
Block all TLD by default, allow by exception
There are a crazy amount of useless TLDs on the internet.
Would like to see an option to block all TLDs and create an allow list. Maybe have a default allow list of the most commonly used (.com, .net, .gov, .org) and allow users to add whatever country codes or others they want)
-
+1
I'd love a default-deny - I currently need to spend 10 minutes ticking "ADD" for every TLD :)
This would mean that I could easily have a highly restrictive system-level allow-list profile, and another far less restrictive profile for a web browser.
And I'd also be interested in a new feature alongside having a default-deny policy: when a *new* domain is detected, and only the first time that domain is observed, send an alert email. It would be extremly useful in some use cases - for example, on an internet-facing server which should only ever be resolving a very small number of domains, and any queries beyond that small set would be a security alert. However, I recognise that this may be awkward to implement and/or expensive in terms of resource, so "newly observed for this profile" alerting would very much be a wishlist feature. This could perhaps be accommodated with a query streaming type of log, so that these issues could be ingested into an on-prem SIEM.