[giancarlostoro]

My corporate firewall blocked this due to it being a newly registered domain.

So I can't even see it, I care less about "vibe coding" but it sounds like someone registered a domain just to get attention on their amazing take about why they think they're qualified to tell the world the future.

[dieselgate]

> My corporate firewall blocked this due to it being a newly registered domain.

Was surprised mine did not - usually a toss up with HN links. I don't get reasoning just "NONCOMPLIANT ACTION". It is interesting to have a flag telling you the domain is new, though

[BLKNSLVR]

Do you know by which mechanism they recognize newly registered domains in order to block them?

[greycol]

It's a whois lookup, registrars provide that information.

[BLKNSLVR]

So a realtime whois lookup is performed when the request to the DNS server is made, and if the domain was only registered within X days/weeks, then return 0.0.0.0 (or other such blocking method).

See, I've outbuilding tried compiling lists of newly registered domains to use as block lists, bit they're very large lists that my under-spec systems struggle to deal with. As such, I scaled back / shelved the project.

Looks like Adguard DNS and NextDNS offer blocking NRDs as an option in their paid services. I shall be looking into this further.

[donavanm]

Ive been out of the authoritative dns game for a while, but asi recall…

Larger providers can also get bulk zone access for TLD’s and whois/registrar data. For this use case it’s relatively easy to create a time based filter on that. Anything that’s “new” will be de facto absent from your “allow” check and create an implicit deny.

Then your large IT provider or recursive DNS system will probably layer in RPZ where they can insert explicit denies at resolution time. Either based on QNAME, RDATA, zone, etc.

[cactusplant7374]

Next time they should run it by your company before they decide to create a new domain.