mirror of
https://github.com/yokoffing/NextDNS-Config.git
synced 2025-11-17 07:33:39 -05:00
more TLDs
This commit is contained in:
yokoffing
41
README.md
41
README.md
@@ -36,14 +36,14 @@ Security settings protect your data from harm, theft, and unauthorized use.
|
|||||||
### Domain Generation Algorithms (DGAs) Protection
|
### Domain Generation Algorithms (DGAs) Protection
|
||||||
 Enable DGA Protection
|
 Enable DGA Protection
|
||||||
### Block Newly Registered Domains (NRDs) <sup><sup>[1](https://www.malwarebytes.com/glossary/phishing) [2](https://old.reddit.com/r/uBlockOrigin/comments/w64sqt/comment/ihboutk/?context=3) [3](https://www.boldgrid.com/instagram-influencer-accounts-are-being-hacked-phishing-attacks/) </sup></sup>
|
### Block Newly Registered Domains (NRDs) <sup><sup>[1](https://www.malwarebytes.com/glossary/phishing) [2](https://old.reddit.com/r/uBlockOrigin/comments/w64sqt/comment/ihboutk/?context=3) [3](https://www.boldgrid.com/instagram-influencer-accounts-are-being-hacked-phishing-attacks/) </sup></sup>
|
||||||
:warning: Blocking NRDs may cause false positives [occasionally](https://old.reddit.com/r/InternetIsBeautiful/comments/w2wdro/comment/iguvg8y/?context=3). Be selective when adding NRDs to your allowlist; and, when you do this, **NEVER** give [sensitive information](https://www.egnyte.com/guides/governance/sensitive-information) to a NRD. *If you plan to [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, disable this setting.*
|
:warning: Blocking NRDs may cause [false positives](https://csrc.nist.gov/glossary/term/false_positive) [occasionally](https://old.reddit.com/r/InternetIsBeautiful/comments/w2wdro/comment/iguvg8y/?context=3). Be selective when adding NRDs to your allowlist; and, if you do, **NEVER** give [sensitive information](https://www.egnyte.com/guides/governance/sensitive-information) to a NRD. *If you plan to [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, disable this setting.*
|
||||||
<br><br> Block Newly Registered Domains (NRDs)
|
<br><br> Block Newly Registered Domains (NRDs)
|
||||||
### Block Dynamic DNS Hostnames <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/ddns/suffixes) [2](https://twitter.com/NextDNS/status/1541740963760144386?cxt=HHwWhIC8iZ7PruUqAAAA) [3](https://www.phishing.org/what-is-phishing) </sup></sup>
|
### Block Dynamic DNS Hostnames <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/ddns/suffixes) [2](https://twitter.com/NextDNS/status/1541740963760144386?cxt=HHwWhIC8iZ7PruUqAAAA) [3](https://www.phishing.org/what-is-phishing) </sup></sup>
|
||||||
 Enable Block Dynamic DNS Hostnames
|
 Enable Block Dynamic DNS Hostnames
|
||||||
### Block Parked Domains <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname)</sup></sup>
|
### Block Parked Domains <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname)</sup></sup>
|
||||||
 Block Parked Domains
|
 Block Parked Domains
|
||||||
### Block Top-Level Domains (TLDs) <sup><sup>[1](https://www.gomyitguy.com/blog-news-updates/malicious-domain-extensions) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/) [4](https://github.com/iam-py-test/my_filters_001/blob/main/enhanced_protection.txt) </sup></sup>
|
### Block Top-Level Domains (TLDs) <sup><sup>[1](https://www.gomyitguy.com/blog-news-updates/malicious-domain-extensions) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/) [4](https://github.com/iam-py-test/my_filters_001/blob/main/enhanced_protection.txt) </sup></sup>
|
||||||
:warning: Blocking [TLDs](https://www.geeksforgeeks.org/components-of-a-url/) will cause false positives. Some TLDs may be unusable if you often visit websites that use them. Add websites that are affected to your [allowlist](https://github.com/yokoffing/NextDNS-Config#allowlist-white_check_mark) if they are not malicious. *If you plan to [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, skip this setting.*
|
:warning: Blocking [TLDs](https://www.geeksforgeeks.org/components-of-a-url/) will cause [false positives](https://csrc.nist.gov/glossary/term/false_positive). Some TLDs may be unusable if you often visit websites that use them. Add websites that are affected to your [allowlist](https://github.com/yokoffing/NextDNS-Config#allowlist-white_check_mark) if they are not malicious. *If you plan to [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, skip this setting.*
|
||||||
|
|
||||||
```
|
```
|
||||||
.work
|
.work
|
||||||
@@ -79,6 +79,37 @@ Security settings protect your data from harm, theft, and unauthorized use.
