Thank you Malwina, That is exactly what I see in my local DNSs servers. A lot sites related to microsoft.com so I believe these are a false alarm. Can I whitelist them? I would prefer not to disable them, but whitelist somehow.
... View more
I have looked through Sysmon logs -22- DNS and don't see anything related to .win on both servers. Just see a bunch of Windows update links to Microsoft so I am not sure if this is false or this real.
... View more
thanks, I see them now: my DNS1 or DNS2 to ISP DNS (set up on local DNS servers 1&2) and I see them a lot. I have installed Sysmon on both DC/DNS1&2 but I don't see any .win query.
... View more
Thanks, I dont see any ".win" request in my local DNS logs so it seems like its external. Since we use MX is there any way to check these queries in the log and see what device requests it?
... View more
Hello, Not sure if this is something we should worry about: Suspicious .win dns query I have looked at local DNS(logs enabled) and I don't even see .win queries in the logs.
... View more
