I am testing Anti-Spyware DNS sinkhole. I set:
I make policy with this profile.
For most DNS-names in category “Malware” и “Command and Control” (https://threatvault.paloaltonetworks.com/) i see nslookup answer, for example:
And it is good.
But for two DNS-names: namecha.in, 4cdf1kuvlgl5zpb9.pmr.cc (Malware category too) sinkhole is not working and i see ip-adresses in nslookup answer.
What can be wrong? I need advice.
Yes, i can make my own external dynamic list, but why standart not working for malware?
Solved! Go to Solution.
While namecha.in is present in the PAN-DB URL Classifications it doesn't look like it currently actually has an active DNS Signature in place, which is what the Sinkhole process would trigger on. It was first released in 2732, but it's not showing as being active in a current release. The other domain has the same issue, it isn't showing as having a current active signature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!