Block all TLD by default, allow by exception
There are a crazy amount of useless TLDs on the internet.
Would like to see an option to block all TLDs and create an allow list. Maybe have a default allow list of the most commonly used (.com, .net, .gov, .org) and allow users to add whatever country codes or others they want)
-
We will soon improve that TLD selection modal, with "group" checkbox (so you can mass select/unselect all the new gTLDs for example, or select all easily and then unselect the one you don't want to block).
-
Romain Cointepas will newly created gTLDs be blocked by default?
-
Romain Cointepas Can I track the progress on this proposal?
-
Romain Cointepas any news on this?
-
-
There are bunch of .lan TLD spamming my logs. Is there anyway to block TLD’s user defined ? Because ‘.lan’ is not available in the TLD list to block.
-
Kummas that’s a reserved tld https://www.ietf.org/archive/id/draft-chapin-rfc2606bis-00.html
you’d be wise to find what’s causing those lookups. Consider enabling rebinding protection if you don’t understand what’s happening
-
-
I would like to suggest an additional option to block :
1) all TLD in non Latin alphabet,
2) all TLD which have 5 and more letters, as they are rarely used. -
+1
I'd love a default-deny - I currently need to spend 10 minutes ticking "ADD" for every TLD :)
This would mean that I could easily have a highly restrictive system-level allow-list profile, and another far less restrictive profile for a web browser.
And I'd also be interested in a new feature alongside having a default-deny policy: when a *new* domain is detected, and only the first time that domain is observed, send an alert email. It would be extremly useful in some use cases - for example, on an internet-facing server which should only ever be resolving a very small number of domains, and any queries beyond that small set would be a security alert. However, I recognise that this may be awkward to implement and/or expensive in terms of resource, so "newly observed for this profile" alerting would very much be a wishlist feature. This could perhaps be accommodated with a query streaming type of log, so that these issues could be ingested into an on-prem SIEM.
