Add obl.ong

[reesericci]

Public Suffix List (PSL) Pull Request (PR) Template

Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.

Checklist of required steps

• Description of Organization

• Robust Reason for PSL Inclusion

• DNS verification via dig

• Run Syntax Checker (make test)

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place in the respective zone(s) in the affected section

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• This request was not submitted with the objective of working around other third-party limits

• The Guidelines were carefully read and understood, and this request conforms
• The submission follows the guidelines on formatting and sorting

---

For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.

---

Description of Organization

Obl.ong provides free subdomains of obl.ong for general people to register as use for their personal website, company website, etc. We are submitting to the PSL as a means of securing cookies between client's subdomains. I'm Reese, the founder and lead engineer at Obl.ong.

Organization Website:

https://obl.ong

Reason for PSL Inclusion

• Cookie Security between client's subdomains is our priority when submitting our request.
• We also would like clients to be able to set DMARC records for their subdomains.

DNS Verification via dig

dig +short TXT _psl.obl.ong @1.1.1.3
"https://github.com/publicsuffix/list/pull/1830"

Results of Syntax Checker (make test)

Tests pass successfully.

============================================================================
Testsuite summary for libpsl 0.21.2
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

[BenjaminEHowe]

I'm not a PSL maintainer, but adding a comment for expectation management. Google suggests you have very few domains beneath obl.ong: https://www.google.com/search?q=site%3Aobl.ong . Given the need to maintain PSL file size modesty, I suspect this won't get merged. See #1556 (comment) for some more detail.

[reesericci]

Hey - I'm just following up on this because our service is still very interested in getting added to the PSL.

[dnsguru]

Hi Reese - we get that interest from requestors.

Something that was missing here in the rationale.... Can you describe how your offering subdomains complies with section B of this : https://thenew.org/org-people/about-pir/policies/ngo-and-ong-registration-policy/

I am not a lawyer, but it seems like the .ong top level domain is designating that use of the ong domains is for a specific org and that org alone.

PIR, who operate the .org and others, like .ong do so in a very active engagement on ensuring high hygiene and compliant namespaces, and subdomiains, especially free ones, have trended to be nutrient rich environments for the exact opposite to thrive.

Please help with the rationale on how doling out subdomains aligns with the policy section B, specifically

During the registration process, the registrant is required to certify the identity of the NGO or NGO association on whose behalf the entity is acting and the role that the representative of the registering entity fulfills within the NGO or NGO association. The registrant will then certify (via click through box) that the registrant has read, understands, and will  comply with these Registration Policies and that information provided by the entity is accurate and complete.

Once the registration process is completed, the domain name will be live.

Registrants registering additional domain names on behalf of the same NGO or NGO association will simply need to confirm the accuracy of the eligibility information previously supplied.

When transferring a domain that has not expired to a new registrant, it is the responsibility of the current registrant to ensure that the new registrant is compliant with the .NGO and .ONG Registration Policy.

[reesericci]

Hello -

In this case, we believe Obl.ong itself is the NGO in compliance with the subsection, and we provide a service that allows other entities to utilize our domain. Our reading is that there is no prohibition on subdomain usage, it just says the registrant of the domain (us) must comply. If you believe that we must amend our policies to only allow entities in compliance with the PIR guidelines to utilize our services, that's something we can explore.

Additionally, we strive to limit usage of our services to legitimate entities that comply with our fairly strict code of conduct. A human on our team manually reviews each registration to ensure compliance, and we are currently building out our structure for performing regular audits.

[dnsguru]

it is likely if you're restricting the audience, then the scale of this is not going to meet the requirements of file modesty - ie tens of thousands of segmented users. But if you have tens of thiousands are you meeting your section B policy?

[reesericci]

Hello -

Sorry for my extreme lateness in getting back to y'all. We were recently audited by PIR, and have adjusted our policies to only allow domains that comply with .ONG requirements.

[charliez0]

Hello -

Sorry for my extreme lateness in getting back to y'all. We were recently audited by PIR, and have adjusted our policies to only allow domains that comply with .ONG requirements.

maybe you can open a new pull request instead of this one and alter information to meet the requirement.

[dnsguru]

Hello -

Sorry for my extreme lateness in getting back to y'all. We were recently audited by PIR, and have adjusted our policies to only allow domains that comply with .ONG requirements.

Noice.

What is the number of customer domains this request will now support with the revisions?

[reesericci]

I think we're currently serving around 500 members

[simon-friedberger]

• Expiration (Note: Must STAY >2y at all times)
  • obl.ong expires 2026-11-04
• DNS _psl entries (Note: Must STAY in place)
• Tests pass
• Sorting
• Reasoning/Organization description

[reesericci]

Just renewed the domain! What reasoning are you looking for?

[simon-friedberger]

http://whois.nic.ong/ still shows "Registry Expiry Date: 2025-11-04T22:29:49Z".

In terms of reasoning, a list of domains you're currently hosting and how active the are would be a great help. (Preferably in the form of a link to a page with statistics.)

[reesericci]

In terms of reasoning, a list of domains you're currently hosting and how active the are would be a great help. (Preferably in the form of a link to a page with statistics.)

We unfortunately do not have a stats page (although it is planned), and will not give out a raw list of all domains we host. Activity information we do not collect.

[reesericci]

In terms of the domain renewal, I accidentally renewed our backup domain - so now it should be updated for real :)

[BenjaminEHowe]

We [...] will not give out a raw list of all domains we host.

I found 167 subdomains via OSINT: https://subdomainfinder.c99.nl/scans/2024-06-12/obl.ong

[simon-friedberger]

I found 167 subdomains via OSINT: https://subdomainfinder.c99.nl/scans/2024-06-12/obl.ong

To quote it here for posterity: Of those 167 there are 38 which don't have an IP and there are 106 different IP addresses total.
88 domains gave a 200 response.
56 entries are in CT logs.

But I think @BenjaminEHowe 's point is that this information is not secret anyway, @reesericci .

[reesericci]

Alright, fine, you make a good point - here you go:

https://termbin.com/rkdp

[reesericci]

Wahoo!

[groundcat]

Hello @reesericci I have noticed that the domain obl.ong has been returning an NXDOMAIN error for a while. Is this project still active?

Since the day this entry was accepted by the PSL, it seems that user growth has stopped. The subdomain count remains at 167, the same as on June 12.

If the service has been decommissioned and the domain is no longer linked to an active project, please confirm whether it can be safely removed from the PSL. If your project or organization is still active and requires continued inclusion in the PSL, please reply at your earliest convenience. If we do not hear back from you for an extended period (over 30 days), your entry may be subject to removal. Thank you. #1119

---

Email sent

Original-Envelope-ID: <409e1db494a24579bf7da49c4a629b7f@220850c7a5074f23a422e9523f3dcd02>

Action: delivered
Final-Recipient: rfc822;[email protected]
Status: 2.0.0
Remote-MTA: dns; aspmx.l.google.com
Diagnostic-Code: smtp; 250 Ok