Surf Wiki
Save to docs
technology/networking

From Surf Wiki (app.surf) — the open knowledge base

DNS sinkhole

DNS server that points a domain to bogus internet addresses

DNS server that points a domain to bogus internet addresses

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS is a Domain Name System (DNS) server that is configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site. The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower nameservers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by top-level domain sinkholes that span the entire Internet. DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic.

By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.

Applications

Sinkholes can be used both constructively, to contain threats such as WannaCry and Avalanche, and destructively, for example disrupting DNS services in a DoS attack.

DNS sinkholing can be used to protect users by intercepting DNS request attempting to connect to known malicious domains and instead returning an IP address of a sinkhole server defined by the DNS sinkhole administrator. One example of blocking malicious domains is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination. Another use is to block ad serving sites, either using a host's file-based sinkhole or by locally running a DNS server (e.g., using a Pi-hole). Local DNS servers effectively block ads for all devices on the network.

References

References

  1. kevross33. (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?".
  2. Kelly Jackson Higgins. (October 2, 2012). "DNS Sinkhole - SANS Institute".
  3. Kelly Jackson Higgins. (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT".
  4. Hay Newman, Lily. (2017-05-13). "The WannaCry Ransomware 'Kill Switch' That Saved Untold PCs From Harm".
  5. Symantec Security Response. (December 1, 2016). "Avalanche malware network hit with law enforcement takedown". Symantec.
  6. Europol. (December 1, 2016). "'Avalanche' network dismantled in international cyber operation". Europol.
  7. "DNS Sinkhole".
  8. Hay Newman, Lily. (2018-01-02). "Hacker Lexicon: What Is Sinkholing?".
  9. Dan Pollock. (October 11, 2012). "How to make the Internet not suck (as much)".
  10. (2015-02-17). "Turn A Raspberry Pi Into An Ad Blocker With A Single Command". Lifehacker Australia.
Info: Wikipedia Source

This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.

domain-name-system
Want to explore this topic further?

Ask Mako anything about DNS sinkhole — get instant answers, deeper analysis, and related topics.

Research with Mako

Free with your Surf account

Content sourced from Wikipedia, available under CC BY-SA 4.0.

This content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.

Report