New category "Non-ccTLDs"

Follow
Avatar
hp551

In addition to regular ccTLDs there are more than1000 other TLDs like .biz or. info or (more exotic) .xn--11b4c3d.

Typically I don't need these TLDs, so I want to block them all by default and allow only a few exemptions in the whitelist.

For doing this, I would need a new blocking category "Non-ccTLDS".

The definition of this new category would be very easy and I wouldn't have to follow up the continued release of new TLDs anymore.

4

Comments

4 comments

Sort by Date Votes
  • Avatar
    hp551 (Edited )

    The problem is that the category blocking doesn't work for TLDs in the whitelist-only mode.

    Let's assume that I whitelist the TLDs .uk and .org, but at the same time I want to block porn and webspam.
    The block will not apply to .uk and .org.

    My suggested category would enable all customers to have a more granular control over the insanely increasing number of TLDs.

    There are roughly 1,500 TLDs (about 300 ccTLDs and 1,200 non-ccTLDs).

    Blocking the appr.1,200 non-ccTLDs per category means that you gain back control over the lion-share of TLDs, while you can still block further ccTLDs and categories...but also whitelist some non-ccTLDs or domains that you find useful.

    That all being said, I just realize that the TLDs .com and .net are also non-ccTLDs, right?

    In order to avoid jeopardising the category blocking, I would therefore suggest a category "All non-ccTLDs except .com and .net".

    Users will probably immediately start to whitelist popular non-ccTLDs like .org or .edu or .gov, but overall this will not much lower the effectiveness of category blocking.

    The disadvantage of this category could be that a consumer product like "OpenDNS VIP" will offer similar granularity like an enterprise product such as "Umbrella".

    On the other hand, I could imagine that also the enterprise customers would appreciate the new category, and -again- the problem is basically the increasing number of non-ccTLDs.

    2
    Comment actions Permalink
  • Avatar
    tps0

    Relevant data to this:

    https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/

    2
    Comment actions Permalink
  • Avatar
    rotblitz

    New categories can be suggested at https://community.opendns.com/domaintagging/categories#suggest

    "I want to block them all by default and allow only a few exemptions in the whitelist.  For doing this, I would need a new blocking category"

    No, you need OpenDNS VIP which comes with whitelist-only mode.  As it exists what you want, you'll most likely not get such a category you're looking for.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Agreed.  Your idea got my vote.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post