digital4rensics
commented
11 years ago This is definitely something that's important. I've successfully tested left hand wildcards before. Did you try running the right hand wildcard and it failed?
I'll try to test this today, and if it doesn't work, figure out why this one doesn't but left-handed wildcards do.
EDIT Tested and remembered why this wouldn't work (as implemented) :-) Thanks, I'll add it to the to-do!
Some malware use uncommon subdomains on dyn DNS providers, example from http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html if you search for piping.* for RRSet you end up finding piping.dyndns-server.com which looks suspicious (fluxing a lot towards IPs in the same range)