Educause Security Discussion mailing list archives
Re: Blacklisting XYZ Domains
From: Jesse Bowling <jesse.bowling () DUKE EDU>
Date: Thu, 12 Nov 2020 00:06:49 +0000
Hi Ashley, I read this as inquiring specifically about the TLD .xyz . I can say that many folks I know in other industries DO block the entire TLD. That said, I personally use one site in xyz, so I'd say the odds of someone complaining about such a block would be pretty good in the EDU space. However from a risk/reward perspective: if you have the ability to quickly unblock specific subdomains I would certainly accept the risk. If you should happen to have visibility into queries emanating from your networks, you could likely identify any current legitimate use, provide exemptions from the start, and minimize any complaints. As others have mentioned specific methods for blocking domains, I would add that users always find a way; block it via RPZ on your resolvers, they'll change their resolvers. Block via border poisoning, and more will opt into DoH providers, such as Firefox's default of Cloudflare. Users of Chrome, also using the Google public DNS servers may be pleasantly surprised to find Chrome will upgrade their DNS lookups to DoT automatically. Both of these last two methods will circumvent your controls, but that doesn't mean you shouldn't try. But I digress into a discussion on the modern "DNS wars", which was not the subject at hand...I'll tell the interested readers to google "Paul Vixie DNS over HTTPS" and leave it at that. 🙂 Cheers, Jesse Sent from a tiny device On Nov 11, 2020, at 15:55, Valentijn, Ashley <axv749 () miami edu> wrote:  Hello all, Hope everyone is doing well and staying safe! Our office recently received a request to block the XYZ domain on the university network due to the increased rise in phishing attacks. Has this been done at other universities and colleges and if so, was there any backlash from faculty members, researchers, etc.? Best regards, Ashley Valentijn, M.S. Security Engineer Information Security Office P: 305-284-4582 | E: axv749 () miami edu<mailto:axv749 () miami edu> <Outlook-woolbkxk.jpg> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Blacklisting XYZ Domains Valentijn, Ashley (Nov 11)
- Re: [External] [SECURITY] Blacklisting XYZ Domains Adam T. Ferrero (Nov 11)
- Re: [External] [SECURITY] Blacklisting XYZ Domains Bandy, John (Nov 11)
- Re: Blacklisting XYZ Domains Jesse Bowling (Nov 11)
- Re: [External] Re: [SECURITY] Blacklisting XYZ Domains Kevin Wilcox (Nov 12)
- <Possible follow-ups>
- Re: Blacklisting XYZ Domains Glenn Forbes Fleming Larratt (Nov 12)
- Re: Blacklisting XYZ Domains Von Welch (Nov 12)
- Re: [External] [SECURITY] Blacklisting XYZ Domains Adam T. Ferrero (Nov 11)