Domain
Last updated
Was this helpful?
Version 6.30
Last updated
Was this helpful?
A domain is an object that represents a realm of administrative authority on the Internet and is identified by a name. Domain names are formed using the rules and procedures described in the Domain Name System (DNS). Domain names are organized into levels (subdomains), being the top-level domains the country codes, and the well-known com, org, net or edu, among others. Organizations typically register second or third-level domain names through accredited registrar companies to publicly offer their services on the Internet; for example www.nexthink.com. Note that subdomain levels in a domain name are inversed with respect to their hierarchy (top-level subdomains are placed last). The main purpose of the DNS is to identify areas of the Internet with easy to memorize names and to translate those names into numerical IP addresses that routing devices understand. A complete domain name with all levels specified is known as a Fully Qualified Domain Name (FQDN).
Domain names are a central part of Uniform Resource Locators (URLs), which reference individual resources in the Internet; for example http://www.nexthink.com/what-is-nexthink/. A URL can refer to a web page, a text file, an image, a video stream or any other kind of resource in the Internet. The first part of a URL is called the scheme. The scheme usually designates the protocol used in the connection, such as ftp or http. In web browsers, users typically type URLs in the navigation bar to retrieve a particular web page, but other applications may use URLs internally to get information from the Internet without necessarily displaying them.
Nexthink records the domains of all the web requests initiated from a monitored device, regardless or the application that made the request. Nexthink considers a connection to be a web request when the scheme of the URL is http or https; that is, when the connection uses the Hypertext Transfer Protocol (HTTP) or the Hypertext Transfer Protocol Secure (HTTPS), which is an encrypted version of HTTP with Transport Layer Security (TLS).
To avoid storing too many names for web domains, Nexthink has a strategy for compacting the names of those domains that share a common root, grouping them under a single name. On the other hand, are never compacted. In turn, domains that match the pattern defined in a are compacted only up to the point that the specified filters allow it. For instance:
If a web-based service has a filter on domains *.example.com: A web request to mail.example.com is compacted to *.example.com.
However, if an additional web-based service specifies the filter on domains mail.*.com: The domain mail.example.com is not compacted, as it must match both filters.
By default, Nexthink compacts domains when the domain name consists of more than five subdomain levels, or when the third or lower levels are repetitive (names with indexes) or automatically generated (random letters and digits). In those cases, the lower subdomains are replaced by the asterisk sign *. See the table below for a few examples of compacted domains and a last example of a domain that is not compacted:
exceed.just.five.domain.levels.com
again.exceed.just.five.domain.levels.com
*.just.five.domain.levels.com
dev01.cloud.example.com
dev02.cloud.example.com
8d271d.cloud.example.com
*.cloud.example.com
svn.cloud.example.com
svn.cloud.example.com
Note that compacted domains and FQDNs belonging to a same higher level domain can coexist in Nexthink. For instance, in the table above, both the compacted *.cloud.example.com and the FQDN svn.cloud.example.com are subdomains of cloud.example.com, but they are stored as separate domains in the Nexthink database. Thus, the asterisk does not refer to all the subdomains inside cloud.example.com, but only to those which are repetitive or randomly generated.
You can also specify a more aggressive compaction method that applies to all domains and not only to those complying with the pre-requisites above. The compaction in this case is made according to a , used to determine the highest level at which a domain can be registered. In this way, all domains are compacted up to the level that includes the name of the organization that registered the domain. From the Web Console, in the Engine.
Because web visits are very common, medium to large setups hit the maximum number of visited domains often, even when aggressive compaction methods are put in place.
To keep the list of visited domains up-to-date, starting from V6.18 the Engine reserves 20% of the maximum number of domains (by default, 50 000 out of 250 000 domains) to record the domains visited throughout the day. During , if the number of stored domains exceeds 80% of the total capacity (by default, 200 000 domains), the domains which have not been visited for a longer period of time will be removed from the list.
The following categories exist:
General:
Business application
Search engine and portals
Information technology
Social
News and information
Advertisement and marketing
Internal
Other
Communication:
VoIP [beware of special capitalization]
Instant messaging
High bandwidth:
Network storage
Peer-to-peer
Video, image and sound
Potentially unwanted:
Games
Proxy avoidance and hacking
Spam
Freeware and software download
Malicious
RELATED TASKS
RELATED CONCEPT
RELATED REFERENCES