Comment by afandian
1 day ago
I can see a future where Cloudflare or similar offer a DNS + proxy + Root CA combo to intercept these. Maybe they already do.
1 day ago
I can see a future where Cloudflare or similar offer a DNS + proxy + Root CA combo to intercept these. Maybe they already do.
If I’m remembering correctly, Conficker was the first major use of this technique. They used a relatively small domain pool (250) so the registries were able to lock them up preemptively.
I remember a couple legitimate sites getting slammed by accidental DDOS because the algorithm happened to generate their domain, but having a hard time finding a reference to that.
https://en.m.wikipedia.org/wiki/Conficker
Quad9 (the subject of this post) already offers ‘threat blocking’ by default.
https://quad9.net/service/threat-blocking/
That might work for the current generation of bots, but it will become infeasible when the domain names are generated in such a way that they overlap with spellable and existing domain names.
> it will become infeasible when the domain names are generated in such a way that they overlap with spellable and existing domain names.
And why do you believe this will even happen?