How does default DNS resolution work in SolarWinds NTA?
In SolarWinds NTA, host or domain names are stored directly in individual flows. SolarWinds NTA receives a flow from an IP address and waits for the DNS server to resolve it:
- Until the DNS server responds, flows are stored under the IP address.
- When the DNS server resolves the hostname, SolarWinds NTA uses this hostname or domain for flows from this IP address for the next seven days. Then the query is repeated.
- When SolarWinds NTA cannot reach the DNS server, it retries the query in one minute, and keeps repeating the query until the DNS server responds.
- If the DNS server cannot find out the host or domain name, for example if the administrator had not specified it, SolarWinds NTA adds the IP address to the list of unresolved IP addresses. Flows from this IP address are stored in the database under the appropriate IP address. SolarWinds NTA repeats the query to the DNS server to resolve the hostname in two days.
You can also configure the interval between DNS lookups. SolarWinds NTA performs regular DNS lookups on all monitored devices. By default, if the domain of a monitored device resolves successfully, SolarWinds NTA will not attempt another DNS lookup on the same device for seven days. If the domain name of a monitored device does not resolve successfully, by default, Orion will attempt to resolve the same device again in two days.