Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scott_Paisley
Advisor

Does FQDN add www on lookups?

We are sending logs to Splunk cloud, and all the indexers have cloud names like

idx-i-01d6982babc7910a8.splunkcloud.com

We have FQDN objects for these, so the gateways have to do a DNS lookup for those names, which is working fine, but looking at DNS logs I see it also looks up the same name with www. on the front

Is that a configuration feature we can turn off?

0 Kudos
2 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

This is expected behavior and is improved in more recent versions.

The additional WWW based lookups can be disabled in consultation with TAC, but is a global change that will impact _all_ domain objects.

 

 

CCSM R77/R80/ELITE
0 Kudos
Scott_Paisley
Advisor

Thanks

This may be related, or may be something completely different...

My gateways are configured to use internal DNS servers, but looking at logs I see the gateways trying to do lookups against google and fortinet public DNS. Is that the gateways doing these www lookups, or something else?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events