cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NNR in a UNIX environment

Nonsaho
Copper Contributor

‎Mar 17 2021 02:11 PM

‎Mar 17 2021 02:11 PM

NNR in a UNIX environment

Hi, we’re having a DC which is getting isolated via its own AD subnet as it only serves our backup procedure rather than providing any other service to the domain. Because of the nature of the AD, there is still an A record for the domain pointing to this server and some non Windows devices getting to it via round robin. These are mainly UNIX devices, because they don’t support the AD site concept. When looking at the NNR options, I do believe that the only supported option in an enterprise environment is DNS. This DC is constantly getting flagged that it is not able to resolve 90% of the hosts, as it can “only” resolve via DNS. Is there a way of handling this problem better or am I wrong with my interpretation of this health alert?

Thanks

1,045 Views
0 Likes
4 Replies
Reply
4 Replies
Eli Ofek

‎Mar 18 2021 03:01 AM

‎Mar 18 2021 03:01 AM

Re: NNR in a UNIX environment

Which methods are mentioned in the alert as failing more than 90% of the time?
Also, you mention the device is isolated, but it appears it accepts connections from outside or else the sensor would not try to NNR them... it only happens as a response to incoming connection.
0 Likes
Reply
Nonsaho

‎Mar 18 2021 07:40 AM

‎Mar 18 2021 07:40 AM

Re: NNR in a UNIX environment

The message I am getting is “x sensor/s failed more than 90% of the time when doing active resolution using NetBIOS, RDP over TLS, RPC over NTLM and reverse DNS. It might affect detection capabilities and increase amount of FPs”. We have 10 AD sites configured of which 9 have subnets with clients assigned to them. 1 site contains only the DCs IP as a subnet. That’s the isolation I am referring to. As mentioned, the A record for the domain is still assigned to the IP of this server, hence the UNIX devices are finding it. Reverse DNS is working, but none of the other 3 options as they are Windows proprietary or require to be on the same subnet as the DC.
0 Likes
Reply
Eli Ofek

‎Mar 18 2021 05:03 PM

‎Mar 18 2021 05:03 PM

Re: NNR in a UNIX environment

That's a problem...
in theory you can disable some of the methods, but it will be for the entire workspace, so it won't be a good idea.
We are working to find better ways to do NNR with non windows machines, but not something I can share an ETA about.
0 Likes
Reply
Nonsaho

‎Mar 18 2021 10:27 PM

‎Mar 18 2021 10:27 PM

Re: NNR in a UNIX environment

Thanks for your response
0 Likes
Reply