15

Block all TLD by default, allow by exception

There are a crazy amount of useless TLDs on the internet.

Would like to see an option to block all TLDs and create an allow list. Maybe have a default allow list of the most commonly used (.com, .net, .gov, .org) and allow users to add whatever country codes or others they want)

7 replies

null
    • romain
    • 3 yrs ago
    • Official response
    • Reported - view

    We will soon improve that TLD selection modal, with "group" checkbox (so you can mass select/unselect all the new gTLDs for example, or select all easily and then unselect the one you don't want to block).

      • Calvin_Hobbes
      • 3 yrs ago
      • Reported - view

      Romain Cointepas will newly created gTLDs be blocked by default?

      • strawberry_chair
      • 8 mths ago
      • Reported - view

       

      We will soon improve that TLD selection modal, with "group" checkbox (so you can mass select/unselect all the new gTLDs for example, or select all easily and then unselect the one you don't want to block).

      Any update on this topic, I really would love to see that feature and to me it doesn't look like it should be something which is superhard to implement. 

      Maybe a workarround would be to be able to add a blocklist named "Block all TLDs" which has all TLDs in it and then we can choose to either whitelist/allowlist the TLD we want.

    • Kummas
    • 2 yrs ago
    • Reported - view

    There are bunch of .lan TLD spamming my logs. Is there anyway to block TLD’s user defined ? Because ‘.lan’ is not available in the TLD list to block.

    • Coral_River
    • 1 yr ago
    • Reported - view

    I would like to suggest an additional option to block :
    1) all TLD in non Latin alphabet,
    2) all TLD which have 5 and more letters, as they are rarely used.

    • NDNS_User_000
    • 10 mths ago
    • Reported - view

    +1

    I'd love a default-deny - I currently need to spend 10 minutes ticking "ADD" for every TLD :)

    This would mean that I could easily have a highly restrictive system-level allow-list profile, and another far less restrictive profile for a web browser.

    And I'd also be interested in a new feature alongside having a default-deny policy: when a *new* domain is detected, and only the first time that domain is observed, send an alert email. It would be extremly useful in some use cases - for example, on an internet-facing server which should only ever be resolving a very small number of domains, and any queries beyond that small set would be a security alert.  However, I recognise that this may be awkward to implement and/or expensive in terms of resource, so "newly observed for this profile" alerting would very much be a wishlist feature. This could perhaps be accommodated with a query streaming type of log, so that these issues could be ingested into an on-prem SIEM.

Content aside

  • 15 Likes
  • 8 mths agoLast active
  • 7Replies
  • 631Views
  • 6 Following