HOME

TheInfoList



Click Here for Items Related To - DNS Sinkhole
OR:
DNS Sinkhole on:   [Wikipedia]   [Google]   [Amazon]

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS is a DNS server that has been configured to hand out non-routable addresses for a certain set of
domain names A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. ...
. Computers that use the sinkhole fail to access the real site. The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower NS servers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by
TLD A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...
sinkholes that span the entire Internet. DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic. By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.


Applications

Sinkholes can be used both constructively, to contain threats such as
WannaCry The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitco ...
and
Avalanche An avalanche is a rapid flow of snow down a slope, such as a hill or mountain. Avalanches can be set off spontaneously, by such factors as increased precipitation or snowpack weakening, or by external means such as humans, animals, and ea ...
, and destructively, for example disrupting DNS services in a
DoS DOS is shorthand for the MS-DOS and IBM PC DOS family of operating systems. DOS may also refer to: Computing * Data over signalling (DoS), multiplexing data onto a signalling channel * Denial-of-service attack (DoS), an attack on a communicat ...
attack. DNS sinkholing can be used to protect users by intercepting DNS request attempting to connect to known malicious domains and instead returning an IP address of a sinkhole server defined by the DNS sinkhole administrator. One example of blocking malicious domains is to stop
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
s, by interrupting the DNS names the botnet is programmed to use for coordination. Another use is to block
ad serving Ad serving describes the technology and service that places advertisements on Web sites, mobile apps, and Connected TVs. Ad serving technology companies provide software to Web sites and advertisers to serve ads, count them, choose the ads th ...
sites, either using a hosts file-based sinkhole or by locally running a DNS server (e.g., using a
Pi-hole Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network. It is designed for low-power embedded devices with networ ...
). Local DNS servers effectively block ads for all devices on the network.


References

Domain Name System {{Compu-domain-stub