Re: Blacklisting XYZ Domains

[Jesse Bowling <jesse.bowling () DUKE EDU>]

Hi Ashley,

I read this as inquiring specifically about the TLD .xyz . I can say that many folks I know in other industries DO 
block the entire TLD. That said, I personally use one site in xyz, so I'd say the odds of someone complaining about 
such a block would be pretty good in the EDU space.

However from a risk/reward perspective: if you have the ability to quickly unblock specific subdomains I would 
certainly accept the risk. If you should happen to have visibility into queries emanating from your networks, you could 
likely identify any current legitimate use, provide exemptions from the start, and minimize any complaints.

As others have mentioned specific methods for blocking domains, I would add that users always find a way; block it via 
RPZ on your resolvers, they'll change their resolvers. Block via border poisoning, and more will opt into DoH 
providers, such as Firefox's default of Cloudflare. Users of Chrome, also using the Google public DNS servers may be 
pleasantly surprised to find Chrome will upgrade their DNS lookups to DoT automatically. Both of these last two methods 
will circumvent your controls, but that doesn't mean you shouldn't try.

But I digress into a discussion on the modern
"DNS wars", which was not the subject at hand...I'll tell the interested readers to google "Paul Vixie DNS over HTTPS" 
and leave it at that. 🙂

Cheers,

Jesse
Sent from a tiny device

On Nov 11, 2020, at 15:55, Valentijn, Ashley <axv749 () miami edu> wrote:


Hello all,

Hope everyone is doing well and staying safe!

Our office recently received a request to block the XYZ domain on the university network due to the increased rise in 
phishing attacks. Has this been done at other universities and colleges and if so, was there any backlash from faculty 
members, researchers, etc.?

Best regards,
Ashley Valentijn, M.S.
Security Engineer
Information Security Office
P: 305-284-4582 | E: axv749 () miami edu<mailto:axv749 () miami edu>
<Outlook-woolbkxk.jpg>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community