Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Olga_Kuts
Advisor

SmartEvent load DNS-server

Jump to solution

Hello!

We have DC controllers with DNS servers. When we enable SmartEvent, the load of the controllers on port 53 is very increased.

How can we minimize this load?

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Hugo_vd_Kooij
Advisor

I recall you could switch off DNS resolving in Smart Reporter. Just had a quick check with SmartEvent in demo mode but you can't configure it there. A quick look at SecureKnowledge and the manuals didn't turn out anything either. 

The option for SmartReporter can be found at the consolidation settings:

But in general DNS is the key to your network. So the skills to manage and maintain good working DNS servers is a critical skill in your network. So it must be high on your organisations list of critical skills.

View solution in original post

8 Replies
PhoneBoy
Admin
Admin

Let's move this to the correct space: https://community.checkpoint.com/community/management/visibility-monitoring?sr=search&searchId=c0def...

SmartEvent needs DNS to put hostnames in the reports.

I assume you could unconfigure DNS on the appliance to disable this.

You may want to set up a caching DNS server internally for this as well, which is probably a good idea for other reasons.

0 Kudos
Olga_Kuts
Advisor

Thanks for yous response! I think, we cannot unconfigure DNS on the appliance, because SmartEvent and Management is on the same server. And where I can find more information about caching DNS server? Is this configuration supported by CheckPoint?

0 Kudos
PhoneBoy
Admin
Admin

Caching DNS servers are not something specific to Check Point.

For example, your local DNS servers already cache information about the Internet based on user traffic as well as provide authoritative information for hosts within your local environment.

A caching DNS server is authoritative for no hosts, merely caching the queries from clients to reduce load on the authoritative nameservers. 

They can be configured on a number of operating systems.

Other than SMB gateways, Check Point gateways do not contain a DNS server. 

0 Kudos
Olga_Kuts
Advisor

Thanks for your answer!

We suspect that the load is caused by the fact that the IP addresses are trying to resolve on the reverse DNS zone (we encountered similar situations when working with other systems). Could this be the reason in this case? Is it possible to disable reverse resolving (perhaps there is an appropriate parameter in the guidbedit)?

0 Kudos
Hugo_vd_Kooij
Advisor

I recommend to put in a caching DNS server just for the SmartEvent server and not let SmartEvent hammer on your Active Directory servers.

0 Kudos
Olga_Kuts
Advisor

Hugo, thanks for your advice.

The SmartEvent server is located on the management machine. Tell me, please, how can we install a cahcing DNS server  just for the SmartEvent  in this case?

0 Kudos
Hugo_vd_Kooij
Advisor

I recall you could switch off DNS resolving in Smart Reporter. Just had a quick check with SmartEvent in demo mode but you can't configure it there. A quick look at SecureKnowledge and the manuals didn't turn out anything either. 

The option for SmartReporter can be found at the consolidation settings:

But in general DNS is the key to your network. So the skills to manage and maintain good working DNS servers is a critical skill in your network. So it must be high on your organisations list of critical skills.

View solution in original post

Olga_Kuts
Advisor

Thank you for bringing my attention to the SmartReporter, it was the problem in it, not in SmartEvent. Thank you!

0 Kudos