Enhancement/BugFix- Skip DNS lookups when configuring storage systems by IP address

[nbarry]

When configuring 3PAR storage integration Veeam B&R appears to connect, verify WSAPI connectivity and SSH, but during the storage scan step it appears to perform a reverse DNS lookup of the entered IP, then attempt to connect to the hostname returned by the PTR record, rather than the originally entered IP address. When there are stale PTR records in the environment this can cause interesting behavior and an inability to successfully add a 3PAR to B&R until the stale entries are removed and all DNS caches flushed from the application by a server reboot.

Request: When entering an array by IP address, completely skip all DNS logic.

[Andreas Neufert]

My understanding is that this is not possible because of the secure communication and ceritifcates.

[foggy]

Hi Nathan, we will discuss if it is possible internally, thanks for the feedback.

[nbarry]

Thanks for the response- Andreas- if you are using self-signed certificates however, and already accepted the certificate thumbprint, why would the additional reverse/ forward/ then connect to that result be necessary? It also ends up connecting to a completely separate endpoint if there are DNS issues

[Andreas Neufert]

Certificate is for a DNS name not IP address.

[nbarry]

Correct- but this check occurs AFTER you have clicked accept that you do not care about the certificate and the ssh thumbprint is valid.
My enhancement request is basically if using IP> skip all DNS, simply prompt for acceptance of ssl thumbprint & ssh thumbprint, and connect.

[Andreas Neufert]

I think this is not how it works from security perspective.

There is no certificate for the IP address. So we can not check the validity of the connection without the DNS in place.
It is one think to accept a specific certificate that is not trusted by Windows (and implemented CA authorities) but to not verify if the counterpart is actually the system that belongs to the certificate is not correct.

Anyway we do not have plans to implement such functionality.

Maybe you can avoid the reverse lookup by using the FQDN of the system in the first place then the usual A record is used to find out the IP.