mirror of
https://github.com/yokoffing/NextDNS-Config.git
synced 2025-11-18 16:45:35 -05:00
Make superscript links uniformed
This commit is contained in:
yokoffing
49
README.md
49
README.md
@@ -6,32 +6,31 @@
|
||||
***
|
||||
|
||||
# Security
|
||||
### Threat Intelligence Feeds <sup>[1](https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json)</sup>
|
||||
### Threat Intelligence Feeds <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json)</sup></sup>
|
||||
 Use Threat Intelligence Feeds
|
||||
### AI-Driven Threat Detection
|
||||
 Enable AI-Driven Threat Detection
|
||||
### Google Safe Browsing
|
||||
### Google Safe Browsing <sup><sup> [1](https://safebrowsing.google.com/safebrowsing/report_general/) [2](https://user-images.githubusercontent.com/11689349/107696360-d8dde800-6c7f-11eb-9882-cccc8d2065c5.jpg) [3](https://the8-bit.com/apple-proxies-google-safe-browsing-privacy/) [4](https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)#services-we-proxy-through-brave-servers) </sup>
|
||||
 Enable Google Safe Browsing
|
||||
### Cryptojacking Protection <sup>[1](https://github.com/nextdns/metadata/blob/master/security/cryptojacking.json)</sup>
|
||||
### Cryptojacking Protection <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/cryptojacking.json)</sup></sup>
|
||||
 Enable Cryptojacking Protection
|
||||
### DNS Rebinding Protection
|
||||
### DNS Rebinding Protection <sup><sup>[1](https://help.nextdns.io/t/35hmval/what-is-dns-rebinding-protection)</sup></sup>
|
||||
 Enable DNS Rebinding Protection → :radioactive: *Enabling may cause breakage (unlikely)*
|
||||
### IDN Homograph Attacks Protection
|
||||
 Enable Homograph Attacks Protection
|
||||
### Typosquatting Protection <sup>[1](https://github.com/nextdns/metadata/blob/master/security/typosquatting/protected-domains)</sup>
|
||||
### Typosquatting Protection <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/typosquatting/protected-domains)</sup></sup>
|
||||
 Enable Typosquatting Protection
|
||||
### Domain Generation Algorithms (DGAs) Protection
|
||||
 Enable DGA Protection
|
||||
### Block Newly Registered Domains (NRDs) <sup>[1](https://www.malwarebytes.com/glossary/phishing) [2](https://old.reddit.com/r/uBlockOrigin/comments/w64sqt/comment/ihboutk/?context=3) [3](https://www.boldgrid.com/instagram-influencer-accounts-are-being-hacked-phishing-attacks/) </sup>
|
||||
### Block Newly Registered Domains (NRDs) <sup><sup>[1](https://www.malwarebytes.com/glossary/phishing) [2](https://old.reddit.com/r/uBlockOrigin/comments/w64sqt/comment/ihboutk/?context=3) [3](https://www.boldgrid.com/instagram-influencer-accounts-are-being-hacked-phishing-attacks/) </sup></sup>
|
||||
 Block Newly Registered Domains (NRDs) → :radioactive: *Enabling may cause breakage*
|
||||
<br>
|
||||
<br>Blocking NRDs will cause false positives [occasionally](https://old.reddit.com/r/InternetIsBeautiful/comments/w2wdro/comment/iguvg8y/?context=3); however, if you are comfortable allowlisting, it is **strongly encouraged** that you enable this. Add NRDs to your allowlist selectively; and if you do, **NEVER** give sensitive information to a NRD.
|
||||
|
||||
### Block Dynamic DNS Hostnames <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/ddns/suffixes) [2](https://twitter.com/NextDNS/status/1541740963760144386?cxt=HHwWhIC8iZ7PruUqAAAA) [3](https://www.phishing.org/what-is-phishing) </sup></sup>
|
||||
 Enable Block Dynamic DNS Hostnames
|
||||
### Block Parked Domains <sup>[1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname)</sup>
|
||||
### Block Parked Domains <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname)</sup>
|
||||
 Block Parked Domains
|
||||
### Block Top-Level Domains (TLDs) <sup>[1](https://www.gomyitguy.com/blog-news-updates/malicious-domain-extensions) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://thrivemyway.com/info-websites/) [4](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/)</sup>
|
||||
### Block Top-Level Domains (TLDs) <sup><sup>[1](https://www.gomyitguy.com/blog-news-updates/malicious-domain-extensions) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://thrivemyway.com/info-websites/) [4](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/)</sup>
|
||||
:radioactive: *Enabling may cause breakage*
|
||||
|
||||
```
|
||||
@@ -57,14 +56,16 @@
|
||||
***
|
||||
|
||||
# Privacy
|
||||
### Blocklists <sup>[1](https://github.com/nextdns/metadata/tree/master/privacy/blocklists)</sup>
|
||||
### Blocklists <sup><sup>[1](https://github.com/nextdns/metadata/tree/master/privacy/blocklists)</sup>
|
||||
|
||||
Use **1Hosts (Lite)** instead of **1Hosts (Pro)** if you do not [report](https://github.com/badmojr/1Hosts/issues) false positives and add to the allowlist.
