A sinkhole is a DNS provider that supplies systems looking for DNS information with false results, allowing an attacker to redirect a system to a potentially malicious destination. DNS sinkholes have also historically been used for non-malicious purposes.
When a computer visits a DNS source to resolve a domain name, the provider will give a result if possible, and if not, it will send the resolution system to a higher-level provider to try again. The higher a DNS Sinkhole is in this chain, the more requests it will receive, and the more impactful it will be.
A sinkhole is a standard DNS server that has been configured to hand out non-routable addresses for all domains in the sinkhole, so that every computer that uses it will fail to get access to the real website. The higher up the DNS resolution chain the sinkhole is, the more requests it will block as it will supply answers to a greater number of lower NS servers that in turn will serve a greater number of clients. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet. DNS Sinkholes are effective at detecting and blocking malicious traffic, and are used to combat bots and other unwanted traffic.
Manage research, learning and skills at NCR Works. Create an account using LinkedIn to manage and organize your omni-channel knowledge. NCR Works is like a shopping cart for information -- helping you to save, discuss and share.