We have DC controllers with DNS servers. When we enable SmartEvent, the load of the controllers on port 53 is very increased.
How can we minimize this load?
I recall you could switch off DNS resolving in Smart Reporter. Just had a quick check with SmartEvent in demo mode but you can't configure it there. A quick look at SecureKnowledge and the manuals didn't turn out anything either.
The option for SmartReporter can be found at the consolidation settings:
But in general DNS is the key to your network. So the skills to manage and maintain good working DNS servers is a critical skill in your network. So it must be high on your organisations list of critical skills.
Let's move this to the correct space: Logging, Monitoring, & Event Analysis
SmartEvent needs DNS to put hostnames in the reports.
I assume you could unconfigure DNS on the appliance to disable this.
You may want to set up a caching DNS server internally for this as well, which is probably a good idea for other reasons.
Thanks for yous response! I think, we cannot unconfigure DNS on the appliance, because SmartEvent and Management is on the same server. And where I can find more information about caching DNS server? Is this configuration supported by CheckPoint?
Caching DNS servers are not something specific to Check Point.
For example, your local DNS servers already cache information about the Internet based on user traffic as well as provide authoritative information for hosts within your local environment.
A caching DNS server is authoritative for no hosts, merely caching the queries from clients to reduce load on the authoritative nameservers.
They can be configured on a number of operating systems.
Other than SMB gateways, Check Point gateways do not contain a DNS server.
Thanks for your answer!
We suspect that the load is caused by the fact that the IP addresses are trying to resolve on the reverse DNS zone (we encountered similar situations when working with other systems). Could this be the reason in this case? Is it possible to disable reverse resolving (perhaps there is an appropriate parameter in the guidbedit)?
I recommend to put in a caching DNS server just for the SmartEvent server and not let SmartEvent hammer on your Active Directory servers.
Hugo, thanks for your advice.
The SmartEvent server is located on the management machine. Tell me, please, how can we install a cahcing DNS server just for the SmartEvent in this case?
Thank you for bringing my attention to the SmartReporter, it was the problem in it, not in SmartEvent. Thank you!
Retrieving data ...