Virtual Appliance Commands

Follow

Comments

6 comments

  • Avatar
    idan

    hi dear

    I have a question about VA

    can i change the time zone, if can how i do this ?

     this is very important to me 

    thanks

    0
    Comment actions Permalink
  • Avatar
    Steve Gillespie

    The timezone on the VA cannot be changed from UTC, though this really should have no impact on you reporting wise.  Your dashboard can have a specific timezone set, though it's important to note that this only impacts what is displayed in the dashboard, as exported reports will still be in UTC. If you have any other questions or need further assistance, please reach out to Umbrella Support. 

    0
    Comment actions Permalink
  • Avatar
    iain.mcguire

    The docco above about nslookup is wrong. 

    If you query using just (for example) nslookup testing.com 

    The request does not "cause the VA to send the query to our public resolvers rather than to itself". It actually queries itself.

    0
    Comment actions Permalink
  • Avatar
    Steve Gillespie

    The logic for the VAs differs from other devices, as just running ``nslookup domain.com`` does in fact send the lookup to our public resolvers. The only way to make the VA query itself is to instead use ``nslookup domain.com 127.0.0.1``. 

    0
    Comment actions Permalink
  • Avatar
    iain.mcguire

    That is not my experience of how it works.

    If we query "nslookup <PUBLIC FQDN>" we get a different result than querying "nslookup <PUBLIC FQDN> resolver1.opendns.com"

    The output from the nslookup command on it's own, with no public DNS servers, says "Server 127.0.0.1 Address:127.0.0.1#53", which implies it queries itself. If you specify a public DNS server, it lists the public DNS server you specified in that output. 

    What appears to actually be happening, is when you run nslookup with no server, it queries itself, on port 53, then forwards the traffic out to a public resolver, over whatever method UVA appliances use to contact the public resolver. This is not unencrypted UDP port 53 DNS traffic, since we're currently dropping outgoing DNS on our perimeter firewalls, at this time. 

    In practice this means running "nslookup <PUBLIC_FQDN>" works, and returns a result, whereas running "nslookup <PUBLIC_FQDN> 208.67.222.222" fails.

    I understand that you can't run "nslookup <INTERNAL_FQDN>" and get a result returned, but that is not the same thing as it simply sends the lookup to the public resolvers, in the way an nslookup command traditionally does.

    0
    Comment actions Permalink
  • Avatar
    iain.mcguire

    Actually, i've just tested again, and running just "nslookup <INTERNAL_FQDN>" does return internal IPs from our internal DNS servers, per the policy running on the UVA appliance. 

    The docco is simply wrong.

    0
    Comment actions Permalink

Please sign in to leave a comment.