Palo Alto Networks Knowledgebase: Where to Get a Suspicious DNS Query for Testing DNS Sinkhole

Where to Get a Suspicious DNS Query for Testing DNS Sinkhole

5119
Created On 02/07/19 23:37 PM - Last Updated 02/07/19 23:38 PM
Resolution

Just for testing, download and install the second highest antivirus update and check the release notes of the highest antivirus updates. Get the Suspicious DNS Query from it, then do a test.

 

For example, download and install 1594-2071 and check the release notes of 1595-2072. In the release notes of 1595-2072, search 'Suspicious DNS Query,' and you'll see results like:

 

Suspicious DNS Query (generic:akrqbqpgs1 variants: net)


Now, run the following command on cmd nslookup akrqbqpgs.net to get the DNS Sinkhole Address.



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3QCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language