The key is having a dynamically updated list of known bad sites to send to the sinkhole. To recap, a DNS sinkhole prevents a device from reaching a domain by directing it to another IP address instead. Better yet, we could point it to the IP address of a logging server that would allow us to track systems that were attempting to access this malware domain for further investigation. We can tell our DNS server that if it receives a query for to point to 127.0.0.1 (the loopback), which would prevent the traffic from being routed to the site. We want to stop traffic from being able to get there. For example, let’s say some known bad website called points to 1.1.1.1. ![]() Using a DNS sinkhole, this lack of skepticism can be improved to add some protection that prevents computers from browsing to unsafe locations.Ī DNS sinkhole is a dead-end or black hole akin to routing to the null route. How a DNS sinkhole worksĬomputers and devices generally trust their DNS servers without question. That would allow tit to be directed to harmful domains used by hackers.ĭNS sinkholes offer a means to mitigate these situations where DNS traffic to malicious or unwanted domains represents a threat. Thus, when you type in a domain name DNS will get you to that website regardless of if the server is compromised or the site contains malware.Īlso, there is nothing to stop a computer that has been infected with malware from changing the DNS servers it uses to point to malicious ones. First, DNS has no native ability to distinguish between legitimate and malicious network traffic. Problems with DNSĭNS makes navigating the Internet possible. Yet, some problems arise when relying exclusively on DNS. To learn more about DNS itself, independent of sinkhole specific functionality, consider reading CloudFlare’s excellent guide, What is DNS?ĭNS is efficient, it’s elegant, and it gets the job done. It’s much easier to remember their name than their phone number. The result is just like looking up someone by name on the speed dial app on your phone before placing a call. If the DNS server you are pointing to doesn’t know the IP address of a particular domain, it is usually configured to forward to another DNS server upstream from it to complete the name resolution. Usually, the DNS server you point to is on your local network, but it doesn’t have to be. Your computer or phone is configured to point to a DNS server so when you type in a domain name in the web browser, it can find the IP address from the DNS server and route the traffic to that IP address. DNS servers store databases that contain mappings for domain names to their respective IP addresses. Therefore, IP addresses don’t have to be remembered by people. DNS allows names to be mapped to IP addresses. ![]() ![]() ![]() Internet routers need IP addresses to send traffic to their correct destination on the Internet, but people can’t possibly remember these. The problem is that people can’t remember these long numeric values. IP addresses are what the routers that interconnect all the networks that make up the Internet understand. All websites are hosted on servers that use IP addresses in decimal or hexadecimal format (i.e., 190.4.1.1 or FE80:CD00:0000:0CDE:1257:0000:211E:729C). To understand the benefit a DNS sinkhole can provide, it’s important to first understand the basics of how DNS works.ĭNS is the speed dial app of the Internet. Use a service or already existing DNS sinkhole framework Instructions for setting up a DNS sinkholeĬan set up with DNS server, app, or hosted service Leverages existing features of DNS to block malicious domains by blackholing traffic Servers are queried until the name is resolvedĭNS can’t distinguish between normal versus malicious traffic. Resolves IP addresses from names of websites.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |