This article needs additional citations for verification. (November 2021)
A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS is a DNS server that has been configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site. The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower NS servers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet. DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic.
By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.
One use is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination. Another use is to block ad serving sites, either using a hosts file-based sinkhole or by locally running a DNS server (e.g., using a Pi-hole). Local DNS servers effectively block ads for all devices on the network.
- kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Retrieved October 12, 2012.
- Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". Retrieved October 12, 2012.
- Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". Retrieved September 2, 2015.
- "Wannacrypt0r-Factsheet.md". Gist.
- Dan Pollock, someonewhocares.org (October 11, 2012). "How to make the Internet not suck (as much)". Retrieved October 12, 2012.
- "Turn A Raspberry Pi Into An Ad Blocker With A Single Command". Lifehacker Australia. 2015-02-17. Retrieved 2018-05-06.