Re: [analog-help] DNS reporting
On Fri, 14 Jun 2002, Aengus wrote: If you use a 3rd party tool like QDNS, you can strip out addresses that were marked as unresolved, and try again. Addresses that were resolved the first time will still be in the file, and so won't be looked up, but addressed that weren't resolved the first time will be treated as new, and will be looked up, and some of them may resolve on the second run. (You could probably do the same with Analog by using grep or findstring to discard all the lines with * in the DNS cache file). That's what analog's DNSGOODHOURS and DNSBADHOURS do. -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ This is Henman's 8th Wimbledon, and he's only lost 7 matches. BBC, 2/Jul/01 + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] DNS reporting
Stephen Turner [EMAIL PROTECTED] wrote: On Fri, 14 Jun 2002, Aengus wrote: If you use a 3rd party tool like QDNS, you can strip out addresses that were marked as unresolved, and try again. Addresses that were resolved the first time will still be in the file, and so won't be looked up, but addressed that weren't resolved the first time will be treated as new, and will be looked up, and some of them may resolve on the second run. (You could probably do the same with Analog by using grep or findstring to discard all the lines with * in the DNS cache file). That's what analog's DNSGOODHOURS and DNSBADHOURS do. If you want to catch the handful of slow IP addresses that didn't resolve the first time, but might resolve a second time, you could set DNSBADHOURS to 1, but you'd still have to wait for an hour before you tried again. But I think the issue is somewhat moot - given that upwards of 1/3 of all addresses fail to resolve, there isn't really that much point in trying to pick up a handful of slow ip addresses by doing a second run of lookups immediately after the first. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] DNS reporting
On Sat, 15 Jun 2002, Aengus wrote: But I think the issue is somewhat moot - given that upwards of 1/3 of all addresses fail to resolve, there isn't really that much point in trying to pick up a handful of slow ip addresses by doing a second run of lookups immediately after the first. Agreed. -- Stephen Turner, Cambridge, UKhttp://homepage.ntlworld.com/adelie/stephen/ This is Henman's 8th Wimbledon, and he's only lost 7 matches. BBC, 2/Jul/01 + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
[analog-help] DNS reporting
I am using analog 4.02 on UNIX system. I just started DNS logging. It is writing to the file and doing DNS lookups, but there are IP addresses in the host report that aren't in the DNS log file. Also the DNS lookups return many more domains than show up in the host report. I have DNSFILE dnscache.txt and DNS WRITE in my config file. I expected that any domain names listed in the DNS cache file would replace the IP address listed in the host report and that all IP's would be listed in the DNS cache file. Thanks in advance! -- Natasha Rajack Gallaty Manager of Project Coordination Morris Digital Works voice: 706.828.2918 cell: 706.951.6041 AOL IM: natasha2918 www.morris.com + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] DNS reporting
Natasha R . Gallaty [EMAIL PROTECTED] wrote: I am using analog 4.02 on UNIX system. I just started DNS logging. It is writing to the file and doing DNS lookups, but there are IP addresses in the host report that aren't in the DNS log file. Also the DNS lookups return many more domains than show up in the host report. Can you post some examples? And be more specific in your terminology. The Host report reports hosts, not domains. I have DNSFILE dnscache.txt and DNS WRITE in my config file. I expected that any domain names listed in the DNS cache file would replace the IP address listed in the host report and that all IP's would be listed in the DNS cache file. You can expect about 1/3 of your hosts not to resolve at all. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] DNS reporting
I'm new at this, so please forgive my ignorance. But I thought the Host report shows the IP's of the computers that visited my site and that the DNS lookups translated the IP's into names. My confusion came from the fact that not ALL of the IP's listed in my Host Report are listed in my DNS cache file (I realize, now, that not all IP's will resolve). Also, not all of the names found by the DNS lookup are translated in the host report, but some are. Here is an example: From Host Report: 760: 0.59%: 216.239.46.26 (this IP is not found in dnscache.txt, but name resolves with nslookup) From dnscache.txt: 17066694 64.65.238.214 host-64-65-238-214.choiceone.net But the same IP from Host Report is not translated 512: 0.47%: 64.65.238.214 If I'm just confused about what the result is supposed to be, please let me know. Natasha Natasha R . Gallaty [EMAIL PROTECTED] wrote: I am using analog 4.02 on UNIX system. I just started DNS logging. It is writing to the file and doing DNS lookups, but there are IP addresses in the host report that aren't in the DNS log file. Also the DNS lookups return many more domains than show up in the host report. Can you post some examples? And be more specific in your terminology. The Host report reports hosts, not domains. I have DNSFILE dnscache.txt and DNS WRITE in my config file. I expected that any domain names listed in the DNS cache file would replace the IP address listed in the host report and that all IP's would be listed in the DNS cache file. You can expect about 1/3 of your hosts not to resolve at all. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 + + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
Re: [analog-help] DNS reporting
Natasha R . Gallaty [EMAIL PROTECTED] wrote: Here is an example: From Host Report: 760: 0.59%: 216.239.46.26 (this IP is not found in dnscache.txt, but name resolves with nslookup) That can sometimes happen if the server responsible for that IP address is slow. When you did the original lookup, it timed out before the response came back. When you did a subsequent lookup it worked. Normally, that kind of situation is lost in the noise of the 30% or so of hosts that don't resolve at all, and so it's ignored. If you use a 3rd party tool like QDNS, you can strip out addresses that were marked as unresolved, and try again. Addresses that were resolved the first time will still be in the file, and so won't be looked up, but addressed that weren't resolved the first time will be treated as new, and will be looked up, and some of them may resolve on the second run. (You could probably do the same with Analog by using grep or findstring to discard all the lines with * in the DNS cache file). From dnscache.txt: 17066694 64.65.238.214 host-64-65-238-214.choiceone.net But the same IP from Host Report is not translated 512: 0.47%: 64.65.238.214 If I'm just confused about what the result is supposed to be, please let me know. No, you're right, I would have expected that one to be used in the Host Report. I don't have any explanation of why it wouldn't be. In fact, when I put that line into a test DNS file, and put the IP number is a test log file, my Host Report does use the name. Aengus + | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to |http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at |http://www.mail-archive.com/analog-help@lists.isite.net/ |http://lists.isite.net/listgate/analog-help/archives/ |http://www.tallylist.com/archives/index.cfm/mlist.7 +
