How to block newly created domains? (To prevent phishing)

How to block newly created domains locally (!), without any external dns resolvers on Opal router? As they frequently use for phishing I want to block domains that are “younger” than 90 days.

I would say: You can't.
There is no big list of new created domains - and it would affect subdomains as well.

Sounds more like security by obscurity to me.
Without external dns resolver wouldn't work either, since you need to get the REG date anyway.

So… How to avoid as much malware as possible directly on network (!) to disallow access to such websites?

You see, family members is not as acknowledged as us in this field so this is the only way to avoid phishing. I got pissed to explain why that website is phishing and no “Free apartment forever” exists

I would say you can't.

If you know what name domains? You could add hostname in your router
For example:

Or install Internet antivirus such like Bitdefender Total Security :thinking:

You can use dns resolvers, ZERO blocks :
among others. It is free and can found it here.
I wish GLiNet give us the option to use custom DoT dns resolvers and not just two predefined.

Vice averse.

Interesting. How to make it work with AdguardDNS that I am using to block ads?

1 Like

AdGuard app or GLiNets implementation gives the option to use custom DNS.
Depends which you are using.

App? I don’t wanna pay :sweat_smile:

I know about pirated versions but I can barely be sure that there is no malware in it.

Of course everything sets up on router. So dns0 + Adguard DNS is impossible?

It's impossible because it does not make sense. Both are DNS services.
Guess @Costas was talking about AdGuard Home which is preinstalled on some GL routers as long as they are powerful enough.

@admon what is you reconditions regarding such situation? What is your setup to avoid most bad situations without head ache?

Phew. Difficult. Depends on many different thoughts.

I would go with AdGuard Home in Combination with dns0 as upstream DNS then.
But if I'm completely honest: These are all rather cosmetic things. Sure, newly registered domains could be a risk - but often these domains have been around for a long time if they are being actively attacked.

I find that interesting as a decision criterion, but not really worth considering.

tbh NextDNS has this feature called NRD's but i think if you want a stand alone solution i'm afraid you need to build this yourself.

Which comes down to:

  • understanding that a normal dns resolver such as dnsmasq does not check on data such as whois information, its primarily only domain to ip translation.

  • studying dnsmasq documentation for events or handlers which you need to pass the actually ips from the domain to your scripts.

  • writing a script which checks the ip from the domain against a reputable whois database my guess is: arin, ripe, apnic.

With other words it comes down into programming this type of functionality, maybe on its slightest you can find someones docker project but it will not be simple :+1:


Oops, i think too fast, you actually need to check against a reputable domain registery not ripe etc thats for ips lol :yum:

1 Like

Run this script regularly to download NRDs: