How does default DNS resolution work in NTA?
In NTA, host or domain names are stored directly in individual flows. NTA receives a flow from an IP address and waits for the DNS server to resolve it:
- Until the DNS server responds, flows are stored under the IP address.
- When the DNS server resolves the hostname, NTA uses this hostname or domain for flows from this IP address for the next seven days. Then the query is repeated.
- When NTA cannot reach the DNS server, it retries the query in one minute, and keeps repeating the query until the DNS server responds.
- If the DNS server cannot find out the host or domain name, for example if the administrator had not specified it, NTA adds the IP address to the list of unresolved IP addresses. Flows from this IP address are stored in the database under the appropriate IP address. NTA repeats the query to the DNS server to resolve the hostname in two days.
You can also configure the interval between DNS lookups. NTA performs regular DNS lookups on all monitored devices. By default, if the domain of a monitored device resolves successfully, NTA will not attempt another DNS lookup on the same device for seven days. If the domain name of a monitored device does not resolve successfully, by default, the SolarWinds Platform will attempt to resolve the same device again in two days.