It would be a great idea to be able to block all new domains (that are allowed by upstream resolvers) until x-amount/days old.
This might be outside the control of Adamnetworks but if it would be something that could be implemented with DNSharmony, it would get rid of phishing and spam domains.
With DNSHarmony you could find an upstream resolver that has such a feature. For example create a policy on dnsfilter.com that blocks “Uncategorized” domains and point your DNSHarmony to use it as one of the forwarders.
It has been my experience with dnsfilter that domains still need to be added to the new domain category. It is not always the case we’re a new domain will get added to that category. Such as, when the domain has a TLD of ‘.ca’, which is the country code for Canada, and domains with this TLD are not included in the NewDomain categorization data.
This was my experience from a few years back. Maybe things have changed.
Another option is controld which has a “new domains” category.
It seams both ControlD and DNSFilter are paid DNS options.
A free alternative is cloudfare Zero Trust Gateway. The offer quite a few categories with one being new domains as well.
@atw when adding a custom resolver, what is the difference between choosing No Filtering and actually adding ipv4/6 IPs?
Cloudfare says this in their documentation:
Gateway responds to any domain blocked at the DNS level with 0.0.0.0 for IPv4 queries or :: for IPv6 queries, and does not return that blocked domain’s IP address.
Is this correct?
If you say “No filtering” and the resolver does block stuff, those blocks will not be detected and as a result not show up as blocked traffic.
You would want to set the filtering method as “Blocks using Specific IPs” and then enter 0.0.0.0/32 and ::/128 in the subnets option.