The IT Law Wiki

DNS sinkhole

32,068pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

A DNS (Domain Name System) sinkhole

prevents infection by intercepting outbound DNS requests attempting to connect to known malicious domains, such as botnets, spyware and fake anti-virus software, instead returning a false IP address.[1]

Overview Edit

It "works by spoofing the authoritative DNS servers for malicious and unwanted hosts and domains. An administrator configures the DNS forwarder for outbound Internet traffic to return false IP addresses for these known hosts and domains. When a client requests to resolve the address of such a host or domain, the sinkhole returns a non-routable address; or any address except the real address. This denies a client a connection to the target host."[2]

References Edit

  1. Proactive Policy Measures by Internet Service Providers against Botnets, at 11 n.6.
  2. SANS Institute, DNS Sinkhole, at 2 (2010) (full-text).

Also on Fandom

Random Wiki