Configuring DNS Resolution

Firewall Analyzer by deafult displays the IP addresses of the Source and Destination that participate in the conversation going through Firewall. It also has the option to resolve the IP addresses to DNS names (whichever could be resolved) in the individual reports. You can do it by clicking Resove DNS link that is provided in the report page. Moreover, Firewall Analyzer provides an option to configure DNS resolution for all the reports.

DNS resolution can be configured by following the steps given below:

1. In the Firewall Analyzer web client, select the Settings tab.
2. In Settings screen, select the System Settings > Configure DNS link. Resolve DNS Configuration page appears.
3. On the top, there are three options provided with radio buttons. Select an option as per your requirement, by clicking the radio button. The options are:

4. Select IPAddress and DNSName mapping in memory as per your requirement from the drop down list. The list options are 5000, 10000, and 20000. This denotes the number of IP address and DNS name mappings to cached in the memory of the machine. You can leave it undisturbed with the default value.
5. Click Update to effect the Resolve DNS Configuration. Click Cancel to cancel the configuration operation.

Description of the options

• Do Reverse lookup automatically. I want to see DNS name everywhere instead of IPAddress.

In this option, Firewall Analyzer will perform reverse NS lookup of all IP addresses automatically. This will be carried out for all the reports and the only DNS names (whichever could be resolved) will be displayed in the reports.

Use this option, if you want to see only DNS names of the hosts in all your reports.

• Don't Reverse lookup automatically. Let me get an option to do that in my reports.

In this option, Firewall Analyzer will not perform reverse NS lookup of IP addresses automatically and will display the IP addresses of the Source and Destination that participate in the conversation going through Firewall and if you want DNS names to be displayed for the hosts for a particular report, you can use the ResolveDNS link in the report.

In each of the individual reports a ResolveDNS link has been provided at the top. Clicking this link enables DNS Resolution for all the IP Addresses of the unresolved hosts present in the current report. The status of DNS Resolution depends on the default DNS lookup time, within which Firewall Analyzer will try to resolve the IP Address.

This is an existing option. Use this option, if you want to see DNS names of the hosts only in particular reports.

 

If DNS Resolution is in progress for any other Firewall Analyzer user, then the subsequent user will see the message "Please wait, DNS Resolution in progress for another user" when clicking ResolveDNS link. Once the DNS Resolution is complete for the first user, then the DNS Resolution for the subsequent user begins automatically.

• No lookup at all. I want to see IPAddresses everywhere.

In this option, Firewall Analyzer will display only the IP addresses of the Source and Destination that participate in the conversation going through Firewall.

If you select this option, Resolve DNS option will not be available for any of the reports.

Use this option, if you want to see only IP addresses of the hosts in all your reports.

Firewall Analyzer will resolve all the IP Addresses into DNS names which are resolved by the 'nslookup' command from the machine where the product is installed.