See which SC alias a client connects to?

Hi,

Thanks for your question. Which version of OneFS are you using? Try the command isi network interfaces list. There may be some information here as well. https://dell.to/3ZGngoW

Let us know if you have any additional questions.

Page 448 https://dell.to/3kRIsJQ

Thanks but I'm not looking for configuration details.

I'm looking for a way to see which DNS hostname the clients themselves are connecting to.

Lets say I have a smart connect zone named sc1 and an alias called sc1a... clients can then connect to both sc1 an sc1a, but I don't know which one they are using.

I need to know if its "safe" to delete sc1a without clients losing their connection. And the only way to do that is to know if sc1a is being used or not, via some sort of access log or something(I've looked at the protocol audit logs, but they don't seem to log the sc name..).

Again, that just lists the configuration.

I can easily see what SC aliases I have configured on the Isilon, but I need to know if they're used or not.

What I'm after is more like "isi statistics client list". But there I can only see the node IP they're connecting to. I want to know what DNS name/alias they're using to connect to the Isilon.

We migrated all shares of another NAS to the Isilon, and then just pointed the DNS of the old storage to the Isilon and configured it as an SC alias. Now I need to know if any clients are still using that old NAS DNS name to connect to the storage, so I know if I can safely delete the old name/alias or not.

I haven't been able to find a command that does that. That link has all of the commands.

Maybe the only way it to move the SC alias to its own pool, then I can at least see if those IPs get used.

On the cluster most likely not as the SmartConnect Service (which is a "souped up" DNS server by itself) gets contacted "on behalf of" by the client's DNS server - thats how DNS works. Client's dont get sent to forwarders, the DNS servers go and get the info. So in the SC-log you would always see the same few IPs as "query-clients".

Maybe you could run wireshark in front of your Client's DNS servers, filtering for specific DNS query (the SC alias you are looking for).

https://www.wireshark.org/lists/wireshark-users/201206/msg00050.html

So something like dns.qry.name contains/matches "sc1a.mydomain.com"

Or have your firewall team setup a layer4+ fw-rule (ngfw/tp level) that matches on application type "dns" with filter on name "sc1a.mydomain.com" then action allow with log. Kind of what happens in next-gen/threat prevention/botnet defense firewall functions simply looking for well known botnet/C&C Server DNS names. Heck, one could even write a simple IoC thread feed source for the firewall containing all desired DNS names as if it were known botnet/C&C server names and have hits be logged/monitored instead of the usual drop