DNS sinkhole

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS^[1] is a DNS server that has been configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site.^[2] The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower NS servers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet.^[3] DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic.

By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.

Applications[]

Sinkholes can be used both constructively, to contain threats such as WannaCry and Avalanche,^[4] and destructively, for example disrupting DNS services in a DoS attack.^{[clarification needed]}

One use is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination. Another use is to block ad serving sites, either using a hosts file-based sinkhole^[5] or by locally running a DNS server (e.g., using a Pi-hole). Local DNS servers effectively block ads for all devices on the network.^[6]

References[]

^ kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Retrieved October 12, 2012.
^ Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". Retrieved October 12, 2012.
^ Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". Retrieved September 2, 2015.
^ 262588213843476. "Wannacrypt0r-FACTSHEET.md". Gist.CS1 maint: numeric names: authors list (link)
^ Dan Pollock, someonewhocares.org (October 11, 2012). "How to make the Internet not suck (as much)". Retrieved October 12, 2012.
^ "Turn A Raspberry Pi Into An Ad Blocker With A Single Command". Lifehacker Australia. 2015-02-17. Retrieved 2018-05-06.

This Internet domain name article is a stub. You can help Wikipedia by .

[BlackholeDNS-1] vross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Retrieved October 12, 2012.

[DNS_Sinkhole_-_SANS_Institute-2] Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". Retrieved October 12, 2012.

[Conficter_Hand_off-3] Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". Retrieved September 2, 2015.

[4] 262588213843476. "Wannacrypt0r-FACTSHEET.md". Gist.CS1 maint: numeric names: authors list (link)

[Hosts_based_ad_block-5] Dan Pollock, someonewhocares.org (October 11, 2012). "How to make the Internet not suck (as much)". Retrieved October 12, 2012.

[6] "Turn A Raspberry Pi Into An Ad Blocker With A Single Command". Lifehacker Australia. 2015-02-17. Retrieved 2018-05-06.

[1]

[2]

[3]

[4]

[5]

[6]