ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Name server lookup error

book

Article ID: 186311

calendar_today

Updated On:

Products

CA App Synthetic Monitor NIMSOFT CLOUD USER EXPERIENCE MONITOR DX Application Performance Management

Issue/Introduction

We are monitoring an externally hosted application https://<website-name> from our OPMS within our internal network. Most of the time the results on the check are OK, however not always.

In the results of a failed check, We find that the IP was resolved properly:

CA App Synthetic Monitor Checkpoint www.<server-name> X0X0 IN A xxx.xxx.xxx.xxx

Under Domain Analysis, there is a message:

Nameserver error on <server-name>: Cannot connect to the name server.

We would like to understand when OPMS (HTTPS monitor) performs the domain analysis. Is it only after a monitor check fails?

Does the message "Nameserver error on <server-name>. Cannot connect to the name server." means that OPMS cannot connect to <server-name> or our DNS cannot connect to <server-name>?

Environment

Release : SAAS

Component : CA ASM

Resolution

Once a confirmed HTTPS check failure is detected, ASM will perform a set of additional checks that may help with diagnosing the issue. The result of these checks is attached to the original failed check result.
In this case these additional checks fail because they originate on the OPMS and the firewall policy on the network blocks some of the requests.

Domain analysis bypasses the DNS servers configured on the OPMS and does a recursive resolution from the root servers down. The error message means that the OPMS cannot connect to the nameserver <server-name> directly on port 53. Most likely the outbound port 53 is blocked on the firewall.

This is not necessarily a problem. Regular monitor checks respect the system DNS setting, so they will ask the local DNS server, which is allowed to connect through the firewall. Mentioned above, the local DNS server always resolves the correct IP address.