How do DNS sinkholes work?

2019-09-09 by No Comments

How do DNS sinkholes work?

DNS Sinkholing is a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address. The controlled IP address points to a sinkhole server defined by the DNS sinkhole administrator.

What is DNS tunneling?

DNS tunneling exploits the DNS protocol to tunnel malware and other data through a client-server model. A connection is now established between the victim and the attacker through the DNS resolver. This tunnel can be used to exfiltrate data or for other malicious purposes.

What is a cyber sinkhole?

A botnet sinkhole is a tactic used by security professionals to redirect malicious botnet traffic into a reserve where it is analyzed and weaponized against the malicious bot or botnet activity.

What is DNS poisoning?

What Is DNS Poisoning? DNS poisoning is a hacker technique that manipulates known vulnerabilities within the domain name system (DNS). When it’s completed, a hacker can reroute traffic from one site to a fake version. And the contagion can spread due to the way the DNS works.

How do I blacklist DNS?

64.252 into domain names like, making the lists much easier to read, use, and search. DNS Blacklists may also include a zombie check….The three basic components that make up a DNS Blacklist are the following:

  1. A domain to host it under.
  2. A name server to host that domain.
  3. A list of addresses to publish the list.

What are signs of DNS tunneling?

Some indicators of DNS tunneling on a network can include:

  • Unusual Domain Requests: DNS tunneling malware encodes data within a requested domain name (like
  • Requests for Unusual Domains: DNS tunneling only works if the attacker owns the target domain so that DNS requests go to their DNS server.

What is DNS Zonewalk?

Abstract—Zone walking attack is to get all existing domain information from a secured DNS server. DNS servers are used to look up the IP address against a name. Thus, the DNS server can provide the corresponding IP address from a domain name. However, DNS servers are not secured.

What is monitored by a DNS sinkhole?

A sinkhole is a DNS provider that supplies systems looking for DNS information with false results, allowing an attacker to redirect a system to a potentially malicious destination. DNS sinkholes have also historically been used for non-malicious purposes.