Global InformationDNS sinkhole information
 | This article needs additional citations for verification. (November 2021) |
A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS[1] is a Domain Name System (DNS) server that has been configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site.[2] The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower nameservers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by top-level domain sinkholes that span the entire Internet.[3] DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic.
By default, the local hosts file on a computer is checked before DNS servers, and can be used to block sites in the same way.
- ^ kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Archived from the original on April 15, 2013. Retrieved October 12, 2012.
{{cite news}}: CS1 maint: numeric names: authors list (link) - ^ Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". Retrieved October 12, 2012.
- ^ Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". Retrieved September 2, 2015.