DNS sinkhole

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or BlackholeDNS[1] is a DNS server that gives out false information[clarification needed], to prevent the use of a domain name.

Operation[edit]

A sinkhole does not need to be a large DNS server, it only needs to be in the DNS lookup chain.[clarification needed]

Network-level disabling[edit]

A sinkhole is a standard DNS server that has been configured to hand out non-routable addresses for all domains in the sinkhole, so that every computer that uses it will fail to get access to the real website.[2] The higher up[clarification needed] the DNS server is, the more computers it will block. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet.[3] DNS Sinkholes are effective at detecting and blocking malicious traffic, and are used to combat bots and other unwanted traffic.

Host-level disabling[edit]

The local hosts file on a Microsoft Windows, Unix or Linux computer is checked before DNS servers, and can also be used to block sites in the same way.

Applications[edit]

Sinkholes can be used both constructively, as has been done for the containment of the WannaCry threat,[4] and destructively, for example disrupting DNS services in a DoS attack.

One use is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination. The most common use of a hosts file-based sinkhole is to block ad serving sites.[5]

References[edit]

  1. ^ kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Retrieved October 12, 2012. 
  2. ^ Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". Retrieved October 12, 2012. 
  3. ^ Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". Retrieved September 2, 2015. 
  4. ^ https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
  5. ^ Dan Pollock, someonewhocares.org (October 11, 2012). "How to make the Internet not suck (as much)". Retrieved October 12, 2012.