Scribd
Upload
138 views8 pages

Block DNS with SonicWall DNS Sinkhole

The document describes how to use the DNS Sinkhole feature in SonicWall firewalls to block DNS queries for specific domains. It provides steps to configure split DNS tunneling and point DNS queries for the blocked domain to the firewall. It then explains how to enable the DNS Sinkhole service and add domains to the blocked list.

Uploaded by

sreejishtpk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
138 views8 pages

Block DNS with SonicWall DNS Sinkhole

The document describes how to use the DNS Sinkhole feature in SonicWall firewalls to block DNS queries for specific domains. It provides steps to configure split DNS tunneling and point DNS queries for the blocked domain to the firewall. It then explains how to enable the DNS Sinkhole service and add domains to the blocked list.

Uploaded by

sreejishtpk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

View Page online: https://www.sonicwall.

com/es-mx/support/knowledge-base/using-dns-sinkhole-feature-to-block-dns-queries/200426101616227/

Using DNS Sinkhole feature to block DNS


queries
Description
Firewall can block DNS queries to specific domains through its feature of DNS Sinkhole. The important step to

achieve this requirement is to use split DNS tunneling so that firewall can receive the DNS queries at its end and take

action rather than forwarding to internal or public DNS servers.

EXAMPLE: Lets take "yahoo.com" domain into consideration and we will block the DNS query of this
domain via firewall with client PC configured with internal or public DNS servers.

Resolution for SonicOS 7.X


This release includes significant user interface changes and many new features that are different from the
SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Configure Firewall in split tunnel and point the dns query for the domain towards firewall.

1. To configure the split tunnel, navigate to Network|DNS| Settings.


2. Enable the checkbox for IPv4 Split DNS which states Enable proxying of split DNS servers3. .

To configure the domain which you want to block and point its dns query towards firewall interface IP
address, navigate to Network | DNS | Settings | Split DNS and click Add.

Enabling DNS Sinkhole and configuring it

Navigate to Network |DNS | DNS Security | DNS Sinkhole Service.

1. Enable the option Enable DNS Sinkhole Service.


2. Select one of the available three options from Action3. dropdown.

4. Navigate to Custom Malicious Domain Name List and click Add. 5. Enter domain name Yahoo.com 6.
and click Save.

Resolution for SonicOS 6.5


This release includes significant user interface changes and many new features that are different from the
SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Configure Firewall in split tunnel and point the dns query for the domain towards firewall.

1. To configure the split tunnel, navigate to Manage |System Setup | Nnetwork | DNS 2. .

3. Enable the checkbox for IPv4 Split DNS which states Enable proxying of split DNS servers4. .
5. Configure the domain which you want to block and point its dns query towards firewall interface IP
address.

Enabling DNS Sinkhole and configuring it

Navigate to Manage |System Setup | Nnetwork | DNS Security.

1. Enable the option Enable DNS Sinkhole Service.

2. Select one of the available three options.


3. Click ADD4. and enter the domain yahoo.com into the Custom Malicious Domain Name List.

How to Test :
Run nslookup command to generate the DNS query from a PC behind X0 network of SonicWall and check
the SonicWall Logs and Packet monitor with UDP 53 traffic as : NOTE: With DNS Sinkhole Service
action selected as 'Dropping, with DNS reply of forged IP', we need to configure the forged or masked
IP address so that firewall can return the dns query with that IP. TIP: The above requirement can also
be achieved by creating FQDN object of "yahoo.com" and blocking the DNS (Name Service) through
access-rule, but it is always recommended to limit the usage of FQDN objects to avoid unnecessary CPU
spikes in firewall.

You might also like