This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Michael_Horne
Collaborator
‎2018-11-16 04:21 AM

Logs & Monitoring - Reverse DNS lookups incorrect

Hello,

I  have been looking for information about how the reverse DNS lookup works for the "logs" in R80.10.  The issue we have is that the FQDN being displayed in the Logs is incorrect. In the log view ZRH-L00053" is displayed for the IP 10.166.138.158

Log Veiw

When we check the DNS on the management server the host ZRH-D00008 is the actual owner of this IP Address in both directions and ZRH-L00053 maps to another IP

nslookup

If anyone has any information about how this reverse DNS lookup is working it would be great

Many thanks,

Michael

Labels (1)
Labels
Reply
5 Replies
PhoneBoy
Admin
Admin
‎2018-11-16 11:07 AM

Curious, what does the DNS on the gateway that accepted/blocked the traffic say about this IP?

As far as I know, this is resolved on the management station.

You might also look at the local hosts file on the management station to see if it say something different as I believe that will take precedence. 

0 Kudos
Reply
Michael_Horne
Collaborator
‎2018-11-22 02:39 AM
In response to PhoneBoy

HI,

Your assumptions match up with mine. In the end as a work around I restarted the management server as a way to force the server to re-query the DNS for the information. I bit extreme, I found not other information about how to reset the DNS cache on the device.

Reply
Scott_Chambers
Participant
‎2019-05-03 03:13 PM
In response to Michael_Horne

Did you run into any other issues since?
I just noticed we are having the same problem on our management server (R80.20 JHF 47).

Can resolve properly with the correct PTR when doing a nslookup from our management server, log server and smartconsole machine but logs simply don't update.

Is there any DNS cache clear on the management server verses a reboot?
0 Kudos
Reply
Scott_Chambers
Participant
‎2019-05-14 08:34 AM
In response to Scott_Chambers

Well.....we opened a TAC case on this one.   We got a runaround at first about how PTR works overall but quickly got TAC to focus on the real issue:  The management/log server.

TAC had us go through DNS cache clears on the smartconsole machine but no changes.

Last night, we rebooted both of our management and log servers per TAC's request (and only after referencing this thread).

Today.......all is resolving correctly 🙂

 

So.....now we are pushing TAC on 'why' this occurred and 'how' this can be prevented going forward.

0 Kudos
Reply
Enrico
Explorer
‎2019-06-19 10:13 AM
In response to Scott_Chambers

Hello Scott, 

have you had any update from TAC? I'm wandering if there is a solution to the problem because I'm experiencing the same trouble on R80.30 environment. I also found that using smartconsole I get wrong resolution, using old Smartview tracker  hidden in the console folder ip are correctly resolved. 

Maybe it just use a different cache...

Thank you for sharing 

Enrico 

0 Kudos
Reply