[Analyzer] CleanBrowsing DNS

[mlodic]

Name

CleanBrowsing_DNS

Link

https://cleanbrowsing.org/filters/#step3

Type of analyzer

like the other DNS services. They provide only DNS services with filter. For us it would be enough to connect to the filter which performs filtering of malicious domains

Why should we use it

it's free

Possible implementation

name: CleanBrowsing_DNS_Malicious_Detector

We should use DOH like we did for Cloudflare for instance. We need to understand which is the response provided in case the domain is filtered, which is not clear in their doc. Could be "NXDOMAIN"

[g4ze]

Can you please highlight any possible approach to understand the response provided?

[mlodic]

some options:

• read the doc to see if anything changes
• search anywhere in the internet if there is someone who already knows it
• ask to their support
• try some domains that you know that they are malicious (idk try with these ones) and see what is the result of the query. As you may see from other similar implementations in IntelOwl like Cloudflare, there could be different possibile solutions, it depends on the provider. Some examples:
  • NXDOMAIN. In this case we need to compare this result with a "non filtered" query to understand if that has been blocked or not cause the doubt is that the domain could not exist
  • 0.0.0.0.
  • ???