What is a DNS sinkhole?
Let’s say an employee of a company has received one phishing email. He could not recognize the phishing attempt and clicked on the phishing link or opened an attachment to the email. As a result, the employee’s system tries to connect to the malicious server. In order to do so, the computer will first resolve the IP address of the malicious domain by sending a DNS query to a DNS server. A DNS sinkhole is a DNS server that spoofs an authoritative DNS server and when a computer tries to resolve the IP address of a malicious domain, the DNS sinkhole returns a false IP address instead of the actual IP address of the malicious server.
In this article, we will discuss:
-
What is DNS Sinkhole?
-
How does DNS Sinkhole work?
-
What are the use cases of DNS Sinkhole?
0 Comments