Name server lookup error
search cancel

Name server lookup error


Article ID: 186311


Updated On:


CA App Synthetic Monitor DX Application Performance Management


We are monitoring an externally hosted application https://<website-name> from our OPMS within our internal network. Most of the time the results on the check are OK, however not always.

In the results of a failed check, We find that the IP was resolved properly:

CA App Synthetic Monitor Checkpoint www.<server-name> X0X0 IN A

Under Domain Analysis, there is a message:

Nameserver error on <server-name>: Cannot connect to the name server.

We would like to understand when OPMS (HTTPS monitor) performs the domain analysis. Is it only after a monitor check fails?

Does the message "Nameserver error on <server-name>. Cannot connect to the name server." means that OPMS cannot connect to <server-name> or our DNS cannot connect to <server-name>?


Release : SAAS

Component : CA ASM


Once a confirmed HTTPS check failure is detected, ASM will perform a set of additional checks that may help with diagnosing the issue. The result of these checks is attached to the original failed check result.
In this case these additional checks fail because they originate on the OPMS and the firewall policy on the network blocks some of the requests.

Domain analysis bypasses the DNS servers configured on the OPMS and does a recursive resolution from the root servers down. The error message means that the OPMS cannot connect to the nameserver <server-name> directly on port 53. Most likely the outbound port 53 is blocked on the firewall.

This is not necessarily a problem. Regular monitor checks respect the system DNS setting, so they will ask the local DNS server, which is allowed to connect through the firewall. Mentioned above, the local DNS server always resolves the correct IP address.