Post AcXzczJA4ibrrfPp5M by andreagrandi@mastodon.social
(DIR) More posts by andreagrandi@mastodon.social
(DIR) Post #AcXtsNfLCEya1lkL1E by simon@fedi.simonwillison.net
2023-12-06T21:51:52Z
0 likes, 0 repeats
Just learned that https://nextdns.io/ has a setting to block "Newly Registered Domains" - domains registered in the past 30 daysWhich means if you want users of that service to be able to use your new thing need to register the domain name for it 30 days in advance of launch
(DIR) Post #AcXuH07RsaBMEqdKgy by parkr@fosstodon.org
2023-12-06T21:55:42Z
0 likes, 0 repeats
@simon meant to block brand new phishing domains or something? Seems like a pretty blunt instrument…
(DIR) Post #AcXujseIjS31T5lqPg by glyph@mastodon.social
2023-12-06T22:01:47Z
0 likes, 0 repeats
@simon what do you mean by a "setting"?
(DIR) Post #AcXutjv62dWnI7KNv6 by GLFC@mstdn.starnix.network
2023-12-06T22:05:37Z
0 likes, 0 repeats
@simon Umbrella does that for seven days, IIRC.
(DIR) Post #AcXvxWu4TjNW29Df84 by jannem@fosstodon.org
2023-12-06T22:15:22Z
0 likes, 0 repeats
@simon Seems a lot of dodgy places (phishing sites and so on) that need hundreds or thousands of new domains all the time never actually pay for a domain. They borrow a new domain for a couple of weeks then return it unpaid.This would put a pretty effective stop to that.
(DIR) Post #AcXwbHMdfkINQHXGkK by jahanson@infosec.exchange
2023-12-06T22:18:19Z
0 likes, 0 repeats
@glyph a toggle whether to filter domains and point them to 0.0.0.0 if they’re <30 days old
(DIR) Post #AcXwbICOZJhC0nkbQ0 by glyph@mastodon.social
2023-12-06T22:19:36Z
0 likes, 0 repeats
@jahanson if it’s a toggle, wouldn’t you just … turn it off?
(DIR) Post #AcXwbJ1nUCoQaDneXQ by simon@fedi.simonwillison.net
2023-12-06T22:20:11Z
0 likes, 0 repeats
@glyph @jahanson apparently some people like that feature and deliberately turn it on!
(DIR) Post #AcXwbK65Vjq3tooarg by glyph@mastodon.social
2023-12-06T22:20:47Z
0 likes, 0 repeats
@jahanson oh, sorry, I misunderstood the purpose of NextDNS here. Your users might be using it, not your host.
(DIR) Post #AcXx0cGF7DdjTNcqO0 by scottwilson@infosec.exchange
2023-12-06T22:22:10Z
0 likes, 0 repeats
@simon Yes, and I believe other tools can do this also - OpenDNS/Umbrella, NextDNS, Quad9, Cloudflare.
(DIR) Post #AcXxEVAgGtmXXSe3km by matt@toot.cafe
2023-12-06T22:29:06Z
0 likes, 0 repeats
@simon @glyph @jahanson Given that nextdns's tagline is "The new firewall for the modern Internet.", I'm guessing this feature is a form of security theater, a way of trying to guard against phishing and other attacks that use ephemeral domains.
(DIR) Post #AcXzczJA4ibrrfPp5M by andreagrandi@mastodon.social
2023-12-06T22:56:52Z
0 likes, 0 repeats
@simon @glyph @jahanson I do love this feature and I intentionally enabled it ages ago. When someone opens a new service or launch a blog, I just add the domain to the Allow List and I can connect to it.
(DIR) Post #Aca0JkDtJpekRmV13Q by arathunku@mastodon.social
2023-12-07T20:24:37Z
0 likes, 0 repeats
@simon It saved me once, half asleep I've clicked a malicious link, OK my mistake. Then I checked the domain after 30 days, in that time other security filters picked it up and blocked it. 😃
(DIR) Post #AcjVBEvwc9H05cAWVE by iamvlaaaaaaad@hachyderm.io
2023-12-12T12:12:07Z
0 likes, 0 repeats
@simon often big corporations also have rules like this. It was such an unexpected blocker!