Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scott_Paisley
Contributor

Does FQDN add www on lookups?

We are sending logs to Splunk cloud, and all the indexers have cloud names like

idx-i-01d6982babc7910a8.splunkcloud.com

We have FQDN objects for these, so the gateways have to do a DNS lookup for those names, which is working fine, but looking at DNS logs I see it also looks up the same name with www. on the front

Is that a configuration feature we can turn off?

0 Kudos
Reply
2 Replies
Chris_Atkinson
Employee
Employee

This is expected behavior and is improved in more recent versions.

The additional WWW based lookups can be disabled in consultation with TAC, but is a global change that will impact _all_ domain objects.

 

 

0 Kudos
Reply
Scott_Paisley
Contributor

Thanks

This may be related, or may be something completely different...

My gateways are configured to use internal DNS servers, but looking at logs I see the gateways trying to do lookups against google and fortinet public DNS. Is that the gateways doing these www lookups, or something else?

0 Kudos
Reply