To enable DNS sinkholing, attach the default
Anti-Spyware profile to a security policy rule (see Set
Up Antivirus, Anti-Spyware, and Vulnerability Protection). DNS
queries to any domain included in the Palo Alto Networks DNS signature
source that you specify are resolved to the default Palo Alto Networks
sinkhole IP address. The IP addresses currently are IPv4—sinkhole.paloaltonetworks.com
and a loopback address IPv6 address—::1. These address are subject
to change and can be updated with content updates.
Enable DNS sinkholing for the custom list of domains
in an external dynamic list.
Modify an existing profile, or select one of the existing
default profiles and clone it.
the profile and select
present in the
) In the
to capture the first
packet of the session or
set between 1-50 packets. You can then use the packet captures for
Verify the sinkholing settings on
the Anti-Spyware profile.
verify that the
on DNS queries
DNS Sinkhole Settings section, verify that
enabled. For your convenience, the default Sinkhole IP address is
set to access a Palo Alto Networks server. Palo Alto Networks can
automatically refresh this IP address through content updates.