We have had an ATP alert at one of our sites, so I went back a bit in history and found other, older alerts.
When looking at this line, I don't quite understand what this guy is trying to do?
2021:09:16-08:44:20 ssl2 named: rpz: client @0xcc6a710 172.28.2.131#52987 (ww7.pmdtc.org): view default: rpz IP NXDOMAIN rewrite 72450.bodis.com via 22.214.171.124.199.rpz-ip.rpz
Thanks for any hint.
I'm no BIND guru, Philipp, but if you Google NXDOMAIN rewrite, you'll find information about this.
Just curious, what did the ATP alert look like?
Cheers - Bob