Relying on a single global DNS sinkhole setting for an entire tenant limits your ability to tailor threat response strategies across different network segments. This constraint forces all security profiles to use the same redirection target, preventing granular control over how you handle malicious traffic from specific sources like External Dynamic Lists (EDLs) or Custom FQDN Groups.

You can now configure multiple custom sinkhole definitions to address diverse security requirements within Strata Cloud Manager for the Advanced DNS Security Resolver. This capability allows you to define up to 10 distinct sinkhole servers and assign them individually to specific profiles, categories, or lists. You can also easily toggle your tenant-wide default sinkhole without disrupting other custom configurations.

By diversifying your sinkhole targets, you improve your ability to isolate compromised devices and collect precise forensic data based on the nature of the detected threat. Existing custom configurations migrate automatically to this new framework, ensuring continuity for your current security policies.