|
||||
|
||||
NextDNS Ads & Trackers Blocklist
|
||||
oisd
|
||||
1Hosts (Lite)
|
||||
1Hosts (Pro)
|
||||
|
||||
Use **1Hosts (Pro)** instead of **(Lite)** if you don't mind allowlisting occasionally and [reporting](https://github.com/badmojr/1Hosts/issues) false positives.
|
||||
|
||||
### Native Tracking Protection <sup>[1](https://github.com/nextdns/metadata/tree/master/privacy/native)</sup>
|
||||
### Native Tracking Protection <sup><sup>[1](https://github.com/nextdns/metadata/tree/master/privacy/native)</sup>
|
||||
:radioactive: *Enabling may cause breakage (unlikely)*
|
||||
|
||||
Add these brands according to what devices you use. There's no advantage in adding brands you don't own; however, there’s no disadvantage in adding unused brands either.
|
||||
@@ -78,7 +79,7 @@ Add these brands according to what devices you use. There's no advantage in addi
|
||||
Roku
|
||||
Sonos
|
||||
|
||||
### Block Disguised Third-Party Trackers <sup>[1](https://github.com/nextdns/cname-cloaking-blocklist/blob/master/domains) [2](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a)</sup>
|
||||
### Block Disguised Third-Party Trackers <sup><sup>[1](https://github.com/nextdns/cname-cloaking-blocklist/blob/master/domains) [2](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a) [3](https://arxiv.org/pdf/2102.09301.pdf) [4](https://tma.ifip.org/2020/wp-content/uploads/sites/9/2020/06/tma2020-camera-paper66.pdf) </sup></sup>
|
||||
 Block Disguised Third-Party Trackers
|
||||
|
||||
### Allow Affiliate & Tracking Links <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/privacy/affiliate-tracking-domains) [2](https://twitter.com/NextDNS/status/1539229377560461312) </sup></sup>
|
||||
@@ -89,7 +90,7 @@ Add these brands according to what devices you use. There's no advantage in addi
|
||||
# Parental Control
|
||||
### YouTube Restricted Mode
|
||||
 Enforce YouTube Restricted Mode → :radioactive: *Enabling may cause breakage*
|
||||
### Block Bypass Methods <sup>[1](https://github.com/nextdns/metadata/tree/master/parentalcontrol)</sup>
|
||||
### Block Bypass Methods <sup><sup>[1](https://github.com/nextdns/metadata/tree/master/parentalcontrol)</sup>
|
||||
 Block Bypass Methods → :radioactive: *Enabling may cause breakage*
|
||||
|
||||
***
|
||||
@@ -105,32 +106,32 @@ Add these brands according to what devices you use. There's no advantage in addi
|
||||
|
||||
graph.facebook.com
|
||||
|
||||
### Apple device updates <sup>[1](https://github.com/badmojr/1Hosts/issues/536)</sup> | Apple Music <sup>[2](https://old.reddit.com/r/nextdns/comments/vz9kla/at_last_nextdns_added_the_1host_xtra/ig8zsnn/)</sup>
|
||||
### Apple device updates <sup><sup>[1](https://github.com/badmojr/1Hosts/issues/536)</sup> </sup> / Apple Music <sup><sup>[2](https://old.reddit.com/r/nextdns/comments/vz9kla/at_last_nextdns_added_the_1host_xtra/ig8zsnn/)</sup></sup>
|
||||
|
||||
xp.apple.com
|
||||
|
||||
### Apple iMessage GIFs <sup>[1](https://github.com/badmojr/1Hosts/issues/560)</sup> | Spotlight Search <sup>[2](https://github.com/badmojr/1Hosts/issues/562)</sup>
|
||||
### Apple iMessage GIFs <sup><sup>[1](https://github.com/badmojr/1Hosts/issues/560)</sup></sup> / Spotlight Search <sup><sup>[2](https://github.com/badmojr/1Hosts/issues/562)</sup></sup>
|
||||
|
||||
smoot.apple.com
|
||||
|
||||
### Zoom <sup>[1](https://oisd.nl/excludes.php?w=log.zoom.us) [2](https://oisd.nl/excludes.php?w=us04logfiles.zoom.us)
|
||||
### Zoom <sup><sup>[1](https://oisd.nl/excludes.php?w=log.zoom.us) [2](https://oisd.nl/excludes.php?w=us04logfiles.zoom.us)</sup></sup>
|
||||
Zoom untrusted certificate error messages when [Block Page](https://github.com/yokoffing/NextDNS-Config#block-page) is enabled.
