Flows and DNS name resolution

Q. How does Flows resolve IP addresses to DNS names?

A. The client uses the standard local "gethostbyname" interface that the operating system offers to Java. This means that the IMFlows GUI asks the operating system to resolve the names. If the OS cannot resolve the IP address to a DNS name, then only the IP address will be displayed in the "Top Network Hosts" window. Also, keep in mind that the user interface "replaces" IP addresses with names, as resolved names come in. So initially it shows only IP addresses, but then starts replacing them with DNS names as they are resolved.

When Java resolves an IP address, it does that through the localhosts own mechanisms, meaning you'll always see the names as the host would see them. However, it does something extra. After it gets the list of names back, it then goes and checks those names in DNS again, to see if the original IP address matches any of the names it got from the reverse query. If the original IP is not in the list, then it considers the hostnames spoofs, and refuses to pass them along to the application. Unfortunately, all Java software is at the mercy of this method (except for InterMapper, which does its own queries).

Flows and DNS name resolution

+1 800-328-1000

[email protected]

Infrastructure Protection & Data Security

Managed Security Services

Automation

IBM i