Which tool is used to block suspicious DNS queries by domain names rather than by IP addresses?

The tool used to block suspicious DNS queries by domain names, rather than by IP addresses, is a DNS sinkhole.

A DNS sinkhole is specifically designed to intercept DNS queries for known malicious domains and redirect them to a safe destination. This can prevent devices on your network from connecting to malicious sites, even if the IP addresses of those sites change. It works by responding to specific DNS requests with a false IP address, effectively directing traffic away from potentially harmful domains.

The other tools mentioned serve different purposes:

• BGP Black Hole: This is a technique used to stop malicious traffic by null routing it at the ISP level using the Border Gateway Protocol (BGP). It blocks traffic based on IP addresses, not domain names.
• Firewall: A firewall typically controls incoming and outgoing network traffic based on predetermined security rules and can block traffic based on IP addresses or ports, but it’s not primarily used for blocking based on domain names.
• IPS (Intrusion Prevention System): An IPS monitors network traffic to actively prevent and respond to intrusions. While it can use various criteria to block traffic, including signatures of known threats, it’s not specifically designed to block DNS queries by domain name like a DNS sinkhole.