To enable DNS sinkholing, attach the default
Anti-Spyware profile to a security policy rule (see Set Up Antivirus,
Anti-Spyware, and Vulnerability Protection). DNS queries
to any domain included in the Palo Alto Networks DNS signature source
that you specify are resolved to the default Palo Alto Networks
sinkhole IP address. The IP addresses currently are IPv4—sinkhole.paloaltonetworks.com
and a loopback address IPv6 address—::1. These address are subject
to change and can be updated with content updates.
Enable DNS sinkholing for the custom list of domains
in an external dynamic list.
Modify an existing profile, or select one of the existing
default profiles and clone it.
the profile and select
Palo Alto Network Content DNS
is present in the
) In the
to capture the first
packet of the session or
set between 1-50 packets. You can then use the packet captures for
Verify the sinkholing settings on
the Anti-Spyware profile.
verify that the
Sinkhole section, verify that
enabled. For your convenience, the default Sinkhole IP address is
set to access a Palo Alto Networks server. Palo Alto Networks can
automatically refresh this IP address through content updates.