@NevinNIt's not possible, with DNS sinkhole Palo Alto device forge a response to DNS query for suspicious domain/URL and causes that domain/URL to resolve defined IP address. So here no possibility of your use case as it is just happening while querying DNS.
You can do one thing, if you have proxy/PAC file script in your environment, you can defined some page for sinkhole IP. So if anyone tried any suspicious domain/url from browser then palo alto will resolve its dns query to sinkhole IP and proxy/PAC file script will give appropriate page for that traffic.
Hope it helps you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!