1

Smarter parked domain detection

I'm not sure what NextDNS use for parked domain detection, but some simple algorithm improvement can help a lot.

Right now both paint.net and cyber.io are parked by GoDaddy (and undetected as such by NextDNS). They have fingerprints that are easy to detect :

  • Naked domain resolve to 34.102.136.180
  • www resolve to CNAME of the naked domain
  • All path return HTTP 200

Meanwhile, meds.org and cheapmeds.org are parked by Sedo (also undetected as such by NextDNS). Their fingerprints are :

  • Naked and any subdomain resolve to 91.195.241.137
  • All path return HTTP 403

The detection can be layered, so only check for subdomains and random path/subdomain if the naked domain resolves to known IP. To maintain the known IP list, regularly check for some ridiculously overpriced parked domains so there's little risk of someone actually decide to buy it, plus a sanity check for them in case the parking service change their method entirely.

I don't know how much benefit will the user get from this, and if your internal log even shows people use parked domain filter that much, but hopefully this can be useful.

1 reply

null
    • Mitchell_Parks
    • 3 yrs ago
    • Reported - view

    It must be hard to detect Martheen, other (cough cough competitor DNS filters do it stupidly, if they haven't seen the query in 30 days, its new. Nextdns.io competitors or at least one of them is an idiot. That's not what 'New Domain' means at least to me in America in English. haha Thanks for the idea.

Content aside

  • 1 Likes
  • 3 yrs agoLast active
  • 1Replies
  • 169Views
  • 2 Following