|
||||
|
||||
logfiles.zoom.us
|
||||
us04logfiles.zoom.us
|
||||
us04zpns.zoom.us
|
||||
|
||||
### CBS News [livestream](https://www.cbsnews.com/live/#x) <sup>[1](https://github.com/nextdns/metadata/issues/1030)</sup>
|
||||
### [CBS](https://www.cbsnews.com/live/#x) News livestream <sup><sup>[1](https://github.com/nextdns/metadata/issues/1030)</sup></sup>
|
||||
|
||||
production-cmp.isgprivacy.cbsi.com
|
||||
|
||||
### Microsoft Office 365 <sup>[1](https://github.com/badmojr/1Hosts/issues/565) [2](https://oisd.nl/excludes.php?w=mobile.pipe.aria.microsoft.com)</sup>
|
||||
### Microsoft Office 365 <sup><sup>[1](https://github.com/badmojr/1Hosts/issues/565) [2](https://oisd.nl/excludes.php?w=mobile.pipe.aria.microsoft.com)</sup></sup>
|
||||
Disclaimer: You may only want to allowlist these requests if you're using the file collaboration features.
|
||||
|
||||
self.events.data.microsoft.com
|
||||
mobile.pipe.aria.microsoft.com
|
||||
|
||||
### Xbox Live achievements <sup>[1](https://github.com/lightswitch05/hosts/issues/161#issuecomment-614973289) [2](https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212#xbox-live-18)</sup> | Microsoft "Your Phone" <sup>[3](https://github.com/lightswitch05/hosts/issues/161#issuecomment-838590100)</sup>
|
||||
### Xbox Live achievements <sup><sup>[1](https://github.com/lightswitch05/hosts/issues/161#issuecomment-614973289) [2](https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212#xbox-live-18)</sup></sup> / Microsoft "Your Phone" <sup><sup>[3](https://github.com/lightswitch05/hosts/issues/161#issuecomment-838590100)</sup></sup>
|
||||
Disclaimer: I don't use these, so I can't confirm these entries.
|
||||
|
||||
v10.events.data.microsoft.com
|
||||
@@ -140,12 +141,12 @@ Disclaimer: I don't use these, so I can't confirm these entries.
|
||||
|
||||
# Settings
|
||||
### Block Page
|
||||
 Enable Block Page → :radioactive: *Enabling may cause breakage if the NextDNS Root CA is not on your devices*
|
||||
### Anonymized EDNS Client Subnet
|
||||
 Enable Block Page → :radioactive: *Enabling may cause breakage if the [NextDNS Root CA](https://help.nextdns.io/t/g9hmv0a/how-to-install-and-trust-nextdns-root-ca) is not on your devices*
|
||||
### Anonymized EDNS Client Subnet <sup><sup>[1](https://help.nextdns.io/t/m1hmv04/what-is-edns-client-subnet-ecs) </sup></sup>
|
||||
 Enable Anonymized EDNS Client Subnet
|
||||
### Cache Boost
|
||||
 Enable Cache Boost
|
||||
### CNAME Flattening
|
||||
### CNAME Flattening <sup><sup>[1](https://medium.com/nextdns/nextdns-added-cname-uncloaking-support-becomes-the-first-cross-platform-solution-to-the-problem-e3f437f84342) [2](https://developers.cloudflare.com/dns/additional-options/cname-flattening) [3](https://advancedweb.hu/what-is-cname-flattening-and-how-it-helps-redirecting-the-apex-domain/) </sup></sup>
|
||||
 Enable CNAME Flattening
|
||||
### Web3 <sup><sup> [1](https://twitter.com/NextDNS/status/1491034351391305731) </sup> </sup>
|
||||
 Enable Web3
|
||||
|
||||
Reference in New Issue
Block a user