DNS sinkhole

From HandWiki
Short description: DNS server that points a domain to bogus internet addresses

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS[1] is a Domain Name System (DNS) server that has been configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site.[2] The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower nameservers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by top-level domain sinkholes that span the entire Internet.[3] DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic.

By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.

Applications

Sinkholes can be used both constructively, to contain threats such as WannaCry[4] and Avalanche,[5][6] and destructively, for example disrupting DNS services in a DoS attack.[clarification needed]

DNS sinkholing can be used to protect users by intercepting DNS request attempting to connect to known malicious domains and instead returning an IP address of a sinkhole server defined by the DNS sinkhole administrator.[7] One example of blocking malicious domains is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination.[8] Another use is to block ad serving sites, either using a hosts file-based sinkhole[9] or by locally running a DNS server (e.g., using a Pi-hole). Local DNS servers effectively block ads for all devices on the network.[10]

References

  1. kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". http://forum.pfsense.org/index.php?topic=43298.0;wap2. [yes|permanent dead link|dead link}}]
  2. Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". http://www.sans.org/reading_room/whitepapers/dns/dns-sinkhole_33523. 
  3. Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". http://www.darkreading.com/risk/microsoft-hands-off-nitol-botnet-sinkhole-operation-to-chinese-cert/d/d-id/1138455. 
  4. Hay Newman, Lily (2017-05-13). "The WannaCry Ransomware 'Kill Switch' That Saved Untold PCs From Harm". Wired. https://www.wired.com/2017/05/accidental-kill-switch-slowed-fridays-massive-ransomware-attack/. Retrieved 2022-08-19. 
  5. Symantec Security Response (December 1, 2016). "Avalanche malware network hit with law enforcement takedown". Symantec. https://www.symantec.com/connect/blogs/avalanche-malware-network-hit-law-enforcement-takedown. 
  6. Europol (December 1, 2016). "'Avalanche' network dismantled in international cyber operation". Europol. https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation. 
  7. "DNS Sinkhole". https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/dns-sinkhole. 
  8. Hay Newman, Lily (2018-01-02). "Hacker Lexicon: What Is Sinkholing?". Wired. https://www.wired.com/story/what-is-sinkholing/. Retrieved 2022-08-19. 
  9. Dan Pollock, someonewhocares.org (October 11, 2012). "How to make the Internet not suck (as much)". http://someonewhocares.org/hosts/. 
  10. "Turn A Raspberry Pi Into An Ad Blocker With A Single Command" (in en). Lifehacker Australia. 2015-02-17. https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=DNS_sinkhole&oldid=3381697"