Move Domains Under OpenHost

[openhost-registry]

Public Suffix List (PSL) Pull Request (PR) Template

Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.

Checklist of required steps

• Description of Organization

• Robust Reason for PSL Inclusion

• DNS verification via dig

• Run Syntax Checker (make test)

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place in the respective zone(s) in the affected section

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• This request was not submitted with the objective of working around other third-party limits

• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• The Guidelines were carefully read and understood, and this request conforms
• The submission follows the guidelines on formatting and sorting

---

For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.

---

Description of Organization

About OpenHost

OpenHost Registry operates under the mission "Free Domain Names for Everyone." Our goal is to provide free online identities - everyone has access to the digital world without financial barriers. We currently manage a range of suffixes, including:

• .pride.moe
• .pride.ngo
• .prvcy.page
• .16-b.it
• .32-b.it
• .64-b.it

The .prvcy.page suffix was already merged and listed in the PSL under our management.

For further details, you may visit our website: https://registry.openhost.uk.

Suffix	Status
.16-b.it	Already in PSL, but we are submitting this PR is to move it to OpenHost.
.32-b.it	Already in PSL, but we are submitting this PR is to move it to OpenHost.
.64-b.it	Already in PSL, but we are submitting this PR is to move it to OpenHost.
.pride.moe	New suffix added this year, open for registration. We don't believe the number of users meets PSL requirements, so we are not adding them now, but may consider it in the future.
.pride.ngo	New suffix added this year, open for registration. We don't believe the number of users meets PSL requirements, so we are not adding them now, but may consider it in the future.
.prvcy.page	Already in PSL, merged last September in PR #1859, and currently under our management, delegated by the operator.

Only the first 3 domains are relevant to this PR.

Organization Website:

https://registry.openhost.uk/

Reason for PSL Inclusion

Reason for PSL Inclusion

The primary reason for this request is to facilitate cookie separation in browsers, thereby enhancing security for our users.

We wish to emphasize that our intention is not to bypass third-party services such as Cloudflare. Our registry, by default, only provides A records and CNAME records, and we strictly offer NS-level registration to applicants we believe act in good faith.

Number of users this request is being made to serve

Our registry currently manages 1,207 registrants. While we cannot precisely estimate the total number of end users visiting these websites, we believe the figure is much higher. A screenshot of our user database count can be provided upon request.

History of .16-b.it, .32-b.it, .64-b.it Domains

These suffixes were previously associated with the Now-DNS service #257 which appears to have been abandoned. The domains expired and were subsequently registered by OpenHost in August 2023.

Upon reactivation, we encountered phishing warnings in Chrome, likely due to historical abuse under the Now-DNS service. After extensive efforts to address these issues with relevant companies, the warnings have largely been resolved.

Consequently, we have only very recently reopened registration for these suffixes.

Why Delaying?

Our original plan was to submit a Public Suffix List change request only once the domains were entirely cleared of such markings. However, due to the recent discovery that volunteers are going to remove these domains via PR #2113, we are submitting this request for contact name changes prematurely.

The malicious flags currently associated with these suffixes originated from their previous management under the Now-DNS service, not from any activity under OpenHost.

We have worked diligently to resolve these issues, but a couple of security companies still mark the domains as malicious.

OpenHost's Abuse Policy and Mitigation

Earlier this year, one of our domains was misused by a subdomain registrant to send large volumes of unsolicited emails, resulting in a real-time blocklist entry.

In response, we implemented a stringent registration policy to prevent similar incidents.

Details of our registry policy and our abuse reporting procedure can be found here:

• Registry Policy
• Report Abuse

Given the steps we have taken to ensure the security and integrity of our services, we respectfully request the inclusion of the .16-b.it, .32-b.it, and .64-b.it domains under the OpenHost block in the Public Suffix List.

DNS Verification via dig

;; ANSWER SECTION:
_psl.16-b.it.           297     IN      TXT     "https://github.com/publicsuffix/list/pull/2115"

;; ANSWER SECTION:
_psl.32-b.it.           300     IN      TXT     "https://github.com/publicsuffix/list/pull/2115"

;; ANSWER SECTION:
_psl.64-b.it.           300     IN      TXT     "https://github.com/publicsuffix/list/pull/2115"

Results of Syntax Checker (make test)

PASSED

[openhost-registry]

I inserted the OpenHost block between Open Domains and Open Social alphabetically, but I noticed that OpenCraft GmbH and OpenResearch GmbH seem to be sorted incorrectly. Based on alphabetical order, OpenCraft GmbH should come before OpenHost and OpenResearch GmbH should come before Open Social.

It was a bit confusing, so I just wanted to check if I’m sorting this correctly.

