DNS calls to opnsense.emergingthreats.net

[vecchiostupido]

I have installed Suricata and I use the ET Telemetry. I also have a Pihole as my local DNS, resolves back to Unbound in OPNSense

The Pihole has hundreds of calls per minute  to opnsense.emergingthreats.net, see example from Pihole log below. The calls are from my OPNsense firewall (192.168.121.1), that's why I am posting on this forum

Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25
Nov 29 10:01:11 dnsmasq[580]: query[AAAA] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is NODATA-IPv6
Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25

I checked my Suricata logs and the Unbound logs in OPNSense, nothing going on (e.g. no calls out to 72.12.200.25 - Wintek.com - data provider).

Any suggestions on  how to diagnose what is going on ?

[dancwilliams]

Did you ever figure this out?  I am seeing the same thing!