05-20-2022 05:39 AM
I see quite a few no longer listening on 127.0.0.1#53, then the same message with the server's actual IP in the syslogs. Is this normal? It sounds like DNS is not available at those times.
05-22-2022 10:48 PM - edited 05-22-2022 10:48 PM
Do you know if someone has been making changes to DNS & performing service restarts etc ? If yes, your Audit logs should tell more. If nothing was done/restarted around that time & your monitoring systems didn't catch any downtime, this could be some sort of false positives too. I'd say you reach out to support if you continue to observe such instances without any restarts/audit traces