Dump the contents of dnsCache.db and see what's in there. For that matter, delete it...
IIRC when I corrected the TTL problem, I had to delete the file so that it was recreated. Otherwise all the records in there were being ignored (wrong length), but since it had a record for the host it wasn't resolving it... -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sha > Chancellor > Sent: Wednesday, March 10, 2004 5:58 PM > To: [EMAIL PROTECTED] > Subject: Re: [Ntop] Yet another DNS question.... > > > No my problem is that NTOP is trying to resolve them: > > DNS resolution attempts 239008 > ....Success: Resolved 239008 > ....Failed 0 > DNS lookups stored in cache 239008 > Host addresses kept numeric 0 > > > But they don't show up as names when I look at the hosts page. I'm > wondering why? I'm running Ntop 3.0pre2. > I'm assuming by DNS lockup you mean lookup? > > > [EMAIL PROTECTED] wrote: > > >I'm running with eth0 and eth1 so I can watch both my corporate firewall > >(normal) or my interoffice link, when I switch NICs. Both segments lead > >back into my corporate network, I'm just watching them at the actual > >interfaces on the firewalls. > > > >I have the opposite problem, I can't seem to get it to do much in the way > >of DNS lockups..... > > > > > > >> Why do you use eth0 and eth1? Is this a host in bridging mode, or on > >> mirrored ports? I was doing something similiar (I have a linux box > >> running ntop in bridging mode in front of the router), If I used _BOTH_ > >> i was getting double the traffic in my graphs and similiar. The box > >> does QoS and a few other things so it has to be BETWEEN in my case, and > >> not on mirrored ports. I have --track-local-hosts on and -i > br0 and -m > >> localsubnet. ntop still seems to be doing massive amounts of dns > >> lookups. According to ntop the machine it's running on has > already does > >> 8 mBs of dns queries. However, in the ip summary->Traffic I only see > >> the domain names for a few people. It's irritating me to no end. I > >> want to run with sticky hosts, but if i do that without > >> --track-local-hosts my machine quickly runs out of memory. Argh> > > > >[EMAIL PROTECTED] wrote: > > > > > > > >>OK, I'm ready to take my mailing list beating... > >> > >>I looked through the old list postings and found similar questions and > >> > >> > >some > > > > > >>answers, but could not spot the information I was looking for. > >> > >>In my implementation of NTOP, I am watching all traffic going out of our > >>corporate firewall. NTOP seems to capture most DNS requests > that traverse > >>the firewall. That is working fine. What I'm having a problem with is > >>that I have hundreds of internal machines that generate traffic to the > >>external world, but have no cause to have their own IP address > resolved by > >>any traffic I can sniff. > >> > >>I am starting NTOP with the following: > >> > >>ntop -d -u ntop -i eth0,eth1 -M -o -m 10.0.0.0/8 -p > /etc/protocols.ntop -P > >>/tmp > >> > >>and have all of my subnets broken down into 24 bit masks. i.e > 10.12.54.x, > >>10.12.44.x etc... > >> > >>I am using today's CVS pull, but have had this "problem" for a very long > >>time. > >> > >>I there a way I can specify what address to aggressively do reverse name > >>resolution on or simply to have NTOP actively resolve all IP addresses, > >>thus more completely populating my internal machine addresses > with names? > >> > >> > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
