As of a couple of days ago our bind server is sending tons of dns lookups to this IP address 188.8.131.52. All of our outbound traffic goes through a cisco asa botnet filter. The botnet filter identified this as a malware site. I can't determine that, its registered to VeriSign Global Registry Services and its not showing up on any spam databases.
So why is my bind server hammering this one IP address with dns lookups?