Block all TLD by default, allow by exception

There are a crazy amount of useless TLDs on the internet.

Would like to see an option to block all TLDs and create an allow list. Maybe have a default allow list of the most commonly used (.com, .net, .gov, .org) and allow users to add whatever country codes or others they want)

8replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • We will soon improve that TLD selection modal, with "group" checkbox (so you can mass select/unselect all the new gTLDs for example, or select all easily and then unselect the one you don't want to block).

    Like 9
    • Romain Cointepas will newly created gTLDs be blocked by default?

      Like 1
      • Mazhar
      • Mazhar
      • 9 mths ago
      • 2
      • Reported - view

      Romain Cointepas Can I track the progress on this proposal?

      Like 2
      • Brandon
      • wreckedcarzz
      • 2 wk ago
      • Reported - view

      Romain Cointepas any news on this?

  • There are bunch of .lan TLD spamming my logs. Is there anyway to block TLD’s user defined ? Because ‘.lan’ is not available in the TLD list to block.

  • I would like to suggest an additional option to block :
    1) all TLD in non Latin alphabet,
    2) all TLD which have 5 and more letters, as they are rarely used.

    Like 1
  • +1

    I'd love a default-deny - I currently need to spend 10 minutes ticking "ADD" for every TLD :)

    This would mean that I could easily have a highly restrictive system-level allow-list profile, and another far less restrictive profile for a web browser.

    And I'd also be interested in a new feature alongside having a default-deny policy: when a *new* domain is detected, and only the first time that domain is observed, send an alert email. It would be extremly useful in some use cases - for example, on an internet-facing server which should only ever be resolving a very small number of domains, and any queries beyond that small set would be a security alert.  However, I recognise that this may be awkward to implement and/or expensive in terms of resource, so "newly observed for this profile" alerting would very much be a wishlist feature. This could perhaps be accommodated with a query streaming type of log, so that these issues could be ingested into an on-prem SIEM.

Like16 Follow
  • 2 wk agoLast active
  • 8Replies
  • 406Views
  • 6 Following