Patrick-Dussault

Tech Tip : CA Single Sign-On : Web Agent :: ACO : DisableDNSLookup Precisions

Discussion created by Patrick-Dussault Employee on Nov 18, 2016

Question :

 

I would like to know:

 

    With DisableDNSLookup set to NO, does the Web Agent do a Reverse DNS Lookup when it receives a request with IP Address instead of a Fully Qualified Domain Name in the URL ?
    When DisableDNSLookup set to NO, how does the Web Agent do the reverse DNS Lookup ?
    Does DisableDNSLookup concerns also Direct DNS Lookup as requesting the IP Address from the FQDN ?

 

Environment :

 

SiteMinder 12.5 and above

 

Answer:

 

Here are the answers :

 

    Yes it does. And this is to prevent that behavior that the DisableDNSLookup=YES will disable these reverse dns requests
    We can see it by Web Agent logs and network traces :

 

    DisableDNSLookup=NO

 

    [05/30/2014][05:35:51][22507][1143875904]
    [CSmHttpPlugin.cpp:345][CSmHttpPlugin::ProcessResource]
    [0000000000000000000000000100007f-57eb-538850f7-442e2940
    -20911d680bbd][][][][][][Resolved HTTP_HOST:
    '10.130.210.102'.]
    [05/30/2014][05:35:51][22507][1143875904]
    [CSmHttpPlugin.cpp:3772][Entered CSmHttpPlugin::
    ResolveFQServerName sHost: ][][][][][][][10.130.210.102]
    [05/30/2014][05:35:51][22507][1143875904]
    [CSmHttpPlugin.cpp:426][CSmHttpPlugin::ProcessResource]
    [0000000000000000000000000100007f-57eb-538850f7-442e2940
    -20911d680bbd][][][][][][Resolved hostname:
    'duspa01-u117478.ca.com'.]

 

    372 8.522751 10.130.210.102 141.202.205.74
    DNS Standard query PTR 102.210.130.10.in-addr.arpa
    688 15.368671 141.202.205.74 10.130.210.102
    DNS Standard query response PTR duspa01-u117478.ca.com

 

    DisableDNSLookup=YES

 

    [05/30/2014][05:39:37][22617][1124198720]
    [CSmHttpPlugin.cpp:345][CSmHttpPlugin::
    ProcessResource][0000000000000000000000000100007f
    -5859-538851d9-4301e940-96f46700a385][][][][][]
    [Resolved HTTP_HOST: '10.130.210.102'.]
    [05/30/2014][05:39:37][22617][1124198720]
    [CSmHttpPlugin.cpp:3772][Entered CSmHttpPlugin::
    ResolveFQServerName sHost: ][][][][][][]
    [10.130.210.102]
    [05/30/2014][05:39:37][22617][1124198720]
    [CSmHttpPlugin.cpp:3848][CSmHttpPlugin::
    ResolveFQServerName: isIP][][][][][][]
    [10.130.210.102]
    [05/30/2014][05:39:37][22617][1124198720]
    [CSmHttpPlugin.cpp:3967][CSmHttpPlugin::
    ResolveFQServerName, DNSLookups disabled,
    checking to see if cookiedomain added!][]
    [][][][][][10.130.210.102]
    [05/30/2014][05:39:37][22617][1124198720]
    [CSmHttpPlugin.cpp:426][CSmHttpPlugin::
    ProcessResource][0000000000000000000000000100007f
    -5859-538851d9-4301e940-96f46700a385][][][][][]
    [Resolved hostname: '10.130.210.102'.]

 

    and no request in the network traces.
    Name and Addresses resolutions are done using the POSIX API :

 

    getaddrinfo() : to resolve IP Address from a FQDN
    getnameinfo() : to resolve FQDN from an IP Address
    No, it concerns only Reverse DNS Lookup.

 


KB : TEC612510

Outcomes