To ensure scalable threat detection and optimized network performance, the infrastructure hosting the DNS sinkhole service is migrating to a new addressing scheme. This update ensures your network benefits from enhanced threat prevention mechanisms and improved reliability when mitigating malicious domain traffic.

This infrastructure change specifically affects deployments that utilize a hardcoded static IP address rather than the default fully qualified domain name (sinkhole.paloaltonetworks.com). If your security policy explicitly defines the sinkhole target by IP, you must transition to the new endpoint to maintain service connectivity. While the legacy IP address remains available during a grace period, failing to update your configuration will eventually result in a loss of sinkhole functionality and potential security vulnerabilities.

For organizations using the default FQDN setting, the service automatically resolves to the new infrastructure, requiring no administrative intervention. This migration is part of the broader network security platform commitment to resilient cloud-delivered services.

For more information on the sinkhole service update, refer to: LiveCommunity Blog.