These are all private servers. We use private addresses inside and NAT out to the internet. All my servers use internal DNS servers. I have /etc/resolv.conf setup as it should and nsswitch.conf says:
hosts: files nis dns So I'm thinking gethostbyaddr() should work fine. I feel like resolution was attempted at some point and results were cached and now it's not retrying. But I can't find "dnsCache.db" yet the man page still refers to it. I started with: # ntop -P /usr/local/var/ntop -u ntop -d And this is what I have: [root@sys1 ~]# ls -l /usr/local/var/ntop/ total 2072 -rw-r----- 1 ntop ntop 225280 Sep 27 09:20 fingerprint.db -rw-r----- 1 ntop ntop 1986634 Sep 26 12:55 macPrefix.db -rw-r----- 1 ntop ntop 12546 Oct 21 2010 ntop_pw.db -rw-r----- 1 ntop ntop 14094 Sep 27 09:20 prefsCache.db drwxrwxrwx 5 ntop ntop 4096 Oct 21 2010 rrd On Tue, Sep 27, 2011 at 10:24 PM, Burton Strauss III <[email protected]> wrote: > 192.168.x.x/16 is the private space (RFC 1913). So no public facing DNS > server would resolve those. It would only be resolved if you were pointing > to your internal DNS server AND it was setup to manage the specific zone. > So the question is where is nslookup getting names from? > > > > -----Burton > > %QUOTE% > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Charles Gagnon > Sent: Tuesday, September 27, 2011 1:12 PM > To: [email protected] > Subject: [Ntop] DNS Resolution half working > > I searched for references and I can't find what this error could be. > When listing hosts (specially in the throughput list I use a lot), some > hosts get resolved and others don't and I can't figure out why. > I've setup DNS resolution to 'All' (though I tried "local" and "Local > + Remote"). > > When I look at the list, a number of items have names, others should the IP > with "[IP]" after. Seems very consistent, the same hosts are resolved and > the same show IPs between restarts. > > I was thinking of flushing out dnsCache.db but I don't that exists in > 4.1.0 (gone since 3.x maybe?). > > When I dump the hosts, I see some with names and others without: > > 192.168.206.11|0|'192.168.206.11'|'192.168.206.11'|[...] > 192.168.206.10|0|'192.168.206.10'|'hhnas01'|[...] > 192.168.206.13|0|'192.168.206.13'|'192.168.206.13'|[...] > 192.168.206.12|0|'192.168.206.12'|'192.168.206.12'|[...] > 192.168.206.15|0|'192.168.206.15'|'hhutil01'|[...] > 192.168.206.14|0|'192.168.206.14'|'192.168.206.14'|[...] > > Any ideas? Any other "cache" I can get rid of. Testing with nslookup yields > a name for all those IPs. > > -- > Charles Gagnon > charlesg at unixrealm.com > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > -- Charles Gagnon charlesg at unixrealm.com _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
