So a realtime whois lookup is performed when the request to the DNS server is made, and if the domain was only registered within X days/weeks, then return 0.0.0.0 (or other such blocking method).
See, I've outbuilding tried compiling lists of newly registered domains to use as block lists, bit they're very large lists that my under-spec systems struggle to deal with. As such, I scaled back / shelved the project.
Looks like Adguard DNS and NextDNS offer blocking NRDs as an option in their paid services. I shall be looking into this further.
Ive been out of the authoritative dns game for a while, but asi recall…
Larger providers can also get bulk zone access for TLD’s and whois/registrar data. For this use case it’s relatively easy to create a time based filter on that. Anything that’s “new” will be de facto absent from your “allow” check and create an implicit deny.
Then your large IT provider or recursive DNS system will probably layer in RPZ where they can insert explicit denies at resolution time. Either based on QNAME, RDATA, zone, etc.
So a realtime whois lookup is performed when the request to the DNS server is made, and if the domain was only registered within X days/weeks, then return 0.0.0.0 (or other such blocking method).
See, I've outbuilding tried compiling lists of newly registered domains to use as block lists, bit they're very large lists that my under-spec systems struggle to deal with. As such, I scaled back / shelved the project.
Looks like Adguard DNS and NextDNS offer blocking NRDs as an option in their paid services. I shall be looking into this further.
Ive been out of the authoritative dns game for a while, but asi recall…
Larger providers can also get bulk zone access for TLD’s and whois/registrar data. For this use case it’s relatively easy to create a time based filter on that. Anything that’s “new” will be de facto absent from your “allow” check and create an implicit deny.
Then your large IT provider or recursive DNS system will probably layer in RPZ where they can insert explicit denies at resolution time. Either based on QNAME, RDATA, zone, etc.