I have couple of questions about some McAfee SIEM configuration issues which we are dealing with. I will open separate discussion for each of them, but firstly:
How can I add another DNS server (tertiary, quaternary) for the SIEM to lookup datasource hostnames? We have 2 subnets and I need to search both of them for the hostnames. Is it possible? Thank you
Sorry, but independent of the SIEM, that's not how DNS works. So long as the first server responds, even if that response is NXDOMAIN, that's the response. The DNS server asked needs to be unresponsive before the next server is queried.
If possible, the easiest workaround would be to make one of the servers secondary to the other and transfer the zone so that it can respond with all of the information for both subnets.
Hello Andy. Thank you for the answer. There is no need to "appologize", I understand that. I know, how DNS works, I just thought, If someone already faced this kind of situation and have some workaround. I guess, I didn't expressed myself in the right way. Sorry for that. Your proposed workaround is not possible in our situation, but thanks again for the answer. Any other workarounds besides that?
do you try to set both ov your DNS server in the Network Settings of your ESM?
ESM Properties "System properties" --> network Settings --> Interface 1 Setup --> DNS Server 1 AND DNS Server 2
NEXT STEP Configure a static route System properties ---> Network Settings --> Static Routes. (Maybe for both DNS- Server