I tried to find an answer for this, but I couldn't find it. If someone has already posted this question, apologies...
I just turned DNS sinkholing and it works as expected for root domains, for example:
nslookup kntsv.nl returns the DNS sinkhole IP of 126.96.36.199.
If I do an nslookup of any subdomain of kntsv.nl, it returns a valid A record, for example:
nslookup testing.kntsv.nl returns the IP of 188.8.131.52.
My question... Why did the dns lookup for the subdomain work but not the root? I would think the Palo would mark *.kntsv.nl as malicious and return with the sinkhole IP.
Thanks in advance for the help.
Solved! Go to Solution.