Dns sinkhole là gì
Domain Name Service (DNS)
On the mạng internet, computers communicate with each other by using numerical identifiers known as IPhường addresses. For example, the IP address of the dhlamnghiep.org website site is 212.146.105.104. However, human readable addresses are more intuitive & easier khổng lồ rethành viên, and this is where DNS comes into play.
Bạn đang xem: Dns sinkhole là gì
DNS (Domain Name Service) is a protocol within the TCP/IPhường protocol suite, which is a mix of standards for data exchange. This core service manages a database that maps human readable names (like www.dhlamnghiep.org) to IP. addresses (like 212.146.105.104). In the real life world one can think of DNS as being a phone book which is used lớn match human-readable names khổng lồ numbers that can be understood by telephones.
In a standard trang chính cài đặt, a client usually uses the Internet service provider"s (ISP) DNS server, which will be pre-configured on their CPE (Customer-premises equipment). Devices connected to the home page router can point lớn the trang chính router itself as a DNS VPS, in that case the router will handle the queries by forwarding the DNS requests khổng lồ the ISP"s DNS servers.
Computers cache DNS responses & the DNS request does not occur upon every connection. This approach improves connection speed by skipping the DNS request phase in future repeated connections.
What is a "DNS Sinkhole"?
DNS Sinkholing is a mechanism aimed at protecting users by intercepting DNS request attempting lớn connect to known malicious or unwanted domains & returning a false, or rather controlled IP address. The controlled IP. address points khổng lồ a sinkhole server defined by the DNS sinkhole administrator.
Xem thêm: Download Tải Office 2016 Full Vĩnh Viễn, Download Tải Office 2016 Full
This technique can be used khổng lồ prevent hosts from connecting to or communicating with known malicious destinations such as a botnet C&C VPS (links to Infonote). The Sinkhole server can be used lớn collect event logs, but in such cases the Sinkhole administrator must ensure that all logging is done within their legal boundaries and that there is no breach of privacy.
Figure 1
Sinkholing can be done at different levels. Both ISPs and Domain Registrars are known lớn use sinkholes lớn help protect their clients by diverting requests khổng lồ malicious or unwanted tên miền names onlớn controlled IP addresses. System administrators can also phối up an internal DNS sinkhole VPS within their organisations infrastructure. A user (with administrative privileges) can also modify the host tệp tin on their machine và obtain the same result. There are many lists (both open-source and commercial) of known malicious domains that a sinkhole administrator can use khổng lồ populate the DNS Sinkhole.
Besides preventing malicious connections, Sinkholing can be used lớn identify compromised hosts by analysing the sinkhole logs and identifying hosts that are trying to connect to lớn known malicious domains. For example if the logs show that one particular machine is continuously attempting khổng lồ connect khổng lồ a C&C VPS, but the request is being redirected because of the sinkhole, then there is a good chance that this particular machine is infected with a bot.
Because of its direct consequences, Sinkholing is usually done in special conditions by trusted third parties with the involvement of law enforcement.
