[dns-operations] Looking for a public blackhole/sinkhole IP address

Robert Edmonds edmonds at mycre.ws
Wed Nov 26 23:43:23 UTC 2014

Joe Abley wrote:
> On 26 Nov 2014, at 14:06, Warren Kumari <warren at kumari.net> wrote:
> > What's wrong with It makes it clear what the intent is, and
> > you don't get a much more distributed sinkhole than that...
> I'm always wary of using for anything that doesn't really mean "you should talk to yourself". Without a comprehensive knowledge of the impact, you don't know what you're blowing up.

Indeed, some recursive DNS servers won't even attempt to send queries to by default.  (Unbound's "do-not-query-localhost: yes"

> > If there really is a use case, let's try and get a block allocated,
> > and encourage folk to anycast -> null0 for this.
> https://github.com/ableyjoe/draft-jabley-well-known-sinkhole
> Needs text. Not submitted. Co-authors welcome.

   A common method for dealing with unwanted traffic is to direct that
   traffic at nominated addresses within a network that are null-routed;
   that is, packets with such destination addresses are discarded
   silently by routers with a null route for that destination
   configured.  These addresses are colloquially known as sinkholes, by
   analogy with the same term used in Physical Geography to describe a
   hole in the ground formed by some form of collapse of the surface
   layer, into which objects may fall and be lost forever.

My colloquial understanding is that a "blackhole" discards traffic while
a "sinkhole" is a routed network address which gathers information from
the inbound packets.  Some even use the term "sinkhole" to mean a
network address that returns application-specific responses.  E.g., the
Conficker Working Group deployed "HTTP sinkholes" which listen on 80/tcp
and capture HTTP requests from infected hosts.

So, I would consider s/sinkhole/blackhole/g, at least.

Robert Edmonds

More information about the dns-operations mailing list