Add option to block all IDN domains opened 02:16PM - 30 Jan 18 UTC (UTC) closed 02:30PM - 30 Jan 18 UTC (UTC) [image] slawa-dev …

[image] slawa: so I want a modified wildcard blocking that only looks at the first 4 characters of a domain and blocks it if it is xn-- I found the time to eventually implement GNU Extended Regular Expressions, see the announcement here: [image] Blocking via regex now…

[image] slawa: It would be great if you can block all IDN domains in the settings of pihole. Do you know how this could be achieved with dnsmasq?

I could not find anything yet. One possibility would be to run a bash command to convert unicode to punycode and do a regex to check for IDN domain if the option for IDN filtering is set. [quanta] How can I convert an IDN to Punycode in bash? linux, bash, idn ans…

[image] slawa: How is wildcard blocking done in pihole? You could do the same thing like wildcard but convert the domain to punycode and just check the first 3 letters for ‘xn–’. It is done following the DNS regulations which makes what you suggest impossible, unfortunately. Let me write dow…

What I don't know is how IDN domains are handled inside of pihole. as президент.рф or are they automatically converted to xn--d1abbgf6aiiy.xn--p1ai For me it looks like it handles them as xn--d1abbgf6aiiy.xn--p1ai, because it gets blocked if I have xn--d1abbgf6aiiy.xn--p1ai on block list and query…

[image] slawa: so I want a modified wildcard blocking that only looks at the first 4 characters of a domain and blocks it if it is xn-- Unfortunately, that's not how dnsmasq treats a domain. The wildcard blocking is only at the full segment (label) level, working from the right hand end. So, …

As things stand this is out of scope due to how the DNS resolver works.

@stonedbovines @DL6ER Alright, thanks for looking into this.

Thanks! I saw this on Reddit yesterday. This is great news. FTLDNS is a big step forward! I very like this project. I already donated last week without knowing about this new feature. [donate] You already fulfilled your promise (purpose) one week later. :smiley:

FYI With this RegEx you can block all IDN domains: (^|\.)xn--

[image] slawa: (^|\.)xn--.*$ Just a quick note: .*$ means "something or nothing until the end" and can be omitted as it is not doing something and always matches anything. (^|\.)xn-- does the same thing as it matches any domain starting in xn--, and any domain that contains the string .xn- …