At customer we have been monitoring an application which has now been decommissioned but we can still see clients trying to connect to the server. During an investigation this was revealed to be Outlook plugin configured to use the old instance of the application that does not exist anymore. Therefore getting rid of the plugins from the clients would be beneficial. Since all the connections are failing we cannot perform username recognition on the HTTP level but are limited to client IPs and following DNS lookup for the machine service tag.
Issue here is that at least one client has been spotted that has an outdated DNS lookup result reported as the username and does not match to the current result. Switching between different DNS servers gives out the same correct result when using nslookup.
1) How often does CAS reset the results for IP - Looked up DNS result pair? Can this setting changed on the advanced configuration?
2) In advanced configuration, does the "Resolve all names now" function drop the current looked up names or does it only perform the check for the IPs not associated with a username currently?
If memory servers me there is a nightly task for resolving the DNS names. You can look at it to see when it is next scheduled to run. Clicking Resolve all names now will cause the CAS to do all the reverse lookups now instead of waiting for the task.
I would also check that client DNS resolution is actually enabled if that is what you are trying to achieve.
Thanks for quick response! Values on the CAS advanced configuration are as such:
RTM_USE_DNS_RESOLVER = 1, RTM_LAST_DNS_UPDATE = 0, apm.use.dns = OFF, RTM_DNS_USE_INETADDS = OFF. Would you suggest switching any of these to see a possible difference?
How intense of an operation is resolving all the names during business hours usually? Is this something that should be avoided or preferred to run now to see if it affects the reported results?
It depends how many unique servers and clients you have and how well provisioned your DNS server is. It can be a fairly heavy load.
Looking at your settings though it appears you are trying to use a DNS specified in the CAS for servers but the OS for clients. Is that intentional?
From your original question:
1) I'm not sure if you can update how regularly the CAS performs DNS lookups. I can't find it performing that task in my 12.3 logs, but I know you can see them on server startup in 12.4.
2) Upon clicking on Resolve All Names Now, I was prompted with "This will start DNS resolving from scratch." This tells me it will force the server to re-lookup all names, even if they're already in the CAS.
As far as how intense is the operation, if you navigate to [cas]/atscon -> Task Schedule Status, I see ReresolveServersTask (again, 12.3). (I believe this performs the same function as when you click the "Resolve All Names Now"). Mine has a timeout of 1h and only took .015 seconds, so mine would be safe to run at any time of the day. Check your speed and let me know what that says - I have a feeling you'll be alright. Based on the name, I'm assuming this will perform a fresh lookup of all names, and it happens every morning at 2am.
Also, I use the same RTM 0/1 settings in Advanced Config as you.
Thank you for such detailed answer! As in your case, on the CAS I am on the ReresolveServersTask(also on 12.4) is reported taking 0.069s, fairly minuscule. This will be interesting to run and see if the reported user name indeed changes to one being returned by nslookup on the same DNS.
No problem! Sure, let me know once you've run it if it resolves how you were expecting. I have seen before where even though the DNS task completed, it can take a day to have the IP not show up in reports.
As you can see on Chris's answer below it might take that whole 7 days from the point of resolving initially for the results to update. I will see this again next week to see if the results have indeed changed. Running the task manually had no effect.
The CAS with default settings (12.3.x at least),
The Resolver tasks run every 30 minutes to query new entries, and refresh expired cached entries. Resolved entries are cached by the CAS for 7 days (no matter the DNS TTL setting may say).
From the console run:
NAME RESOLVER SHOW DETAILS
to see what your settings are.
Thanks for your input! Does this mean that if a entry is once cached it will stay unchanged for 7 days no matter what happens on the DNS level? How often do you see this setting changed to match the customer requirements? Currently there are multiple entries in the reporting that don't match results from nslookup.
We need your expert opinion to understand the proper DNS configuration especially for the 'Client Resolver' perspective.
We recently configured the DNS Software Service and found that the CAS server has enormous request breakdown and most of them are Failures (Total) and the Availability (Total) is 50% which we can see in the below screenshot.
We found in the settings that the 'Resolved clients' are far less comparatively 'Not resolved clients'.
What is the relation between above screenshot statistics and the 'Client resolver'?
In the below screenshot resolved servers are 100%.
Please check the following DNS settings for the 'Servers' and 'Clients'