Configure DNS Sinkhole
To configure DNS sinkhole for disallowed domains:
-
Configure DNS sinkhole server. We will set the domain name for the DNS sinkhole server as
sinkhole.junipernetworks.com
.set services dns-filtering sinkhole ipv4-address <ipv4-address> set services dns-filtering sinkhole ipv6-address <ipv6-address> set dns-filtering sinkhole fqdn sinkhole.junipernetworks.com
Note:DNS sinkhole configuration is mandatory if the action is set as sinkhole. See Enable DNS Secintel Detection, Enable DNS DGA Detection and Enable DNS Tunnel Detection.
-
The FQDN value
sinkhole.junipernetworks.com
is provided as an example, do not use it in actual configuration. -
If you do not configure the DNS sinkhole server, then by default, the sinkhole IP address that is hosted on the SRX Series Firewall acts as the sinkhole server.