"IDN Homograph Attacks Protection" breaking Norwegian domains

We use æøå in addition to a-z here, generally best practice for most sites is picking up both the real and "substituted" version and redirecting one to the other. However, NextDNS wants to block stuff like "lovløs.no/lovlos.no", which seems like a bit of an oversight at best. I've just turned the protection off, but considering it offers absolutely zero protection except kinda breaking for an entire country in these cases, it would be nice if it can be fixed.

4replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • We only block if the IDN version points to a different target than the non IDN version. For some reason, this website is using different IPs which triggers the protection.

      • r l
      • r_l
      • 2 wk ago
      • Reported - view

      NextDNS I'd have to dig around for examples, but this has absolutely come up several times before too. If someone uses a redirect service of some kind (Very common, people just set the redirect in their registrar admin panel and let them handle it.), it probably shouldn't just hard block that? This is a very common use case here :).

      Really, I'd argue o/ø and a/å should just be excluded under .no, considering there is nothing homograph-y about those here. (Probably also .dk)

    • r l squatting is often done by using legitimate spelling with alternate alphabet. Allowing these would create a hole in the protection. When you have examples of false positives like that, please report them here so we can study them and improve our solution.

      Like 1
      • r l
      • r_l
      • 12 days ago
      • Reported - view

      NextDNS Just from looking at my logs:
      rødt.no (Political party, fwiw. Redirects to main "roedt.no" domain)

      It's pretty much standard/best practice here ( _under .no, of course_ )

Like Follow
  • 12 days agoLast active
  • 4Replies
  • 47Views
  • 2 Following