TCP-53 is also used as a fallback strategy in case of communication problems via UDP.ĭNS sinkholing relies on the principle of intercepting DNS queries via single UDP packets because the transmitted requests can easily be verified against configured entries in a block list before the request hits a DNS. Whereas UDP is considered the primary choice for all DNS queries with short answering times, TCP is designed for larger data transmissions to avoid truncated UDP answering packets, e.g., zone transfers between domain name servers (DNSs). UDP is preferred for DNS queries and short answers, e.g., between client PCs and DNS. How the Protection WorksĭNS relies on the usage of both the UDP-53 and the TCP-53 protocol.
Dns blackhole how to#
For more information, see How to Configure DNS Interception. If you must protect your network against access to malicious domains for other record types, use the DNS interception feature, instead. For this reason, DNS sinkholing does not rely on any caching mechanism. Instead, based on a configured block list, it replaces the A and AAAA DNS response by a fake IP address that is said to be the DNS sinkhole IP address. Unlike for real DNS interception, DNS sinkholing does not resolve any domain names into IP addresses. When DNS sinkholing is activated on the CloudGen Firewall, a DNS access to a malicious site is intercepted, and the querying client is informed accordingly. This method can be used for securing clients on a LAN against access to malicious sites.
DNS sinkholing is a special method for deliberately giving out false IP addresses for domain names.
0 kommentar(er)
