cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted

Logs & Monitoring - Reverse DNS lookups incorrect

Hello,

I  have been looking for information about how the reverse DNS lookup works for the "logs" in R80.10.  The issue we have is that the FQDN being displayed in the Logs is incorrect. In the log view ZRH-L00053" is displayed for the IP 10.166.138.158

Log Veiw

When we check the DNS on the management server the host ZRH-D00008 is the actual owner of this IP Address in both directions and ZRH-L00053 maps to another IP

nslookup

If anyone has any information about how this reverse DNS lookup is working it would be great

Many thanks,

Michael

Labels (1)
4 Replies
Admin
Admin

Re: Logs & Monitoring - Reverse DNS lookups incorrect

Curious, what does the DNS on the gateway that accepted/blocked the traffic say about this IP?

As far as I know, this is resolved on the management station.

You might also look at the local hosts file on the management station to see if it say something different as I believe that will take precedence. 

0 Kudos

Re: Logs & Monitoring - Reverse DNS lookups incorrect

HI,

Your assumptions match up with mine. In the end as a work around I restarted the management server as a way to force the server to re-query the DNS for the information. I bit extreme, I found not other information about how to reset the DNS cache on the device.

Re: Logs & Monitoring - Reverse DNS lookups incorrect

Did you run into any other issues since?
I just noticed we are having the same problem on our management server (R80.20 JHF 47).

Can resolve properly with the correct PTR when doing a nslookup from our management server, log server and smartconsole machine but logs simply don't update.

Is there any DNS cache clear on the management server verses a reboot?
0 Kudos

Re: Logs & Monitoring - Reverse DNS lookups incorrect

Well.....we opened a TAC case on this one.   We got a runaround at first about how PTR works overall but quickly got TAC to focus on the real issue:  The management/log server.

TAC had us go through DNS cache clears on the smartconsole machine but no changes.

Last night, we rebooted both of our management and log servers per TAC's request (and only after referencing this thread).

Today.......all is resolving correctly 🙂

 

So.....now we are pushing TAC on 'why' this occurred and 'how' this can be prevented going forward.

0 Kudos