This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Excessive DNS lookups from

I noticed on my DNS server that sophos does a lot of lookups to subdomains on
We use OpenDNS for our employees, and we were getting to our limit because of this.  I have since moved the querys to googleDNS, but would like some more info on why sophos does so many lookups to these domains.  Is it a reverse DNS lookup to check websites?

1     *  Actions      293,593
2     *  Actions      196,023
3     *  Actions      195,297
                                                          Total 684,913 in one week


This thread was automatically locked due to age.
  • These lookups are part of the Sophos Web protection feature. When Block access to malicious websites is enabled Sophos uses these queries to determine whether the site you want to access is known to host malware.

    Similar lookups are used for Live Protection and the associated optional sending of samples. 


  • I just came across the same issue SEC 5.1 with 10.2 Clients, we have around 100000 requests to

    http://http.** and turning off Live protection and / or web-control does NOT fix this issue.

    We have our own List of "Blocked" Websites so we dont want this behaviour and cant seem to get rid of these "online checks".