this is to resolve or close open RT ticket #6947 (et wiki.voyage)
https://rt.wikimedia.org/Ticket/Display.html?id=6947
Fri Feb 28 02:02:42 2014 Daniel Zahn - Ticket created Subject: get wiki.voyage Reedy pointed out that there is .voyage gTLD now, and we might wanna get wiki.voyage. I tend to agree, seems nice for wikivoyage.org, but we'll have to ask legal anyways (somehow, somebody)
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Add wiki.voyage to DNS | operations/dns | master | +1 -0 | |
| add wiki.voyage as parked domain | operations/dns | master | +1 -0 |
If this is going to work like our other redirections, and force HTTPS along the way, it means purchasing two additional wildcard certificates for the wiki.voyage domain, as we'll need a unified certificate, and an SNI certificate. These are not cheap (we don't put pricing in public tasks.) Also, once we purchase it and start using it, we'll have to keep said certificates around forever, so this adds to our techncial debt.
I'm not saying this means it is a no, simply it needs to be carefully considered with @Slaporte/Operations/etc before we just start flipping things on.
Additionally, I imagine @BBlack can speak with more technical knowledge about the implementation of this domain.
@RobH is there a less expensive way to do a simple redirect?
I don't think it's high priority or worth significant investment (of your time or certificate budget). We registered the domain defensively, and I only suggest a redirect to put the domain to use. If our only option is expensive, I'm fine keeping this registered but unused.
Generally speaking, we're trying to move away from a policy of acquiring random redirect domains just because they seem convenient or nice. In an HTTPS world, random excess redirect domains are no longer "free" in terms of cost and configuration complexity. Basically, we don't want to do insecure redirects at all anymore for security reasons, and we also don't want to have to support (in terms of complexity and cost) far more TLS-secured domains than we really need either. See also T101048
This is an ongoing problem with all of our existing junk/redirect domains that hasn't even been fully addressed yet , but adding more to the problem at this point is moving in the wrong direction. There may be a lot of these junk domains that we have to acquire and maintain for trademark / legal reasons, but we want to make those dead (legal in DNS, but no address for a browser to hit at all) or parked (as in a static page that indicates we own it, but does not autore-fresh/direct to our legit domains) from a browser perspective, rather than functional redirects.
Got it. That makes a lot of sense.
As a defensive registration, we can keep this dead or parked if that's the policy.
So to summarize: We should still add this to our DNS servers, so it's good that we get notified about it, just that we don't want it to be a working redirect. So we add it but as a parked domain that exists but doesn't get any traffic.
added to DNS as parked domain
;; QUESTION SECTION: ;wiki.voyage. IN A ;; AUTHORITY SECTION: wiki.voyage. 3600 IN SOA ns0.wikimedia.org. hostmaster.wikimedia.org. 2015100216 43200 7200 1209600 3600
This solves the ticket, somewhat. @Reedy so we have it but won't really add the redirect. Not what you originally had in mind, but ..this was from before the https-only world.. so .. yea.. the additional cost.
@Slaporte @BBlack Do you see any issues with making the ticket public once it's resolved? (and other domain tickets once they are closed). I don't see anything private in it besides that we don't want to have them in public before they are solved to not make it easy for domain grabbers, right?
@Dzahn That's fine with me.
As a side note, I found the policy description on this tag confusing. If I click on "Custom Policy", it says:
This object is in S1 Public, and can only be seen or edited by users with access to view objects in the space. Learn More
Users who can see objects in this space:
- This object is public.
...
The space is public, which means that this object may be set to public. This object is not currently set to public.
The access control system is designed for power users.