Excessive external DNS reverse lookups for cluster LIF IPs

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 627

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP 9
Harvest
DNS

Issue

The packet trace shows a burst of PTR requests generated by node management LIF for Cluster LIF IP address

1 <node management IP> 50445 <DNS IP> domain DNS Standard query 0xdf71 PTR 44.33.22.11.in-addr.arpa 2 <DNS IP> domain <node management IP> 50445 DNS Standard query response 0xdf71 No such name PTR 44.33.22.11.in-addr.arpa SOA localhost

Along with the DNS storm, the DNS server may stop answering questions from the Cluster SVM leading to dns.server.timed.out errors

mgwd: dns.server.timed.out:error]: DNS server 111.111.111.11 did not respond to vserver = SVM within timeout interval. mgwd: dns.server.timed.out:error]: DNS server 111.111.111.12 did not respond to vserver = SVM within timeout interval.

Audit logs contain REST requests for /api/private/cli/network/connections/active where remote_host field is requested

Wed Dec 06 2023 20:00:21 +09:00 [kern_audit:info:2412]xxx:: admin-vserver: http :: xx.xx.xx.xx:47068 :: admin-vserver:admin :: GET /api/private/cli/network/connections/active?return_records=true&fields=service,blocks_lb,lif_name,local_address,node,proto,remote_host,cid,local_port,lru, remote_ip,vserver :: Pending ・・・・・・

Wed Dec 06 2023 20:00:27 +09:00 [kern_audit:info:2412]xxx:: admin-vserver: http :: xx.xx.xx.xx:47068 :: admin-vserver:admin :: GET /api/private/cli/network/connections/active?return_records=true&fields=service,blocks_lb,lif_name,local_address,node,proto,remote_host,cid,local_port,lru, remote_ip,vserver :: Success: