Discovery: "Include domain name in host name" doesn't seem to work reliably when DNS reverse lookups multiple IP addresses

mholmes · ‎05-27-2020

It's very important to us that the FQDN is used as the "name" for our CIs. For our purposes, the best source for hostnames in our environment is by far DNS, so trusting other sources such as SSH or WMI will not help.

Setting the value of the "Include domain name in host name" sys_property [glide.discovery.hostname.include_domain] to "true" works most of the time, but we keep getting outliers where only the first part of the hostname is used.

I've noticed that the failures are for devices where the DNS probe brings back results for multiple IP addresses.

Example:

<results probe_time="141" result_code="0">
    <result ip_address="XXX.XX.XX.01" result="resolved">
        <name>blahblah.mydomain.com</name>
    </result>
    <result ip_address="XXX.XX.XX.02" result="unresolved">
        <name/>
    </result>
    <result ip_address="XXX.XX.XX.03" result="unresolved">
        <name/>
    </result>
</results>

In this case, the name of the CI would be "blahblah." This is true even if "XXX.XX.XX.01" is set as the "IP Address" for the CI.

It is populating "blahblah.mydomain.com" in the "Fully qualified domain name" field, so it's not like it can't understand it. It's just not ending up in the main "Name" field.

Is there any way to change this behavior and tell it that if one of many reverse lookups is successful, then to use that result as the name?

doug_schulze · ‎05-27-2020

That actually takes place from data from the shazzam probe data. The DNS probe happens after the fact. So with that property checked you 'should' be getting name.domain.com. If that is not happening ensure that a DNS return for that IP is available from the shazzam input.

mholmes · ‎05-28-2020

What should I be looking for in the shazzam probe payload? I couldn't find anything obviously related to the IP Addresses or domain names in question.

Ashutosh Munot1 · ‎05-28-2020

HI,

Check for that DNS port

Thanks,
Ashutosh

mholmes · ‎05-28-2020

The DNS lookups are working as expected, I believe it's just a matter of ServiceNow's interpretation of the results when it is checking multiple IPs.

Laurent Dehove · ‎10-06-2020

Hello

We have exactly the same need.

But wasn't aware of that property 😞

We created extension section in the "server" pattern.

Which leads to same bad behaviour if multiple reverse are configured in DNS for an IP address. (But that helps to identify these erroneous configuration and clean them 😉 )

So we are interested by the answer of mholmes' question:

"Is there any way to change this behavior and tell it that if one of many reverse lookups is successful, then to use that result as the name?"