02-13-2017 11:33 AM
We're running Airwave 188.8.131.52, and I've basically ignored Clarity until now, when I'm poking around at it trying to see what it'll tell me.
Under the DNS results, I discovered that it was reporting DNS server failures for several hundred DNS "servers" - the addresses were all wireless clients on our network. But only 600 - out of approximately 32K client addresses on our wireless.
Any idea why these clients are being reported as failed servers? The real servers show up in the same list with sucessful results. DNS servers that aren't ours are showing up in the list, which makes sense. It's the wireless clients being reported as DNS servers that is perplexing me.
Carnegie Mellon University
02-14-2017 03:16 AM
Could it be that some of your clients have installed some kind of DNS service (proxy or server)?
We see some failed DNS in our Clarity also, but that is because we block access to external DNS servers from clients (to force them to use our DNS servers).
02-14-2017 02:51 PM
It could be all kinds of things. A slow scan for DNS servers, but a really well paced one! But since the clients IPs showing up are scattered across multiple SSIDs and vlans, and no pattern has jumped out at me, I was more interested in trying to figure out what Clarity is really reporting.
Since the report is showing singular time-outs for things that aren't expected to answer, I haven't figured out how to get more info from (Airwave/Clarity) to help me track down the source/cause. It may be that this is not working on my installation (184.108.40.206) but I can't even filter for an IP address or partial, to see if there is a pattern. And the lack of any kind of relationship to a time-stamp means it's "yeah - that happened."
Obviously, if I could filter on my known, wanted servers, and display them all at once - I could see if there was a problem with our wanted DNS service. I'm intrigued by these failures only as a curiosity, but Clarity doesn't give me any info to track it down.
Or does it, and I just haven't been able to figure that out? I haven't found any documentation on it. Any pointers to documentation I've missed?