I tried to find an answer for this, but I couldn't find it. If someone has already posted this question, apologies...
I just turned DNS sinkholing and it works as expected for root domains, for example:
nslookup kntsv.nl returns the DNS sinkhole IP of 22.214.171.124.
If I do an nslookup of any subdomain of kntsv.nl, it returns a valid A record, for example:
nslookup testing.kntsv.nl returns the IP of 126.96.36.199.
My question... Why did the dns lookup for the subdomain work but not the root? I would think the Palo would mark *.kntsv.nl as malicious and return with the sinkhole IP.
Thanks in advance for the help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!