I'm surprised there is no caching. I just can't get ntop to resolve the IPs and show the names. It works in only about half the IPs and I have no idea why.
Looking at the "throughput" table, I will see some entries resolved properly: sys1.unixrealm.com While others show the ip: 192.168.213.42 [IP] I can't figure out why this happens. I tested and re-tested my DNS and these IPs resolve fine. Not sure why ntop won't handle it. Maybe it should cache? On Mon, Oct 10, 2011 at 2:05 PM, Gary Gatten <[email protected]> wrote: > Lol! I have dns issues, but different than your. If I rul more than a sinle > resolution thread ntop will die a horrible death. > > There's no dnscache.db for some time now. If u want caching try a caching > resolver. I used bind. > > What do you want to start from scratch? There's no caching or other history > related to resolution. > > After reviewing your problem it seems to be something with your dns and/or > local resolver conf. What exactly is the issue? > > ----- Original Message ----- > From: Charles Gagnon [mailto:[email protected]] > Sent: Monday, October 10, 2011 12:57 PM > To: [email protected] <[email protected]> > Subject: Re: [Ntop] DNS Resolution half working > > Nobody has DNS resolition issues? > > Did something replace dnsCache.db? Which of the DB files would I need > to restart from scratch? > > On Wed, Sep 28, 2011 at 7:32 AM, Charles Gagnon <[email protected]> > wrote: >> These are all private servers. We use private addresses inside and NAT >> out to the internet. All my servers use internal DNS servers. I have >> /etc/resolv.conf setup as it should and nsswitch.conf says: >> >> hosts: files nis dns >> >> So I'm thinking gethostbyaddr() should work fine. I feel like >> resolution was attempted at some point and results were cached and now >> it's not retrying. But I can't find "dnsCache.db" yet the man page >> still refers to it. >> >> I started with: >> >> # ntop -P /usr/local/var/ntop -u ntop -d >> >> And this is what I have: >> >> [root@sys1 ~]# ls -l /usr/local/var/ntop/ >> total 2072 >> -rw-r----- 1 ntop ntop 225280 Sep 27 09:20 fingerprint.db >> -rw-r----- 1 ntop ntop 1986634 Sep 26 12:55 macPrefix.db >> -rw-r----- 1 ntop ntop 12546 Oct 21 2010 ntop_pw.db >> -rw-r----- 1 ntop ntop 14094 Sep 27 09:20 prefsCache.db >> drwxrwxrwx 5 ntop ntop 4096 Oct 21 2010 rrd >> >> >> On Tue, Sep 27, 2011 at 10:24 PM, Burton Strauss III >> <[email protected]> wrote: >>> 192.168.x.x/16 is the private space (RFC 1913). So no public facing DNS >>> server would resolve those. It would only be resolved if you were pointing >>> to your internal DNS server AND it was setup to manage the specific zone. >>> So the question is where is nslookup getting names from? >>> >>> >>> >>> -----Burton >>> >>> %QUOTE% >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Charles Gagnon >>> Sent: Tuesday, September 27, 2011 1:12 PM >>> To: [email protected] >>> Subject: [Ntop] DNS Resolution half working >>> >>> I searched for references and I can't find what this error could be. >>> When listing hosts (specially in the throughput list I use a lot), some >>> hosts get resolved and others don't and I can't figure out why. >>> I've setup DNS resolution to 'All' (though I tried "local" and "Local >>> + Remote"). >>> >>> When I look at the list, a number of items have names, others should the IP >>> with "[IP]" after. Seems very consistent, the same hosts are resolved and >>> the same show IPs between restarts. >>> >>> I was thinking of flushing out dnsCache.db but I don't that exists in >>> 4.1.0 (gone since 3.x maybe?). >>> >>> When I dump the hosts, I see some with names and others without: >>> >>> 192.168.206.11|0|'192.168.206.11'|'192.168.206.11'|[...] >>> 192.168.206.10|0|'192.168.206.10'|'hhnas01'|[...] >>> 192.168.206.13|0|'192.168.206.13'|'192.168.206.13'|[...] >>> 192.168.206.12|0|'192.168.206.12'|'192.168.206.12'|[...] >>> 192.168.206.15|0|'192.168.206.15'|'hhutil01'|[...] >>> 192.168.206.14|0|'192.168.206.14'|'192.168.206.14'|[...] >>> >>> Any ideas? Any other "cache" I can get rid of. Testing with nslookup yields >>> a name for all those IPs. >>> >>> -- >>> Charles Gagnon >>> charlesg at unixrealm.com >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> >> -- >> Charles Gagnon >> charlesg at unixrealm.com >> > > > > -- > Charles Gagnon > charlesg at unixrealm.com > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > -- Charles Gagnon charlesg at unixrealm.com _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
