This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Not all IPs are resolved to DNS names in logs?

I've set up reverse DNS for our network, and Sophos (being the primary DNS) has the correct forwarding to our network DC (which holds the reverse records).

Now most of the time the UTM logs (be it actual logs, information in the flow monitor or the iftop command) show the clients using their DNS names. However... not always. Some keep showing up as IPs, but there are reverse DNS records for these IPs (I can run a manual nslookup command for them to get the names without any issues).

What could be the issue?

PS. Running a HOST <IP> command from the CLI also works fine, so I know the UTM can resolve those IPs!



This thread was automatically locked due to age.
Parents
  • Mateusz, are these perhaps IPs for which the DC has more than a single entry in the Reverse Lookup Zone?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Mateusz, are these perhaps IPs for which the DC has more than a single entry in the Reverse Lookup Zone?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children