DNS Sinkhole

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS[1] is a DNS server that gives out false information[clarification needed], to prevent the use of a domain name.


A sinkhole is a DNS provider that supplies systems looking for DNS information with false results, allowing an attacker to redirect a system to a potentially malicious destination. DNS sinkholes have also historically been used for non-malicious purposes.

When a computer visits a DNS source to resolve a domain name, the provider will give a result if possible, and if not, it will send the resolution system to a higher-level provider to try again. The higher a DNS Sinkhole is in this chain, the more requests it will receive, and the more impactful it will be.

Network-level disabling

A sinkhole is a standard DNS server that has been configured to hand out non-routable addresses for all domains in the sinkhole, so that every computer that uses it will fail to get access to the real website.[2] The higher up the DNS resolution chain the sinkhole is, the more requests it will block as it will supply answers to a greater number of lower NS servers that in turn will serve a greater number of clients. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet.[3] DNS Sinkholes are effective at detecting and blocking malicious traffic, and are used to combat bots and other unwanted traffic.

Host-level disabling

By default, the local hosts file on a Microsoft Windows, Unix or Linux computer is checked before DNS servers, and can also be used to block sites in the same way.


Sinkholes can be used both constructively, as has been done for the containment of the WannaCry and Avalanche threats,[4] and destructively, for example disrupting DNS services in a DoS attack.

One use is to stop botnets, by interrupting the DNS names the botnet is programmed to use for coordination. The most common use of a hosts file-based sinkhole is to block ad serving sites.[5] Ad serving can also be blocked using a locally running DNS server on your computer or on your local network effectively blocking Ads for all devices on the network.[6]


  1. ^ kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Retrieved 2012.
  2. ^ Kelly Jackson Higgins, sans.org (October 2, 2012). "DNS Sinkhole - SANS Institute". Retrieved 2012.
  3. ^ Kelly Jackson Higgins, darkreading.com (October 2, 2012). "Microsoft Hands Off Nitol Botnet Sinkhole Operation To Chinese CERT". Retrieved 2015.
  4. ^ https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
  5. ^ Dan Pollock, someonewhocares.org (October 11, 2012). "How to make the Internet not suck (as much)". Retrieved 2012.
  6. ^ https://blog.technitium.com/2018/10/blocking-internet-ads-using-dns-sinkhole.html

  This article uses material from the Wikipedia page available here. It is released under the Creative Commons Attribution-Share-Alike License 3.0.



Connect with defaultLogic
What We've Done
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.

Manage research, learning and skills at defaultlogic.com. Create an account using LinkedIn to manage and organize your omni-channel knowledge. defaultlogic.com is like a shopping cart for information -- helping you to save, discuss and share.

  Contact Us