What I see from my environment, DNS resolves SLOW! I'm able to resolve from inside and outside my network, but takes hours to update. I'm also running a caching BIND server on the same server to see if that would speed things up, which it's not? Also on a side note for Ntop to work correctly separating my local and remote traffic I had to to turn off MAC addresses via the command line -o
Cheers, Eric On Tue, Oct 11, 2011 at 6:05 AM, Gary Gatten <[email protected]> wrote: > Caching likely has nothing to do with it. Do you notice if only your > "remote" networks resolve, or only your "local", or do IP from local AND > remote networks resolve. If one type of hosts is consistently not resolving > it's prolly a bug is the resolution code > > ----- Original Message ----- > From: Charles Gagnon [mailto:[email protected]] > Sent: Tuesday, October 11, 2011 06:51 AM > To: [email protected] <[email protected]> > Subject: Re: [Ntop] DNS Resolution half working > > I'm surprised there is no caching. I just can't get ntop to resolve > the IPs and show the names. It works in only about half the IPs and I > have no idea why. > > Looking at the "throughput" table, I will see some entries resolved > properly: > > sys1.unixrealm.com > > While others show the ip: > > 192.168.213.42 [IP] > > I can't figure out why this happens. I tested and re-tested my DNS and > these IPs resolve fine. Not sure why ntop won't handle it. Maybe it > should cache? > > > On Mon, Oct 10, 2011 at 2:05 PM, Gary Gatten <[email protected]> wrote: > > Lol! I have dns issues, but different than your. If I rul more than a > sinle resolution thread ntop will die a horrible death. > > > > There's no dnscache.db for some time now. If u want caching try a > caching resolver. I used bind. > > > > What do you want to start from scratch? There's no caching or other > history related to resolution. > > > > After reviewing your problem it seems to be something with your dns > and/or local resolver conf. What exactly is the issue? > > > > ----- Original Message ----- > > From: Charles Gagnon [mailto:[email protected]] > > Sent: Monday, October 10, 2011 12:57 PM > > To: [email protected] <[email protected]> > > Subject: Re: [Ntop] DNS Resolution half working > > > > Nobody has DNS resolition issues? > > > > Did something replace dnsCache.db? Which of the DB files would I need > > to restart from scratch? > > > > On Wed, Sep 28, 2011 at 7:32 AM, Charles Gagnon <[email protected]> > wrote: > >> These are all private servers. We use private addresses inside and NAT > >> out to the internet. All my servers use internal DNS servers. I have > >> /etc/resolv.conf setup as it should and nsswitch.conf says: > >> > >> hosts: files nis dns > >> > >> So I'm thinking gethostbyaddr() should work fine. I feel like > >> resolution was attempted at some point and results were cached and now > >> it's not retrying. But I can't find "dnsCache.db" yet the man page > >> still refers to it. > >> > >> I started with: > >> > >> # ntop -P /usr/local/var/ntop -u ntop -d > >> > >> And this is what I have: > >> > >> [root@sys1 ~]# ls -l /usr/local/var/ntop/ > >> total 2072 > >> -rw-r----- 1 ntop ntop 225280 Sep 27 09:20 fingerprint.db > >> -rw-r----- 1 ntop ntop 1986634 Sep 26 12:55 macPrefix.db > >> -rw-r----- 1 ntop ntop 12546 Oct 21 2010 ntop_pw.db > >> -rw-r----- 1 ntop ntop 14094 Sep 27 09:20 prefsCache.db > >> drwxrwxrwx 5 ntop ntop 4096 Oct 21 2010 rrd > >> > >> > >> On Tue, Sep 27, 2011 at 10:24 PM, Burton Strauss III > >> <[email protected]> wrote: > >>> 192.168.x.x/16 is the private space (RFC 1913). So no public facing > DNS > >>> server would resolve those. It would only be resolved if you were > pointing > >>> to your internal DNS server AND it was setup to manage the specific > zone. > >>> So the question is where is nslookup getting names from? > >>> > >>> > >>> > >>> -----Burton > >>> > >>> %QUOTE% > >>> > >>> -----Original Message----- > >>> From: [email protected] > >>> [mailto:[email protected]] On Behalf Of Charles Gagnon > >>> Sent: Tuesday, September 27, 2011 1:12 PM > >>> To: [email protected] > >>> Subject: [Ntop] DNS Resolution half working > >>> > >>> I searched for references and I can't find what this error could be. > >>> When listing hosts (specially in the throughput list I use a lot), some > >>> hosts get resolved and others don't and I can't figure out why. > >>> I've setup DNS resolution to 'All' (though I tried "local" and "Local > >>> + Remote"). > >>> > >>> When I look at the list, a number of items have names, others should > the IP > >>> with "[IP]" after. Seems very consistent, the same hosts are resolved > and > >>> the same show IPs between restarts. > >>> > >>> I was thinking of flushing out dnsCache.db but I don't that exists in > >>> 4.1.0 (gone since 3.x maybe?). > >>> > >>> When I dump the hosts, I see some with names and others without: > >>> > >>> 192.168.206.11|0|'192.168.206.11'|'192.168.206.11'|[...] > >>> 192.168.206.10|0|'192.168.206.10'|'hhnas01'|[...] > >>> 192.168.206.13|0|'192.168.206.13'|'192.168.206.13'|[...] > >>> 192.168.206.12|0|'192.168.206.12'|'192.168.206.12'|[...] > >>> 192.168.206.15|0|'192.168.206.15'|'hhutil01'|[...] > >>> 192.168.206.14|0|'192.168.206.14'|'192.168.206.14'|[...] > >>> > >>> Any ideas? Any other "cache" I can get rid of. Testing with nslookup > yields > >>> a name for all those IPs. > >>> > >>> -- > >>> Charles Gagnon > >>> charlesg at unixrealm.com > >>> _______________________________________________ > >>> Ntop mailing list > >>> [email protected] > >>> http://listgateway.unipi.it/mailman/listinfo/ntop > >>> > >>> _______________________________________________ > >>> Ntop mailing list > >>> [email protected] > >>> http://listgateway.unipi.it/mailman/listinfo/ntop > >>> > >> > >> > >> > >> -- > >> Charles Gagnon > >> charlesg at unixrealm.com > >> > > > > > > > > -- > > Charles Gagnon > > charlesg at unixrealm.com > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > > > > > > > <font size="1"> > > <div style='border:none;border-bottom:double windowtext > 2.25pt;padding:0in 0in 1.0pt 0in'> > > </div> > > "This email is intended to be reviewed by only the intended recipient > > and may contain information that is privileged and/or confidential. > > If you are not the intended recipient, you are hereby notified that > > any review, use, dissemination, disclosure or copying of this email > > and its attachments, if any, is strictly prohibited. If you have > > received this email in error, please immediately notify the sender by > > return email and delete this email from your system." > > </font> > > > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > -- > Charles Gagnon > charlesg at unixrealm.com > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
