Misplaced Pages

DNS sinkhole

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
(Redirected from DNS Sinkhole) DNS server that points a domain to bogus internet addresses
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "DNS sinkhole" – news · newspapers · books · scholar · JSTOR (November 2021) (Learn how and when to remove this message)

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS is a Domain Name System (DNS) server that has been configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site. The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower nameservers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by top-level domain sinkholes that span the entire Internet. DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic.

By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.

Applications

Sinkholes can be used both constructively, to contain threats such as WannaCry and Avalanche, and destructively, for example disrupting DNS services in a DoS attack.

DNS sinkholing can be used to protect users by intercepting DNS request attempting to connect to known malicious domains and instead returning an IP address of a sinkhole server defined by the DNS sinkhole administrator. One example of blocking malicious domains is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination. Another use is to block ad serving sites, either using a hosts file-based sinkhole or by locally running a DNS server (e.g., using a Pi-hole). Local DNS servers effectively block ads for all devices on the network.

References

  1. kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Archived from the original on April 15, 2013. Retrieved October 12, 2012.{{cite news}}: CS1 maint: numeric names: authors list (link)
  2. Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". Retrieved October 12, 2012.
  3. Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". Retrieved September 2, 2015.
  4. Hay Newman, Lily (2017-05-13). "The WannaCry Ransomware 'Kill Switch' That Saved Untold PCs From Harm". Wired. Archived from the original on 2022-06-27. Retrieved 2022-08-19.
  5. Symantec Security Response (December 1, 2016). "Avalanche malware network hit with law enforcement takedown". Symantec Connect. Symantec. Retrieved December 3, 2016.
  6. Europol (December 1, 2016). "'Avalanche' network dismantled in international cyber operation". europol.europa.eu. Europol. Retrieved December 3, 2016.
  7. "DNS Sinkhole". ENISA. Retrieved 2022-08-19.
  8. Hay Newman, Lily (2018-01-02). "Hacker Lexicon: What Is Sinkholing?". Wired. Retrieved 2022-08-19.
  9. Dan Pollock, someonewhocares.org (October 11, 2012). "How to make the Internet not suck (as much)". Retrieved October 12, 2012.
  10. "Turn A Raspberry Pi Into An Ad Blocker With A Single Command". Lifehacker Australia. 2015-02-17. Retrieved 2018-05-06.
Category: