This is a real life sample alert from the indeni alert guide for Check Point Firewalls.
NOTE: While the alert described here is for Check Point firewalls, the same logic applies with other devices that are sensitive to DNS response times. The difference would be in the information provided.
DNS is configured on this device, but it is responding to queries more slowly than required. The measured response time for a query for www.indeni.com is 7456 milliseconds while the threshold for alerting is 250 milliseconds.
DNS response time is important for certain functions, such as Domain Objects. For more information, read SK41632.
Possibly Problematic DNS Servers:
Manual Remediation Steps:
Review the DNS configuration, firewall rules, routing tables and other elements of the network to determine the cause.
How does this alert work?
indeni runs the command “nslookup www.indeni.com” (or the respective command for the given device being analyzed) every hour and times how long it takes to complete it. To avoid false positives, indeni includes a number of mechanisms that ensure the accuracy of the results. The address “www.indeni.com” is configurable.