Allow blocking of all Punycode domains
Punycode domains are commonly used to impersonate real domains (e.g. They always start with xn--, so NextDNS could just have the option to outright block these domains. I would suggest a list for this purpose but it would be impossible to keep track of every registered Punycode domain. I tried adding 'xn--*.*' to the blocklist but it did not see it as a valid domain.
3 replies
This is what "IDN Homograph Attacks Protection" does by dynamically block punycode domains that impersonate their non IDN counterparts.
Dns doesn’t block URLs. It blocks DNS (domains). They’re not the same.
However, it sounds like this might be what you’re looking for:
IDN Homograph Attacks Protection, Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDNs) — e.g. replacing the Latin letter "e" with the Cyrillic letter "е".
Look in Security Settings
Content aside
- 3 yrs agoLast active
- 3Replies
- 201Views