Summary
In the Exinda there are 4 main methods of being able to resolve IPs to hostnames (and vice versa).Overview
When dealing with resolving hosts, either from IP to hostname (also known as an 'nslookup') or hostname to IP (a standard resolution), the Exinda allwos for multiple options. Instead of just attempting one method and then leaving it at that if the process fails, it has various backups that it can rely on so that it can hopefully do the resolution required before failing. These four options can be seen in a list under Configuration > System > Setup, under the "Monitoring" tab.The four options look like the following by default (where lower number indicates they will be tried first):
- Network Object: If a IP is mapped to a network object, whether it is defined by a layer seven definition (where the packet 'to' or 'from' a host matches a L7 classification) or by an actual IP address itself, the resolution will take as the name of the Network Object
- DNS: The Exinda will make a DNS query (or a reverse DNS query) to the DNS servers configured under Configuration > System > Network, under the "DNS" tab. It does not matter whether the DNS servers are statically defined under the "Primary / Seondary / Tertiary" list, or has been dynamically given during the DHCP process.
- IP Address (no resolution): Will display the IPs without attempting to make a host resolution
- NetBIOS Name Lookup: The Exinda will put out a NetBIOS (UDP port 137) query on the IP and attempts to gain a response with a hostname. This is not successful in very many scenarios due to NetBIOS being mainly used on a LAN to get computer host names and information, not a typical URL name resolution that would be done.
1. Look for a network object with the IP needed.
2. If none, consult DNS.
3. If unable to resolve DNS, just post the IP
4. [usually never taken due to unreliability]
However, if NetBIOS is above the IP Address (no resolution) option, then step 4 will be taken before giving up, and this will lead to the Exinda management IP sending out a UDP 137 request to the internet in order to determine who is the holder of either the hostname or IP. This can trigger some security software to think that malicious activity is occurring. If this activity has a source IP of the Exinda's management port, double check these settings in order to ensure that it is not attempting NetBIOS resolution.