Why is there an IP address instead of a host name?

book

Article ID: 159717

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Name resolution (DNS, WINS, host files, etc.) can fail to convert an IP address into a host name.

Resolution

General name resolution troubleshooting information:

Everything on the Internet uses IP addresses.  A name resolution service (DNS, WINS, host files, etc.) is used to convert IP addresses into a human readable host name or fully qualified domain name.

When an incident has an IP address instead of a host name or domain name, it is because the name resolution service timed out or failed.

To diagnose the problem, get an IP address (IP) from an incident.  Then on the Enforce server start a command line window and run the following commands. (The commands and output are very similar on Windows, Unix and Linux.)

c:\> nslookup
Default Server: <host>
Address: <IP>
> (IP)

If the IP address can't be found, the results will look something like the following:

Server: <host>
Address: <IP>

*** <host> can't find (IP): <reason>

The <reason> can be self-explanatory, or it can be looked up on the web.  For example, there are times when an IP address does not have a name, and thus name resolution will always fail. 

If the lookup is successful, the results will look like the following:

Server: <host>
Address: <IP>

Name: (hostname)
Address: (IP)

There are many resources out on the Web to assist in resolving DNS issues, such as www.Microsoft.com, www.techrepublic.com, etc.

Specific DLP application notes:

If you are using a script lookup of some sort for the name resolution, then the lookup (and troubleshooting) is done on the Enforce server.