Advanced DNS Security Powered by Precision AI®
Manage DNS Sinkhole Settings
Table of Contents
Manage DNS Sinkhole Settings
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The sinkhole is used to redirect malicious or
otherwise unwanted DNS queries to a non-routable IP address, which provides a
controlled environment to assist in identifying infected systems that attempt to
connect to malicious domains. Palo Alto Networks provides a default sinkhole server;
alternately, you can also use custom server of your choosing. Additionally, if you
decide to use the default sinkhole server, you can also enable and configure a block
page that is displayed to users when they attempt to query a malicious DNS
server.
- Log in to the Strata Cloud Manager on the hub.Select .In the DNS Sinkhole Settings, select the edit iconto modify your DNS sinkhole configuration.
![]()
You can use the default Palo Alto Networks Sinkhole or select Custom to define your own. If you decide to use a custom sinkhole, provide the IP Address/FQDN of the server.- Custom Sinkhole
- Select Custom and provide the IP Address/FQDN of the server.Custom DNS sinkhole servers must have an IPv4 address and a custom root certificate.
![]()
- Palo Alto Networks Sinkhole
- Select Palo Alto Networks Sinkhole and provide the following details:
![]()
- (Optional) For custom block pages, specify an image (up to 500kb), the logging attributes associated with the blocked domain request, and message for the block page.
- For endpoint devices to access the block page, you must Download Palo Alto Networks Root Certificate and install it onto all firewalls, enterprise browsers such as PAB, endpoints or the SSL forward proxy. Failure to do so will render the block page inaccessible.
Click Save when finished.You can preview the block page from the DNS Sinkhole Settings pane in the DNS Resolver Configurations tab.![]()
By default, the following block page contents are displayed:![]()
