Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure DNS filtering to identify DNS requests for disallowed domains.


The DNS sinkhole must be configured only for DNS profile category.



Configure the time-to-live (TTL) value in seconds to send_IN_the DNS response after taking the DNS sinkhole action. The maximum value for DNS response TTL is 86400 (24 hour). Default value is 1800 (30 min).


Configure the fully qualified domain name (FQDN) that must be sent in the DNS response for the sinkhole domains.


Configure the sinkhole IPv4 address.


Configure the sinkhole IPv6 address.


Configure the DNS response error code that must be sent for bad domains for server query type.


Configure the DNS response error code that must be sent for bad domains for text query type.


Configure the number of levels that will be iteratively examined for a domain match. The range is 0 to 10. The default value is 10.


Configure traffic sampling tracing operations. You can configure the following:

  • file-name—Specify the file name in which to write trace information.

  • files—Specify the maximum number of trace files to be saved with samples or trace data. The range is 2 to 1000.

  • match—Specify the regular expression for lines to be logged for tracing.

  • size—Specify the maximum trace file size, in kilobytes (KB), megabytes (MB), or gigabytes (GB). Syntax: xk to specify KB, xm to specify MB, or xg to specify GB. The range is 10240 to 1073741824.

  • no-world-readable—Disable unrestricted file access.

  • world-readable—Enable unrestricted file access. Allows any user to read the log file.


Tracing flag parameters. The available options are:

  • all—Trace everything

  • config—Trace DNS filtering configuration events

  • connect—Trace DNS filtering IPC events

  • dns—Trace DNS filtering crawler events

  • filter—Trace DNS filtering filter programming events

  • gencfg—Trace DNS filtering gencfg events

  • normal— Trace normal events

  • operation-commands—Trace DNS filtering show events

  • parse—Trace DNS filtering parse events

  • routing—Trace DNS filtering route programming events

  • snmp— Trace DNS filtering snmp events

  • statistics—Trace DNS filtering statistics events

  • system—Trace DNS filtering system events

  • timer—Trace DNS filtering timer events


Level of debugging output. The available options are:

  • all—Match all levels

  • error—Match error conditions

  • info—Match informational messages

  • notice—Match conditions that should be handled specially

  • verbose—Match verbose messages

  • warning—Match warning messages


Disable remote tracing.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Command introduced in Junos OS Release 20.4R1.