Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure DNS Sinkhole

You are here: Security Services > Advanced Threat Prevention > SecIntel Profiles.

Configure DNS sinkhole to identify and block DNS requests for the disallowed domains by resolving the domains to a sinkhole server or by rejecting the DNS requests.

To configure DNS sinkhole:

  1. Click DNS Sinkhole.
    The DNS Sinkhole page opens.
  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click OK to save the changes. To discard your changes, click Cancel.
    Table 1: Fields on the DNS Sinkhole Page

    Field

    Action

    IPv4 address

    Enter IPv4 address of Juniper Networks or external sinkhole server.

    FQDN

    Enter Fully qualified domain name (FQDN) that must be sent in the DNS response for the sinkhole servers.

    By default, sinkhole.junipersecurity.net is displayed when your SRX Series Firewall is enrolled with Juniper ATP Cloud.

    IPv6 address

    Enter IPv6 address of Juniper Networks or external sinkhole server.

    DNS response TTL

    Enter Time-to-live (TTL) value in seconds to send the DNS response after taking the DNS sinkhole action.

    Range: 0 through 3600. Default is 1800.

    Server response error code

    Select a DNS response error code from the list that must be sent for bad domains for server query type:

    • No error—No error response.

    • Refused—Refuse the DNS query. By default, this option will be selected.

    Text response error code

    Select a DNS response error code from the list that must be sent for bad domains for text query type.

    • No error—No error response.

    • Refused—Refuse the text query. By default, this option will be selected.

    Wildcard level

    Select number of wildcarding levels that will be iteratively examined for a domain match.

    Range: 0 through 10. Default is 2.

Related Documentation