Domain

A domain is an object that represents a realm of administrative authority on the Internet and is identified by a name. Domain names are formed using the rules and procedures described in the Domain Name System (DNS). Domain names are organized into levels (subdomains), being the top-level domains the country codes, and the well-known com, org, net or edu, among others. Organizations typically register second or third-level domain names through accredited registrar companies to publicly offer their services on the Internet; for example www.nexthink.com. Note that subdomain levels in a domain name are inversed with respect to their hierarchy (top-level subdomains are placed last). The main purpose of the DNS is to identify areas of the Internet with easy to memorize names and to translate those names into numerical IP addresses that routing devices understand. A complete domain name with all levels specified is known as a Fully Qualified Domain Name (FQDN).

Domain names are a central part of Uniform Resource Locators (URLs), which reference individual resources in the Internet; for example http://www.nexthink.com/what-is-nexthink/. A URL can refer to a web page, a text file, an image, a video stream or any other kind of resource in the Internet. The first part of a URL is called the scheme. The scheme usually designates the protocol used in the connection, such as ftp or http. In web browsers, users typically type URLs in the navigation bar to retrieve a particular web page, but other applications may use URLs internally to get information from the Internet without necessarily displaying them.

Nexthink records the domains of all the web requests initiated from a monitored device, regardless or the application that made the request. Nexthink considers a connection to be a web request when the scheme of the URL is http or https; that is, when the connection uses the Hypertext Transfer Protocol (HTTP) or the Hypertext Transfer Protocol Secure (HTTPS), which is an encrypted version of HTTP with Transport Layer Security (TLS).

Domain compaction

To avoid storing too many names for web domains, Nexthink has a strategy for compacting the names of those domains that share a common root, grouping them under a single name. On the other hand, internal domains are never compacted. In turn, domains that match the pattern defined in a web-based service are compacted only up to the point that the specified filters allow it. For instance:

  • If a web-based service has a filter on domains *.example.com: A web request to mail.example.com is compacted to *.example.com.

  • However, if an additional web-based service specifies the filter on domains mail.*.com: The domain mail.example.com is not compacted, as it must match both filters.

By default, Nexthink compacts domains when the domain name consists of more than five subdomain levels, or when the third or lower levels are repetitive (names with indexes) or automatically generated (random letters and digits). In those cases, the lower subdomains are replaced by the asterisk sign *. See the table below for a few examples of compacted domains and a last example of a domain that is not compacted:

Domain nameStored domain

exceed.just.five.domain.levels.com again.exceed.just.five.domain.levels.com

*.just.five.domain.levels.com

dev01.cloud.example.com dev02.cloud.example.com 8d271d.cloud.example.com

*.cloud.example.com

svn.cloud.example.com

svn.cloud.example.com

Note that compacted domains and FQDNs belonging to a same higher level domain can coexist in Nexthink. For instance, in the table above, both the compacted *.cloud.example.com and the FQDN svn.cloud.example.com are subdomains of cloud.example.com, but they are stored as separate domains in the Nexthink database. Thus, the asterisk does not refer to all the subdomains inside cloud.example.com, but only to those which are repetitive or randomly generated.

You can also specify a more aggressive compaction method that applies to all domains and not only to those complying with the pre-requisites above. The compaction in this case is made according to a vendor independent public list of domain suffixes, used to determine the highest level at which a domain can be registered. In this way, all domains are compacted up to the level that includes the name of the organization that registered the domain. From the Web Console, configure the compaction policy for domain names in the Engine.

Domain replacement

Because web visits are very common, medium to large setups hit the maximum number of visited domains often, even when aggressive compaction methods are put in place.

To keep the list of visited domains up-to-date, starting from V6.18 the Engine reserves 20% of the maximum number of domains (by default, 50 000 out of 250 000 domains) to record the domains visited throughout the day. During the nightly cleanup of the Engine, if the number of stored domains exceeds 80% of the total capacity (by default, 200 000 domains), the domains which have not been visited for a longer period of time will be removed from the list.

Domain category

The following categories exist:

General:

  • Business application

  • Search engine and portals

  • Information technology

  • Social

  • News and information

  • Advertisement and marketing

  • Internal

  • Other

Communication:

  • VoIP [beware of special capitalization]

  • Instant messaging

  • Email

High bandwidth:

  • Network storage

  • Peer-to-peer

  • Video, image and sound

Potentially unwanted:

  • Games

  • Proxy avoidance and hacking

  • Spam

  • Freeware and software download

  • Malicious


RELATED TASKS

RELATED CONCEPT

RELATED REFERENCES

Last updated