Threat Level: green Handler on Duty: Brad Duncan

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IPv6 and DNS Sinkhole

Published: 2011-09-09
Last Updated: 2011-09-09 00:59:10 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

In January 2010, I posted a diary on how to configure zone files to setup a DNS sinkhole using IPv4 addresses. This updated diary shows how to add IPv6 support to your zone file to sinkhole both IPv4 and IPv6.

Single Hostname (/var/named/sinkhole/client.nowhere)


Wildcard Domain (/var/named/sinkhole/domain.nowhere)


Note: If you are not currently using IPv6 in your network, change the example fec0:0:0:bebb::5 to ::1 (localhost) to prevent 6to4, Toredo, etc from leaving the network.

To verify your zone files are correctly configured, you can use nslookup to query a hostname or a domain loaded in your sinkhole.

With Windows 7 (note that it shows both IPv4 and IPv6):



With Linux, you need to specify query AAAA record:

guy@seeker:~$ nslookup -q=aaaa
Address: has AAAA address fec0:0:0:bebb::5



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

 Community SANS SEC 503 coming to Ottawa Sep 2011

Keywords: DNS IPv6 Sinkhole
0 comment(s)
Diary Archives