Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 6661 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP notification on DC/DNS server

M.Rottler
Hey guys,

I already stated this question in the german forum, but no answer yet...

My ATP notified me yesterday in the morning with following message:

2015:05:19-07:57:04 UTM named[4492]: rpz: client 1**.1**.1.**#59998 (motiware.com): view default: rpz IP NXDOMAIN rewrite motiware.com via 32.37.26.70.109.rpz-ip.rpz 


I'm not quite sure where this error came from... The "client" is our 2nd DC and DNS server!

I couldn't find the IP 109.70.26.37 in the WebFiltering log...

Can anybody tell me what exactly could have happened here?

thanks a lot!

Max


This thread was automatically locked due to age.
Parents
  • 0
    109.70.26.37 doesn't appear to be the public name server for srv1.qxtbnkr.nl (the rDNS for that IP), so I would be suspicious.  If Web Filtering is enabled, you might be able to find which internal IP caused the Proxy to do a DNS query at 2015-05-19 07:57:04.  Was there any malware detected on that computer?

    Cheers - Bob
Reply
  • 0
    109.70.26.37 doesn't appear to be the public name server for srv1.qxtbnkr.nl (the rDNS for that IP), so I would be suspicious.  If Web Filtering is enabled, you might be able to find which internal IP caused the Proxy to do a DNS query at 2015-05-19 07:57:04.  Was there any malware detected on that computer?

    Cheers - Bob
Children
No Data