Cisco Support Community
Community Member

Top Senders report "No Domain Information"

In the Top Senders report, our largest graph at the top states No Domain Information. For clean messages this is 367. The next line item is, which for clean messages is 41.

What is "No Domain Information"? Why can't it determine the domain?

Top Senders by total Threat Messages shows
No Domain Information 34.6 k
localhost 1,847 684 537

Top Senders by Clean Messages show
No Domain Information 367 41 27

Community Member

Re: Top Senders report "No Domain Information"

That category is for IP addresses with no reverse DNS information (that is, no PTR records).

Community Member

Re: Top Senders report "No Domain Information"

(Provided as extra info on dlnash:)

Most likely your own downstream mail servers can not be (reversed DNS) resolved by the Ironports. This is expected when you use the default Ironport DNS configuration (used root servers). I assume your downstream systems use a private range IP and those can never be resolved by the public DNS system.

It might be a solution to use your local DNS server for your Ironport….. but be very careful, Ironport generates a massive load on your DNS system.


Community Member

Re: Top Senders report "No Domain Information"

One way to deal with the load that IronPort appliances place on DNS servers is to have a dedicated set of DNS servers specifically and exclusively for them, with a little hot-wiring so they know how to find the zones for your RFC 1918 space.

You may even be able to prevent these servers from caching anything. The IronPorts do their own DNS caching, so these external servers don't need to do so as well. They just need to be a conduit that can send queries to the right places. Eliminating caching on these servers means they won't consume very much memory (and also eliminates one avenue of cache poisoning attacks). They'll just need enough CPU and network bandwidth to handle the query rate that the IronPorts will generate. And let's face it, DNS processing isn't very hard. IronPort units generate a flood of DNS while still managing to do all the really heavy lifting they do, and all on reasonably inexpensive (for enterprise-grade, anyway) commodity hardware.

CreatePlease to create content