000012767 - Reducing DNS Requests

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012767
IssueReducing DNS Requests
I am noticing that my Envision appliance generates a lot of DNS traffic. Where can I look to see why this is happening?
ResolutionSome areas to look at for DNS:

OS Level
--------

1. Try restarting DNS at the OS level under the Windows Services control panel. The service may be in a hung state and slowly chewing up memory or not properly releasing it.

2. In DNS configuration, turn off recursion. This will reduce the number of DNS requests sent from your Envision appliance and force them to be handled directly by your Forwarders.

3. Turn off NetBIOS over TCP/IP on your network interfaces. This eliminates UDP 137 (NetBIOS) lookups which are not needed for normal functionality.


Envision
--------

1. Look under Overview >> System Configuration >> Services >> Set Up DNS Resolver Service to see if you have Resolve hostnames checked. With this option checked, we attempt to resolve every IP address we see in every event that comes in.

2. Look under Reports >> Report Configuration >> Set Up Reports to see if the option for DNS Resolution (Resolve IP Addresses) is checked. In reports, we attempt to resolve IP addresses in the payload to hostnames.
Legacy Article IDa49299

Attachments

    Outcomes