Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 2078 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG making a significant amount of DNS queries to www.google.com.*

shred

I recently added Pi-hole as the DNS server for Sophos XG itself, and I’ve noticed in my Pi-hole logs that Sophos XG is making a significant amount of DNS queries to various google.x addresses, such as google.de, google.com.pr, google.to, google.com.af, etc. The most significant is google.com.tz where I’m seeing about 55k queries in the past 5 hours. Any ideas what’s causing this?



This thread was automatically locked due to age.
Parents
  • 0

    Hi . Thank you for reaching out to Sophos community team. Based on the issue description I am suspecting the FQDN host has been present or already configured on XG for the above domains and if that is the case then XG self  DNS lookup generating those queries. 

  • 0 in reply to Vishal_R

    Yep, they are the pre-configured FQDN hosts. I'm curious as to why there's so many DNS queries to some of them such as www.google.co.tz, www.google.com.tw, www.google.com.ar, etc. 240k+ queries in less than 24 hours on a single address seems like a lot.

Reply
  • 0 in reply to Vishal_R

    Yep, they are the pre-configured FQDN hosts. I'm curious as to why there's so many DNS queries to some of them such as www.google.co.tz, www.google.com.tw, www.google.com.ar, etc. 240k+ queries in less than 24 hours on a single address seems like a lot.

Children