0

Allow blocking of all Punycode domains

Punycode domains are commonly used to impersonate real domains (e.g. https://arstechnica.com/gadgets/2021/07/with-help-from-google-impersonated-brave-com-website-pushes-malware/). They always start with xn--, so NextDNS could just have the option to outright block these domains. I would suggest a list for this purpose but it would be impossible to keep track of every registered Punycode domain. I tried adding 'xn--*.*' to the blocklist but it did not see it as a valid domain.

3 replies

null
    • NextDNs
    • 3 yrs ago
    • Reported - view

    This is what "IDN Homograph Attacks Protection" does by dynamically block punycode domains that impersonate their non IDN counterparts.

    • Calvin_Hobbes
    • 3 yrs ago
    • Reported - view

    Dns doesn’t block URLs.  It blocks DNS (domains).  They’re not the same.

    However, it sounds like this might be what you’re looking for: 

    IDN Homograph Attacks Protection, Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDNs) — e.g. replacing the Latin letter "e" with the Cyrillic letter "е".

    Look in Security Settings 

      • Max_Isaac
      • 3 yrs ago
      • Reported - view

      Calvin Hobbes I meant domains. Thanks for the setting, will check it out.

Login to reply

Content aside

  • 3 yrs agoLast active
  • 3Replies
  • 198Views
  • 3 Following