NNR in a UNIX environment

Occasional Contributor

Hi, we’re having a DC which is getting isolated via its own AD subnet as it only serves our backup procedure rather than providing any other service to the domain. Because of the nature of the AD, there is still an A record for the domain pointing to this server and some non Windows devices getting to it via round robin. These are mainly UNIX devices, because they don’t support the AD site concept. When looking at the NNR options, I do believe that the only supported option in an enterprise environment is DNS. This DC is constantly getting flagged that it is not able to resolve 90% of the hosts, as it can “only” resolve via DNS. Is there a way of handling this problem better or am I wrong with my interpretation of this health alert?


4 Replies
Which methods are mentioned in the alert as failing more than 90% of the time?
Also, you mention the device is isolated, but it appears it accepts connections from outside or else the sensor would not try to NNR them... it only happens as a response to incoming connection.
The message I am getting is “x sensor/s failed more than 90% of the time when doing active resolution using NetBIOS, RDP over TLS, RPC over NTLM and reverse DNS. It might affect detection capabilities and increase amount of FPs”. We have 10 AD sites configured of which 9 have subnets with clients assigned to them. 1 site contains only the DCs IP as a subnet. That’s the isolation I am referring to. As mentioned, the A record for the domain is still assigned to the IP of this server, hence the UNIX devices are finding it. Reverse DNS is working, but none of the other 3 options as they are Windows proprietary or require to be on the same subnet as the DC.
That's a problem...
in theory you can disable some of the methods, but it will be for the entire workspace, so it won't be a good idea.
We are working to find better ways to do NNR with non windows machines, but not something I can share an ETA about.
Thanks for your response