DNS Sinkhole

A DNS sinkhole is a resolver that intentionally answers queries for malicious or unwanted domains with a controlled IP, usually `0.0.0.0`, `127.0.0.1`, or an internal collector that logs the attempt. When malware on an endpoint tries to reach its command-and-control hostname, the sinkhole answers with a dead address and the callback fails. It is the same primitive used by Pi-hole, NextDNS, and enterprise security DNS products to block ads, trackers, and phishing. Sinkholes are also how takedown operations like Conficker's stay effective: the original C2 names still resolve, but to researcher-controlled IPs.