- Source: DNS sinkhole
A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS is a Domain Name System (DNS) server that has been configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site. The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower nameservers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by top-level domain sinkholes that span the entire Internet. DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic.
By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.
Applications
Sinkholes can be used both constructively, to contain threats such as WannaCry and Avalanche, and destructively, for example disrupting DNS services in a DoS attack.
DNS sinkholing can be used to protect users by intercepting DNS request attempting to connect to known malicious domains and instead returning an IP address of a sinkhole server defined by the DNS sinkhole administrator. One example of blocking malicious domains is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination. Another use is to block ad serving sites, either using a hosts file-based sinkhole or by locally running a DNS server (e.g., using a Pi-hole). Local DNS servers effectively block ads for all devices on the network.
References
Kata Kunci Pencarian:
- Serangan kegagalan layanan
- DNS sinkhole
- Sinkhole (disambiguation)
- Pi-hole
- Denial-of-service attack
- Internet filter
- Ad blocking
- WannaCry ransomware attack
- No-IP
- Nitol botnet
- Avalanche (phishing group)
