mirror of
https://github.com/yokoffing/NextDNS-Config.git
synced 2025-11-18 08:03:38 -05:00
separate TLDs into two lists
This commit is contained in:
yokoffing
67
README.md
67
README.md
@@ -43,50 +43,55 @@ Security settings protect your data from harm, theft, and unauthorized use.
|
|||||||
### Block Parked Domains <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname)</sup></sup>
|
### Block Parked Domains <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname)</sup></sup>
|
||||||
 Block Parked Domains
|
 Block Parked Domains
|
||||||
### Block Top-Level Domains (TLDs) <sup><sup>[1](https://webtribunal.net/blog/tld-statistics/) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/) [4](https://github.com/iam-py-test/my_filters_001/blob/main/enhanced_protection.txt) [5](https://github.com/DandelionSprout/adfilt/blob/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt) </sup></sup>
|
### Block Top-Level Domains (TLDs) <sup><sup>[1](https://webtribunal.net/blog/tld-statistics/) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/) [4](https://github.com/iam-py-test/my_filters_001/blob/main/enhanced_protection.txt) [5](https://github.com/DandelionSprout/adfilt/blob/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt) </sup></sup>
|
||||||
:warning: Blocking [TLDs](https://www.geeksforgeeks.org/components-of-a-url/) will cause [false positives](https://csrc.nist.gov/glossary/term/false_positive), as this feature blocks **both site nagviations and subrequests**. However, the entries below should allow for everyday browsing while offering protection against **commonly abused** TLDs. You may need to [allowlist](https://github.com/yokoffing/NextDNS-Config#allowlist-white_check_mark) sites on a rare occasion. *If you plan to [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, skip this setting.*
|
:warning: Blocking [TLDs](https://www.geeksforgeeks.org/components-of-a-url/) will cause [false positives](https://csrc.nist.gov/glossary/term/false_positive) since this feature blocks both site nagviations and subrequests. However, the entries below should allow for everyday browsing while offering protection against commonly abused TLDs. *If you plan to [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, skip this setting.*
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
```
|
```
|
||||||
optional = greater likelihood of breaking legitimate sites
|
|
||||||
|
|
||||||
.work
|
|
||||||
.fit
|
|
||||||
.surf
|
|
||||||
.tokyo
|
|
||||||
.cn
|
|
||||||
-
|
|
||||||
.agency
|
|
||||||
.associates
|
.associates
|
||||||
.bid
|
.bid
|
||||||
.buzz
|
.buzz
|
||||||
.cam
|
|
||||||
.casa
|
|
||||||
.cf (optional)
|
|
||||||
.ci
|
|
||||||
.cricket
|
.cricket
|
||||||
.discount
|
.discount
|
||||||
|
.gdn
|
||||||
|
.live
|
||||||
|
.loan
|
||||||
|
.loans
|
||||||
|
.ooo
|
||||||
|
.rest
|
||||||
|
.sbs
|
||||||
|
.wang
|
||||||
|
.webcam
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
|
:stop_sign: Here are additional TLDs you may block, but you may need to [allowlist](https://github.com/yokoffing/NextDNS-Config#allowlist-white_check_mark) sites on occasion:
|
||||||
|
|
||||||
|
<details>
|
||||||
|
|
||||||
|
```
|
||||||
|
.work
|
||||||
|
.fit
|
||||||
|
.surf
|
||||||
|
.asia
|
||||||
|
.tokyo
|
||||||
|
---
|
||||||
|
.agency
|
||||||
|
.cam
|
||||||
|
.casa
|
||||||
|
.cf
|
||||||
|
.ci
|
||||||
.financial
|
.financial
|
||||||
.fit
|
.fit
|
||||||
.fun
|
.fun
|
||||||
.ga (optional)
|
.ga
|
||||||
.gdn
|
|
||||||
.gq
|
.gq
|
||||||
|
.monster
|
||||||
|
.ml
|
||||||
.icu
|
.icu
|
||||||
.live
|
|
||||||
.loan
|
|
||||||
.ml (optional)
|
|
||||||
.monster (optional)
|
|
||||||
.online
|
|
||||||
.ooo
|
|
||||||
.pw (optional)
|
|
||||||
.rest
|
|
||||||
.sbs
|
|
||||||
.shop
|
.shop
|
||||||
.tk (optional)
|
|
||||||
.top (optional)
|
|
||||||
.wang
|
|
||||||
.webcam
|
|
||||||
.win
|
.win
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -106,7 +111,7 @@ Privacy is a [spectrum](https://blog.thenewoil.org/the-privacy-myth-binary-vs-sp
|
|||||||
|
|
||||||
Blocklists are community generated lists that block ads and [trackers](https://www.freecodecamp.org/news/what-you-should-know-about-web-tracking-and-how-it-affects-your-online-privacy-42935355525/). Filters can be categorized into five tiers of coverage:
|
Blocklists are community generated lists that block ads and [trackers](https://www.freecodecamp.org/news/what-you-should-know-about-web-tracking-and-how-it-affects-your-online-privacy-42935355525/). Filters can be categorized into five tiers of coverage:
|
||||||
1) **None**: no breakage; NextDNS still protects against malicious threats (à la [security settings](https://github.com/yokoffing/NextDNS-Config#security-cop)) but will allow ads and trackers
|
1) **None**: no breakage; NextDNS still protects against malicious threats (à la [security settings](https://github.com/yokoffing/NextDNS-Config#security-cop)) but will allow ads and trackers
|
||||||
2) **Basic**: rare breakage; prioritizes functionality over blocking; *very* forgiving; ideal for router profiles
|
2) **Basic**: rare breakage; prioritizes functionality over blocking; very forgiving; ideal for router profiles
|
||||||
3) **Balanced**: minimal breakage; should not interfere with everyday browsing; largely [set-and-forget](https://glosbe.com/en/en/set-and-forget) but you may need to allowlist occasionally
|
3) **Balanced**: minimal breakage; should not interfere with everyday browsing; largely [set-and-forget](https://glosbe.com/en/en/set-and-forget) but you may need to allowlist occasionally
|
||||||
4) **Strict**: moderate breakage; prioritizes privacy over user experience; must [manage your allowlist](https://github.com/yokoffing/NextDNS-Config#allowlist-white_check_mark) regularly
|
4) **Strict**: moderate breakage; prioritizes privacy over user experience; must [manage your allowlist](https://github.com/yokoffing/NextDNS-Config#allowlist-white_check_mark) regularly
|
||||||
5) **Aggressive**: excessive breakage; use on a separate profile to [lockdown single-purpose devices](https://old.reddit.com/r/nextdns/comments/uqap3n/comment/i8q8alf/?context=3)
|
5) **Aggressive**: excessive breakage; use on a separate profile to [lockdown single-purpose devices](https://old.reddit.com/r/nextdns/comments/uqap3n/comment/i8q8alf/?context=3)
|
||||||
@@ -174,7 +179,7 @@ Denylist entries block any requests from that source.
|
|||||||
|
|
||||||
# Allowlist :white_check_mark:
|
# Allowlist :white_check_mark:
|
||||||
|
|
||||||
Allowlist entries override any blocks. Entries below may be needed for `Strict` and `Aggressive` [blocklists](https://github.com/yokoffing/NextDNS-Config#blocklists-1).
|
Allowlist entries override any blocks. These entries may be needed for `Strict` and `Aggressive` [blocklists](https://github.com/yokoffing/NextDNS-Config#blocklists-1).
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user