwack MVP
lchance posted on Mon, Jun 15 2009 2:32 PM
rated by 0 users

I have a unique problem where a mail server's (SMTP) traffic shows a different DNS name however we no longer have that DNS entry in our DNS-server.

For example (using bogus names/IP):

For what should be MAILSERVER_1 at IP address 98.100.100.1 will show up in NetFlow views as an older and no longer used name of MAILSERVER_2 at that same IP of 98.100.100.1.

Do NetFlow packets even care about DNS or could it get DNS resolution some other way? Could the router have that older name/IP cached?

Thanks for any help or ideas about this.

  • | Post Points: 3

Answered (Verified) Verified Answer


80 Posts
Points 372
SolarWinds Employee
Answered (Verified) ET replied on Tue, Jun 16 2009 6:41 AM
rated by 0 users
Verified by lchance

Hi,

Each successfully resolved DNS name expired in 7 days (by default), so we keep dns names for 7 days and than we try to re-resolved them. Do you think that this could be the problem?

if you use manual dns lookup on view EndPointDetails it shows you also old dns name?

You can also try to flush dns cache on computer where runs our nta collector. ipconfig ipconfig.exe /flushdns

 

ET, Developer

  • | Post Points: 23

All Replies


80 Posts
Points 372
SolarWinds Employee
Answered (Verified) ET replied on Tue, Jun 16 2009 6:41 AM
rated by 0 users
Verified by lchance

Hi,

Each successfully resolved DNS name expired in 7 days (by default), so we keep dns names for 7 days and than we try to re-resolved them. Do you think that this could be the problem?

if you use manual dns lookup on view EndPointDetails it shows you also old dns name?

You can also try to flush dns cache on computer where runs our nta collector. ipconfig ipconfig.exe /flushdns

 

ET, Developer

  • | Post Points: 23

698 Posts
Points 2,286
Thwack MVP
lchance replied on Tue, Jun 16 2009 8:29 AM
rated by 0 users

Thanks - it was in the EDIT of EndPoint Details that fixed this for me.

AND - it also answers another post I had out there as well - http://thwack.com/forums/t/16517.aspx

Thanks again!!!!

  • | Post Points: 1
Page 1 of 1 (3 items) | RSS

© 2003 - 2010 SolarWinds, Inc. All Rights Reserved.

Who is SolarWinds?

SolarWinds is rewriting the rules for how companies manage their networks. Guided by a global community of network engineers, SolarWinds develops simple and powerful network management software and network monitoring software for networks of all sizes. SolarWinds also offers a network certification program to become a SolarWinds Certified Professional (SCP).

What is thwack?

thwack, SolarWinds online community site, was designed by network engineers, for network engineers. thwack is a vibrant, growing community of more than 30,000 IT pros who share a passion for technology.

Explore Resources, Answers, Templates, and Advice

Download Free Networking Tools

Learn More About SolarWinds Products