General:
Subject/Problem/Symptoms:
How to automate Windows agent communication for inventory scans, vulscans, and policy-based tasks through the CSA/gateway without the use of DNS.
Description/Details:
When an agent is out-of-band it will attempt to do a DNS lookup on the core server before directing traffic if the brokerconfig.exe is set to “Dynamically determine connection route”. If it gets a result other than “Host not found” or “Request could not find host” then it assumes it can communicate with the core server.
The issue that occurs is that many ISPs no longer allow for unlisted DNS entries, a requirement for CSA/gateway usage. This means when you try to reach core.domain.ext it will redirect you to another host, such as your ISP’s homepage web server. They assume you miss typed the address you are looking for and provide a re-direct. This means that the client will never contact the CSA/gateway because it believes it has reached the core.
This also resolves the issue of not being able to have a private and public DNS. (As long as your core is properly firewalled off from global traffic.)