|
|||||||
.win
|
.win
|
||||||
```
|
```
|
||||||
|
|
||||||
|
:radioactive: **Advanced Users:** If you use [NX Enhanced](https://github.com/hjk789/NXEnhanced#nx-enhanced) and want to [add all TLDs](https://github.com/hjk789/NXEnhanced#security-page) to your profile, then here is a list of common TLDs you need to allow:
|
||||||
|
|
||||||
|
<details>
|
||||||
|
|
||||||
|
```
|
||||||
|
.biz
|
||||||
|
.cloud
|
||||||
|
.co
|
||||||
|
.com
|
||||||
|
.de
|
||||||
|
.dev
|
||||||
|
.email
|
||||||
|
.goog
|
||||||
|
.gov
|
||||||
|
.info
|
||||||
|
.io
|
||||||
|
.mil
|
||||||
|
.mobi
|
||||||
|
.mobile
|
||||||
|
.net
|
||||||
|
.nl
|
||||||
|
.org
|
||||||
|
.page
|
||||||
|
.review
|
||||||
|
.ru
|
||||||
|
.site
|
||||||
|
.xyz
|
||||||
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
### Block Child Sexual Abuse Material
|
### Block Child Sexual Abuse Material
|
||||||
 Block Child Sexual Abuse Material
|
 Block Child Sexual Abuse Material
|
||||||
|
|
||||||
@@ -94,8 +125,8 @@ Privacy is a [spectrum](https://blog.thenewoil.org/the-privacy-myth-binary-vs-sp
|
|||||||
Blocklists are community generated lists that block ads and [trackers](https://www.freecodecamp.org/news/what-you-should-know-about-web-tracking-and-how-it-affects-your-online-privacy-42935355525/). Filters can be categorized into five tiers of coverage:
|
Blocklists are community generated lists that block ads and [trackers](https://www.freecodecamp.org/news/what-you-should-know-about-web-tracking-and-how-it-affects-your-online-privacy-42935355525/). Filters can be categorized into five tiers of coverage:
|
||||||
1) **None**: no breakage; NextDNS still protects against malicious threats (à la [security settings](https://github.com/yokoffing/NextDNS-Config#security-cop)) but will allow ads and trackers
|
1) **None**: no breakage; NextDNS still protects against malicious threats (à la [security settings](https://github.com/yokoffing/NextDNS-Config#security-cop)) but will allow ads and trackers
|
||||||
2) **Basic**: rare breakage; prioritizes functionality over blocking; *very* forgiving; ideal for router profiles
|
2) **Basic**: rare breakage; prioritizes functionality over blocking; *very* forgiving; ideal for router profiles
|
||||||
3) **Balanced**: minimal breakage; should not interfere with everyday browsing; may need to [allowlist](https://github.com/yokoffing/NextDNS-Config#allowlist-white_check_mark) occasionally
|
3) **Balanced**: minimal breakage; should not interfere with everyday browsing; largely [set-and-forget](https://glosbe.com/en/en/set-and-forget) but you may need to allowlist occasionally
|
||||||
4) **Strict**: moderate breakage; prioritizes privacy over user experience; must manage your allowlist regularly
|
4) **Strict**: moderate breakage; prioritizes privacy over user experience; must [manage your allowlist](https://github.com/yokoffing/NextDNS-Config#allowlist-white_check_mark) regularly
|
||||||
5) **Aggressive**: excessive breakage; use on a separate profile to [lockdown single-purpose devices](https://old.reddit.com/r/nextdns/comments/uqap3n/comment/i8q8alf/?context=3)
|
5) **Aggressive**: excessive breakage; use on a separate profile to [lockdown single-purpose devices](https://old.reddit.com/r/nextdns/comments/uqap3n/comment/i8q8alf/?context=3)
|
||||||
|
|
||||||
Here's a compliation of popular blocklists available in NextDNS:
|
Here's a compliation of popular blocklists available in NextDNS:
|
||||||
@@ -205,7 +236,7 @@ Allowlist entries override any blocks.
|
|||||||
|
|
||||||
# Settings :gear:
|
# Settings :gear:
|
||||||
### Block Page
|
### Block Page
|
||||||
 Enable Block Page → :radioactive: *Enabling may cause breakage if the [NextDNS Root CA](https://help.nextdns.io/t/g9hmv0a/how-to-install-and-trust-nextdns-root-ca) is not on your devices*
|
 Enable Block Page → :warning: *Enabling may cause breakage if the [NextDNS Root CA](https://help.nextdns.io/t/g9hmv0a/how-to-install-and-trust-nextdns-root-ca) is not on your devices*
|
||||||
### Anonymized EDNS Client Subnet <sup><sup>[1](https://help.nextdns.io/t/m1hmv04/what-is-edns-client-subnet-ecs) </sup></sup>
|
### Anonymized EDNS Client Subnet <sup><sup>[1](https://help.nextdns.io/t/m1hmv04/what-is-edns-client-subnet-ecs) </sup></sup>
|
||||||
 Enable Anonymized EDNS Client Subnet
|
 Enable Anonymized EDNS Client Subnet
|
||||||
### Cache Boost <sup><sup>[1](https://old.reddit.com/r/nextdns/comments/girmcf/new_setting_cache_boost/)</sup></sup>
|
### Cache Boost <sup><sup>[1](https://old.reddit.com/r/nextdns/comments/girmcf/new_setting_cache_boost/)</sup></sup>
|
||||||
|
|||||||
Reference in New Issue
Block a user