Thanks for all your hard work on maintaining this project!

list/public_suffix_list.dat

Lines 14616 to 14640 in cab9b9c

	// Open Domains : https://open-domains.net
	// Submitted by William Harrison <[email protected]>
	is-a-fullstack.dev
	is-cool.dev
	is-not-a.dev
	localplayer.dev
	is-local.org
	// OpenHost : https://registry.openhost.uk
	// Submitted by OpenHost Registry Team <[email protected]>
	16-b.it
	32-b.it
	64-b.it
	// Open Social : https://www.getopensocial.com/
	// Submitted by Alexander Varwijk <[email protected]>
	opensocial.site
	// OpenCraft GmbH : http://opencraft.com/
	// Submitted by Sven Marnach <[email protected]>
	opencraft.hosting
	// OpenResearch GmbH: https://openresearch.com/
	// Submitted by Philipp Schmid <[email protected]>
	orsites.com

[wdhdev]

• Expiration (.it domains are limited to 1 year)
  • 16-b.it expires 2025-08-05
  • 32-b.it expires 2025-08-05
  • 64-b.it expires 2024-09-17
• DNS _psl entries (Note: Must STAY in place)
  • _psl.16-b.it
  • _psl.32-b.it
  • _psl.64-b.it
• Tests pass
• Sorting
• Reasoning/Organization description
• Non-personal email address

---

Notes:

• Your section should actually be sorted between OpenCraft GmbH and OpenResearch GmbH.
• prvcy.page is already on the PSL as you mentioned, will this suffix be staying under the the delegated operator's section?
• Are we able to get user counts per domain? As I cannot find very many active subdomains when searching for them on Google using this query parameter: site:{domain} or through a subdomain scanner:
  • https://subdomainfinder.c99.nl/scans/2024-08-25/16-b.it
  • https://subdomainfinder.c99.nl/scans/2024-08-25/32-b.it
  • https://subdomainfinder.c99.nl/scans/2024-08-25/64-b.it
• VirusTotal scans:
  • https://www.virustotal.com/gui/domain/16-b.it - 2 flagged vendors
  • https://www.virustotal.com/gui/domain/32-b.it - 1 flagged vendor
  • https://www.virustotal.com/gui/domain/64-b.it - 1 flagged vendor

[groundcat]

Reasoning:

• The user count of 1,207 seems low, but it makes sense that the end visitors are likely higher. Despite that, thanks for the transparency regarding the reasoning and background information.
• All these entries already exist in the PSL, so I assume this is probably fine regarding relevance checking.

Missing:

Please update the _psl TXT record for 64-b.it and renew the domains to ensure they stay > 2 years at all times.

Update: If I remember correctly, the .it registry only allows a maximum registration term of 1 year. So, you might not be able to extend it by 2 years. If this is the case, we may need to make an exception to the 2-year rule for .it TLDs.

[groundcat]

Please fix sorting, as @wdhdev said, between OpenCraft GmbH and OpenResearch GmbH

[openhost-registry]

Hello @wdhdev and @groundcat, thank you for your thorough review!

We have renewed the domains for the maximum term possible. As @groundcat pointed out, NIC.IT only allows a maximum 1-year extension, so extending beyond 2 years isn't an option. The WHOIS record has an approximate 1-month delay, so the WHOIS expiry date isn't accurate. We have confirmed with the registrar too, just to be sure, that the domains are properly renewed for the maximum term allowed within our ability.

• 16-b.it expires on 05 Aug 2025, auto-renew enabled.
• 32-b.it expires on 05 Aug 2025, auto-renew enabled.
• 64-b.it expires on 17 Sep 2025, auto-renew enabled.

We also fixed the sorting issue. Thank you for the clarification @wdhdev ! We didn't realize that an empty space in naming affects the order.

Regarding your question about prvcy.page, please leave prvcy.page in the current block as this domain is still under the management of the o3o Foundation. We are simply providing free registry service for them. Both they and we are non-profit projects, but we are separate entities with different teams.

As we mentioned in the reasoning section above, we are submitting this PR prematurely due to the fact that volunteers are planning to remove these domains via PR #2113. Our original plan was to submit a change of organization PR only once we feel well prepared. This is also why we are not adding new domains .pride.ngo and .pride.moe to PSL at this time in this PR—we don't believe the number of users of the pride domains meets PSL requirements, and we don't want to waste volunteer time for the PSL project, which we greatly appreciate. However, 16-b.it, 32-b.it, 64-b.it are existing PSL domains so this PR is only requesting a change of organization and contact information, though have user ranges between 40-70, for the situations (paused and reopened registration) stated in the "Reason for PSL Inclusion," but we do have a total of 1207 users in less than a year since launch, so we expect the number of users to grow in the future.

Unfortunately, our DNS provider Hetzner DNS is currently experiencing a DDoS attack, which has significantly impacted resolution for the past 8 hours😢. I'm afraid the _psl TXT record may sometimes not return the expected authoritative answer, but hopefully, this DDoS attack is temporary. Many of our users are currently affected as well.

;; ANSWER SECTION:
_psl.16-b.it.           297     IN      TXT     "https://github.com/publicsuffix/list/pull/2115"

;; ANSWER SECTION:
_psl.32-b.it.           300     IN      TXT     "https://github.com/publicsuffix/list/pull/2115"

;; ANSWER SECTION:
_psl.64-b.it.           300     IN      TXT     "https://github.com/publicsuffix/list/pull/2115"

Thanks for your volunteer efforts, and let us know if you have any further questions.

[groundcat]

• Expiration (Note: Must STAY >2y at all times)

  • 16-b.it expires on 2025-08-05 (WHOIS); 2Y extension not possible due to registry limitation.
  • 32-b.it expires on 2025-08-05 (WHOIS); 2Y extension not possible due to registry limitation.
  • 64-b.it expires on 2025-09-17 (from requester comments); 2Y extension not possible due to registry limitation.

• DNS _psl entries (Note: Must STAY in place)

  • _psl.16-b.it OK
  • _psl.32-b.it OK
  • _psl.64-b.it OK

• Tests pass

• Sorting

• Reasoning/Organization description

  • No new entry added. Only changed the organization name and email.

• Non-personal email address

[simon-friedberger]

TY @groundcat and @wdhdev !