DNS sinkhole

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS[1] is a DNS server that has been configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site.[2] The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower NS servers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet.[3] DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic.

By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.

Applications

Sinkholes can be used both constructively, to contain threats such as WannaCry and Avalanche,[4] and destructively, for example disrupting DNS services in a DoS attack.

One use is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination. Another use is to block ad serving sites, either using a hosts file-based sinkhole[5] or by locally running a DNS server (e.g., using a Pi-hole). Local DNS servers effectively block ads for all devices on the network.[6]

References
  1. kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Retrieved October 12, 2012.
  2. Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". Retrieved October 12, 2012.
  3. Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". Retrieved September 2, 2015.
  4. "Wannacrypt0r-Factsheet.md". Gist.
  5. Dan Pollock, someonewhocares.org (October 11, 2012). "How to make the Internet not suck (as much)". Retrieved October 12, 2012.
  6. "Turn A Raspberry Pi Into An Ad Blocker With A Single Command". Lifehacker Australia. 2015-02-17. Retrieved 2018-05-06.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.