View Page online: https://www.sonicwall.

com/es-mx/support/knowledge-base/using-dns-sinkhole-feature-to-block-dns-queries/200426101616227/

Using DNS Sinkhole feature to block DNS

queries
Description
Firewall can block DNS queries to specific domains through its feature of DNS Sinkhole. The important step to

achieve this requirement is to use split DNS tunneling so that firewall can receive the DNS queries at its end and take

action rather than forwarding to internal or public DNS servers.

EXAMPLE: Lets take "yahoo.com" domain into consideration and we will block the DNS query of this
domain via firewall with client PC configured with internal or public DNS servers.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the
SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Configure Firewall in split tunnel and point the dns query for the domain towards firewall.

1. To configure the split tunnel, navigate to Network|DNS| Settings.

 2. Enable the checkbox for IPv4 Split DNS which states Enable proxying of split DNS servers3. .

To configure the domain which you want to block and point its dns query towards firewall interface IP
address, navigate to Network | DNS | Settings | Split DNS and click Add.

Enabling DNS Sinkhole and configuring it

Navigate to Network |DNS | DNS Security | DNS Sinkhole Service.

1. Enable the option Enable DNS Sinkhole Service.

 2. Select one of the available three options from Action3. dropdown.

4. Navigate to Custom Malicious Domain Name List and click Add. 5. Enter domain name Yahoo.com 6.
and click Save.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the
SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Configure Firewall in split tunnel and point the dns query for the domain towards firewall.

1. To configure the split tunnel, navigate to Manage |System Setup | Nnetwork | DNS 2. .

3. Enable the checkbox for IPv4 Split DNS which states Enable proxying of split DNS servers4. .
 5. Configure the domain which you want to block and point its dns query towards firewall interface IP
address.

Enabling DNS Sinkhole and configuring it

Navigate to Manage |System Setup | Nnetwork | DNS Security.

1. Enable the option Enable DNS Sinkhole Service.

2. Select one of the available three options.

 3. Click ADD4. and enter the domain yahoo.com into the Custom Malicious Domain Name List.

How to Test :
Run nslookup command to generate the DNS query from a PC behind X0 network of SonicWall and check
the SonicWall Logs and Packet monitor with UDP 53 traffic as : NOTE: With DNS Sinkhole Service
action selected as 'Dropping, with DNS reply of forged IP', we need to configure the forged or masked
IP address so that firewall can return the dns query with that IP. TIP: The above requirement can also
be achieved by creating FQDN object of "yahoo.com" and blocking the DNS (Name Service) through
access-rule, but it is always recommended to limit the usage of FQDN objects to avoid unnecessary CPU
spikes in firewall.