New category "Non-ccTLDs"
In addition to regular ccTLDs there are more than1000 other TLDs like .biz or. info or (more exotic) .xn--11b4c3d.
Typically I don't need these TLDs, so I want to block them all by default and allow only a few exemptions in the whitelist.
For doing this, I would need a new blocking category "Non-ccTLDS".
The definition of this new category would be very easy and I wouldn't have to follow up the continued release of new TLDs anymore.
-
The problem is that the category blocking doesn't work for TLDs in the whitelist-only mode.
Let's assume that I whitelist the TLDs .uk and .org, but at the same time I want to block porn and webspam.
The block will not apply to .uk and .org.My suggested category would enable all customers to have a more granular control over the insanely increasing number of TLDs.
There are roughly 1,500 TLDs (about 300 ccTLDs and 1,200 non-ccTLDs).
Blocking the appr.1,200 non-ccTLDs per category means that you gain back control over the lion-share of TLDs, while you can still block further ccTLDs and categories...but also whitelist some non-ccTLDs or domains that you find useful.
That all being said, I just realize that the TLDs .com and .net are also non-ccTLDs, right?
In order to avoid jeopardising the category blocking, I would therefore suggest a category "All non-ccTLDs except .com and .net".
Users will probably immediately start to whitelist popular non-ccTLDs like .org or .edu or .gov, but overall this will not much lower the effectiveness of category blocking.
The disadvantage of this category could be that a consumer product like "OpenDNS VIP" will offer similar granularity like an enterprise product such as "Umbrella".
On the other hand, I could imagine that also the enterprise customers would appreciate the new category, and -again- the problem is basically the increasing number of non-ccTLDs.
-
Relevant data to this:
https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/
-
New categories can be suggested at https://community.opendns.com/domaintagging/categories#suggest
"I want to block them all by default and allow only a few exemptions in the whitelist. For doing this, I would need a new blocking category"
No, you need OpenDNS VIP which comes with whitelist-only mode. As it exists what you want, you'll most likely not get such a category you're looking for.
Please sign in to leave a comment.
Comments
4 comments