Manage DNS Sinkhole Settings
Focus
Focus
Advanced DNS Security Powered by Precision AI®

Manage DNS Sinkhole Settings

Table of Contents

Manage DNS Sinkhole Settings

Where Can I Use This?What Do I Need?
  • Strata Cloud Manager
  • Advanced DNS Resolver License
The sinkhole is used to redirect malicious or otherwise unwanted DNS queries to a non-routable IP address, which provides a controlled environment to assist in identifying infected systems that attempt to connect to malicious domains. Palo Alto Networks provides a default sinkhole server; alternately, you can also use custom server of your choosing. Additionally, if you decide to use the default sinkhole server, you can also enable and configure a block page that is displayed to users when they attempt to query a malicious DNS server.
  1. Log in to the Strata Cloud Manager on the hub.
  2. Select ManageConfigurationADNS Resolver.
  3. In the DNS Sinkhole Settings, select the edit icon
    to modify your DNS sinkhole configuration.
  4. You can use the default Palo Alto Networks Sinkhole or select Custom to define your own. If you decide to use a custom sinkhole, provide the IP Address/FQDN of the server.
    • Custom Sinkhole
      • Select Custom and provide the IP Address/FQDN of the server.
        Custom DNS sinkhole servers must have an IPv4 address and a custom root certificate.
    • Palo Alto Networks Sinkhole
      • Select Palo Alto Networks Sinkhole and provide the following details:
        1. (Optional) For custom block pages, specify an image (up to 500kb), the logging attributes associated with the blocked domain request, and message for the block page.
        2. For endpoint devices to access the block page, you must Download Palo Alto Networks Root Certificate and install it onto all firewalls, enterprise browsers such as PAB, endpoints or the SSL forward proxy. Failure to do so will render the block page inaccessible.
  5. Click Save when finished.
  6. You can preview the block page from the DNS Sinkhole Settings pane in the DNS Resolver Configurations tab.
    By default, the following block page contents are displayed: