Is there any specific reason why would you want to block all IDN domains
in your dnsmasq? What attack would you like to prevent? Can you share
examples where this would help?
I think this is a primary job for domain registrators, which should
prevent registrations of mixed alphabets to prevents spoofing of
selected letters. If they don't, I think it is possible to block whole
TLD where this is allowed. There is no good solution for dnsmasq to do
such thing. I think it should not be done on client side and especially
not this way. I would recommend using RPZ driven blocklist in bigger
resolver, which would block only known bad sites.
On 5/11/23 04:12, B@us wrote:
I realize this breaks many standards. But the reality for most small
installations is we have no real business visiting sites with
non-ASCII domain names. I’m thinking of protecting against the Greek
“α” which looks a lot like the letter “a”.
Is there an easy way to translate domains that don’t match
\.[A-Za-z0-9]\. to 127.0.0.1?
Thanks!
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
