Page MenuHomePhabricator

Closed, ResolvedPublic


this is to resolve or close open RT ticket #6947 (et

Fri Feb 28 02:02:42 2014 Daniel Zahn - Ticket created
Subject: 	get

Reedy pointed out that there is .voyage gTLD now, and we might wanna get I tend to agree, seems nice for, but we'll have to ask legal anyways (somehow, somebody)

Event Timeline

Dzahn raised the priority of this task from to Needs Triage.
Dzahn updated the task description. (Show Details)
Dzahn changed the visibility from "Public (No Login Required)" to "Custom Policy".
Dzahn changed the edit policy from "All Users" to "Custom Policy".
Dzahn changed Security from None to Other confidential issue.
Dzahn added subscribers: Dzahn, Reedy.

somehow i doubt we will, but just cleaning up open tickets

Andrew triaged this task as Low priority.Feb 6 2015, 9:59 PM
Slaporte added a subscriber: Slaporte.

We now have SRE, can you set up DNS to redirect to

If this is going to work like our other redirections, and force HTTPS along the way, it means purchasing two additional wildcard certificates for the domain, as we'll need a unified certificate, and an SNI certificate. These are not cheap (we don't put pricing in public tasks.) Also, once we purchase it and start using it, we'll have to keep said certificates around forever, so this adds to our techncial debt.

I'm not saying this means it is a no, simply it needs to be carefully considered with @Slaporte/Operations/etc before we just start flipping things on.

Additionally, I imagine @BBlack can speak with more technical knowledge about the implementation of this domain.

@RobH is there a less expensive way to do a simple redirect?

I don't think it's high priority or worth significant investment (of your time or certificate budget). We registered the domain defensively, and I only suggest a redirect to put the domain to use. If our only option is expensive, I'm fine keeping this registered but unused.

Generally speaking, we're trying to move away from a policy of acquiring random redirect domains just because they seem convenient or nice. In an HTTPS world, random excess redirect domains are no longer "free" in terms of cost and configuration complexity. Basically, we don't want to do insecure redirects at all anymore for security reasons, and we also don't want to have to support (in terms of complexity and cost) far more TLS-secured domains than we really need either. See also T101048

This is an ongoing problem with all of our existing junk/redirect domains that hasn't even been fully addressed yet , but adding more to the problem at this point is moving in the wrong direction. There may be a lot of these junk domains that we have to acquire and maintain for trademark / legal reasons, but we want to make those dead (legal in DNS, but no address for a browser to hit at all) or parked (as in a static page that indicates we own it, but does not autore-fresh/direct to our legit domains) from a browser perspective, rather than functional redirects.

Got it. That makes a lot of sense.

As a defensive registration, we can keep this dead or parked if that's the policy.

So to summarize: We should still add this to our DNS servers, so it's good that we get notified about it, just that we don't want it to be a working redirect. So we add it but as a parked domain that exists but doesn't get any traffic.

added to DNS as parked domain

;			IN	A

;; AUTHORITY SECTION:		3600	IN	SOA 2015100216 43200 7200 1209600 3600

This solves the ticket, somewhat. @Reedy so we have it but won't really add the redirect. Not what you originally had in mind, but ..this was from before the https-only world.. so .. yea.. the additional cost.

@Slaporte @BBlack Do you see any issues with making the ticket public once it's resolved? (and other domain tickets once they are closed). I don't see anything private in it besides that we don't want to have them in public before they are solved to not make it easy for domain grabbers, right?

@Dzahn That's fine with me.

As a side note, I found the policy description on this tag confusing. If I click on "Custom Policy", it says:

This object is in S1 Public, and can only be seen or edited by users with access to view objects in the space. Learn More

Users who can see objects in this space:

  • This object is public.


The space is public, which means that this object may be set to public. This object is not currently set to public.

The access control system is designed for power users.

Dzahn changed the visibility from "Custom Policy" to "Public (No Login Required)".
Dzahn changed the edit policy from "Custom Policy" to "All Users".
Restricted Application changed the visibility from "Public (No Login Required)" to "Custom Policy". · View Herald TranscriptOct 2 2015, 7:32 PM
Restricted Application changed the edit policy from "All Users" to "Custom Policy". · View Herald Transcript
Restricted Application added a project: WMF-NDA. · View Herald Transcript
Dzahn claimed this task.
Dzahn removed a project: WMF-NDA.
Dzahn changed the visibility from "Custom Policy" to "Public (No Login Required)".
Dzahn changed the edit policy from "Custom Policy" to "All Users".
Dzahn changed Security from Other confidential issue to None.

Change 242924 abandoned by Reedy:
Add to DNS