DNS query to problematic web site

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
samhk
L0 Member

DNS query to problematic web site

PA itself was generated the DNS queue of the domain that the management interface

Why would it come up with this action, and DNS proxy do not enabled.

Please kindly advise.

 

Log:
This host was detected performing a DNS lookup for the domain en[dot]wt1[dot]pw. Although no traffic was detected with the IP behind this domain, this domain is used to buy and sell credit card numbers, bank accounts, and other similar content.

LukeBullimore
L5 Sessionator

Hi,

 

If I understood your question correctly:

You will see DNS traffic come from the management interface when the firewall needs to refresh FQDN objects. There is also a correlating log for this that is shown as "dnsproxy" even if DNS proxy is not configured.

 

Hope this answers your question.

 

Thanks,

Luke.

 

samhk
L0 Member

HI,

 

The PA try to DNS lookup for the domain en[dot]wt1[dot]pw. But I do not see this domain en[dot]wt1[dot]pw on FQDN qbject.

Is it possible that PA would check some problematic domain that not in FQDN also?

Thanks

 

Sam

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!