talosintelligence.com domain requests
-
I don't know what it was but I ended up blowing everything away and starting over, now running with ESXi underneath and 2.4.5p1 and this issue is no longer happening.
-
Are you seeing "any" of those A queries for what looks to be IP addresses?
-
@johnpoz No I wasn't these were only DNS queries in the DNS reply tab under reports.
-
Oh my bad - I might of confused this thread with a different one, where there was A queries for stuff like 080.010.149.001, etc..
Sorry.. Forget I asked that question ;) hehehe
-
Just wanted to provide an update to this thread as someone helped me find the issue that was causing this.
NtopNG has threat feeds in it now and when it can't get to one of the feeds it just keeps trying and trying.
To disable you have to go into the admin interface go to settings and category lists and then disable the offending list giving you an issue. I went ahead and disabled all of them since this was such a problem to find as well as these lists seem to go up and down and I don't want it to just keep trying (outside of its setting to only pull them down daily).
