0

Allow blocking of all Punycode domains

Punycode domains are commonly used to impersonate real domains (e.g. https://arstechnica.com/gadgets/2021/07/with-help-from-google-impersonated-brave-com-website-pushes-malware/). They always start with xn--, so NextDNS could just have the option to outright block these domains. I would suggest a list for this purpose but it would be impossible to keep track of every registered Punycode domain. I tried adding 'xn--*.*' to the blocklist but it did not see it as a valid domain.

3replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • This is what "IDN Homograph Attacks Protection" does by dynamically block punycode domains that impersonate their non IDN counterparts.

    Like 1
  • Dns doesn’t block URLs.  It blocks DNS (domains).  They’re not the same.

    However, it sounds like this might be what you’re looking for: 

    IDN Homograph Attacks Protection, Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDNs) — e.g. replacing the Latin letter "e" with the Cyrillic letter "е".

    Look in Security Settings 

    Like
      • Max Isaac
      • Max_Isaac
      • 4 mths ago
      • Reported - view

      Calvin Hobbes I meant domains. Thanks for the setting, will check it out.

      Like
Like Follow
  • 4 mths agoLast active
  • 3Replies
  • 67Views
  • 3 Following