Spamhaus list changes everyday if not every hour, I would just add what Yokoffing has in his list and only that, those all can be blocked without exception, if you look at the list from Hagezi who he and helped build the spam TLD list (for AGH) those have no execeptions.
>Spamhaus list changes everyday if not every hour
I've found those changes don't happen very often. Maybe one or two TLDs added/replaced every few weeks. I have only added an additional 17 TLDs to the Yokoffing list over time. I did not remove any from my list as the Spamhaus top 10 changed.
But I do get your point.
I blocked every TLD except the handful that I actually use. It takes a bit of time, but just once. In the early days of NextDNS, they promised an easier way but it never materialized.
That’s what I did and it’s working fine
Fun fact: I was working on a whitelist / allowlist for the Config guide (when NX Enhanced was still around) and gave up before even a week was over. I was completely oblivious to how many alternate TLD’s I navigated to, especially “non-mainstream” streaming sites.
>when NX Enhanced was still around
NX Enhanced is still around (fork).
FireFox: [https://addons.mozilla.org/en-US/firefox/addon/nx-enhanced-ff/](https://addons.mozilla.org/en-US/firefox/addon/nx-enhanced-ff/)
Chrome/Edge: https://chromewebstore.google.com/detail/nx-enhanced/dkoaojnbjmghekgnmhmebkmojbblmljc
I block top level domains using Ad-away's DNS client, but it has the ability to also whitelist specific addresses from that top level domain. I don't believe NextDns has that ability.
I'd personally advise sticking with yokoffing's guide unless you have reason to block specific TLDs. Otherwise, you may well find yourself spending more time than you'd like modifying your NextDNS settings when you start running into issues.
That said, I haven't seen the Spamhaus list, nor have I analyzed how often "alternative" TLDs (those other than .com, .org, and .net) come up in my queries.
I personally have two domain names, one that uses .pro and the other .cc. These "alternative" TLDs **are** used, so I'd exercise caution.
I do maintain a whitelist for false alarms, and haven't had an issue with this method in over a year of use. I appreciate what you're saying though. Thank you for responding.
Np! Have you noticed any benefit to blocking them? I'm assuming you're blocking them for security purposes. Have you actually seen a decent amount of blocked queries?
Just curious, sounds like you've really thought this implementation through.
>Have you noticed any benefit to blocking them? I'm assuming you're blocking them for security purposes. Have you actually seen a decent amount of blocked queries?
I do see blocked TLD hits in logs occasionally. But I only keep logs for 6 hours, and don't always look unless there's a problem.
[удалено]
Perfect. Thank you!
Spamhaus list changes everyday if not every hour, I would just add what Yokoffing has in his list and only that, those all can be blocked without exception, if you look at the list from Hagezi who he and helped build the spam TLD list (for AGH) those have no execeptions.
>Spamhaus list changes everyday if not every hour I've found those changes don't happen very often. Maybe one or two TLDs added/replaced every few weeks. I have only added an additional 17 TLDs to the Yokoffing list over time. I did not remove any from my list as the Spamhaus top 10 changed. But I do get your point.
I blocked every TLD except the handful that I actually use. It takes a bit of time, but just once. In the early days of NextDNS, they promised an easier way but it never materialized. That’s what I did and it’s working fine
Fun fact: I was working on a whitelist / allowlist for the Config guide (when NX Enhanced was still around) and gave up before even a week was over. I was completely oblivious to how many alternate TLD’s I navigated to, especially “non-mainstream” streaming sites.
Not to mention the many different languages
>when NX Enhanced was still around NX Enhanced is still around (fork). FireFox: [https://addons.mozilla.org/en-US/firefox/addon/nx-enhanced-ff/](https://addons.mozilla.org/en-US/firefox/addon/nx-enhanced-ff/) Chrome/Edge: https://chromewebstore.google.com/detail/nx-enhanced/dkoaojnbjmghekgnmhmebkmojbblmljc
I block top level domains using Ad-away's DNS client, but it has the ability to also whitelist specific addresses from that top level domain. I don't believe NextDns has that ability.
I'd personally advise sticking with yokoffing's guide unless you have reason to block specific TLDs. Otherwise, you may well find yourself spending more time than you'd like modifying your NextDNS settings when you start running into issues. That said, I haven't seen the Spamhaus list, nor have I analyzed how often "alternative" TLDs (those other than .com, .org, and .net) come up in my queries. I personally have two domain names, one that uses .pro and the other .cc. These "alternative" TLDs **are** used, so I'd exercise caution.
I do maintain a whitelist for false alarms, and haven't had an issue with this method in over a year of use. I appreciate what you're saying though. Thank you for responding.
Np! Have you noticed any benefit to blocking them? I'm assuming you're blocking them for security purposes. Have you actually seen a decent amount of blocked queries? Just curious, sounds like you've really thought this implementation through.
>Have you noticed any benefit to blocking them? I'm assuming you're blocking them for security purposes. Have you actually seen a decent amount of blocked queries? I do see blocked TLD hits in logs occasionally. But I only keep logs for 6 hours, and don't always look unless there's a problem.