Caching likely has nothing to do with it. Do you notice if only your "remote" networks resolve, or only your "local", or do IP from local AND remote networks resolve. If one type of hosts is consistently not resolving it's prolly a bug is the resolution code
----- Original Message ----- From: Charles Gagnon [mailto:[email protected]] Sent: Tuesday, October 11, 2011 06:51 AM To: [email protected] <[email protected]> Subject: Re: [Ntop] DNS Resolution half working I'm surprised there is no caching. I just can't get ntop to resolve the IPs and show the names. It works in only about half the IPs and I have no idea why. Looking at the "throughput" table, I will see some entries resolved properly: sys1.unixrealm.com While others show the ip: 192.168.213.42 [IP] I can't figure out why this happens. I tested and re-tested my DNS and these IPs resolve fine. Not sure why ntop won't handle it. Maybe it should cache? On Mon, Oct 10, 2011 at 2:05 PM, Gary Gatten <[email protected]> wrote: > Lol! I have dns issues, but different than your. If I rul more than a sinle > resolution thread ntop will die a horrible death. > > There's no dnscache.db for some time now. If u want caching try a caching > resolver. I used bind. > > What do you want to start from scratch? There's no caching or other history > related to resolution. > > After reviewing your problem it seems to be something with your dns and/or > local resolver conf. What exactly is the issue? > > ----- Original Message ----- > From: Charles Gagnon [mailto:[email protected]] > Sent: Monday, October 10, 2011 12:57 PM > To: [email protected] <[email protected]> > Subject: Re: [Ntop] DNS Resolution half working > > Nobody has DNS resolition issues? > > Did something replace dnsCache.db? Which of the DB files would I need > to restart from scratch? > > On Wed, Sep 28, 2011 at 7:32 AM, Charles Gagnon <[email protected]> > wrote: >> These are all private servers. We use private addresses inside and NAT >> out to the internet. All my servers use internal DNS servers. I have >> /etc/resolv.conf setup as it should and nsswitch.conf says: >> >> hosts: files nis dns >> >> So I'm thinking gethostbyaddr() should work fine. I feel like >> resolution was attempted at some point and results were cached and now >> it's not retrying. But I can't find "dnsCache.db" yet the man page >> still refers to it. >> >> I started with: >> >> # ntop -P /usr/local/var/ntop -u ntop -d >> >> And this is what I have: >> >> [root@sys1 ~]# ls -l /usr/local/var/ntop/ >> total 2072 >> -rw-r----- 1 ntop ntop 225280 Sep 27 09:20 fingerprint.db >> -rw-r----- 1 ntop ntop 1986634 Sep 26 12:55 macPrefix.db >> -rw-r----- 1 ntop ntop 12546 Oct 21 2010 ntop_pw.db >> -rw-r----- 1 ntop ntop 14094 Sep 27 09:20 prefsCache.db >> drwxrwxrwx 5 ntop ntop 4096 Oct 21 2010 rrd >> >> >> On Tue, Sep 27, 2011 at 10:24 PM, Burton Strauss III >> <[email protected]> wrote: >>> 192.168.x.x/16 is the private space (RFC 1913). So no public facing DNS >>> server would resolve those. It would only be resolved if you were pointing >>> to your internal DNS server AND it was setup to manage the specific zone. >>> So the question is where is nslookup getting names from? >>> >>> >>> >>> -----Burton >>> >>> %QUOTE% >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Charles Gagnon >>> Sent: Tuesday, September 27, 2011 1:12 PM >>> To: [email protected] >>> Subject: [Ntop] DNS Resolution half working >>> >>> I searched for references and I can't find what this error could be. >>> When listing hosts (specially in the throughput list I use a lot), some >>> hosts get resolved and others don't and I can't figure out why. >>> I've setup DNS resolution to 'All' (though I tried "local" and "Local >>> + Remote"). >>> >>> When I look at the list, a number of items have names, others should the IP >>> with "[IP]" after. Seems very consistent, the same hosts are resolved and >>> the same show IPs between restarts. >>> >>> I was thinking of flushing out dnsCache.db but I don't that exists in >>> 4.1.0 (gone since 3.x maybe?). >>> >>> When I dump the hosts, I see some with names and others without: >>> >>> 192.168.206.11|0|'192.168.206.11'|'192.168.206.11'|[...] >>> 192.168.206.10|0|'192.168.206.10'|'hhnas01'|[...] >>> 192.168.206.13|0|'192.168.206.13'|'192.168.206.13'|[...] >>> 192.168.206.12|0|'192.168.206.12'|'192.168.206.12'|[...] >>> 192.168.206.15|0|'192.168.206.15'|'hhutil01'|[...] >>> 192.168.206.14|0|'192.168.206.14'|'192.168.206.14'|[...] >>> >>> Any ideas? Any other "cache" I can get rid of. Testing with nslookup yields >>> a name for all those IPs. >>> >>> -- >>> Charles Gagnon >>> charlesg at unixrealm.com >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> >> -- >> Charles Gagnon >> charlesg at unixrealm.com >> > > > > -- > Charles Gagnon > charlesg at unixrealm.com > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > -- Charles Gagnon charlesg at unixrealm.com _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
