Update .ck -- adding sld records to instantiate wildcard, no policy change #1435

brian-peter-dickson · 2021-09-28T07:35:00Z

Description of Organization
Reason for PSL Inclusion
DNS verification via dig
Run Syntax Checker (make test)
Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place

Submitter affirms the following:

We are listing any third party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
This request was not submitted with the objective of working around other third party limits
The Guidelines were carefully read and understood, and this request conforms
The submission follows the guidelines on formatting

For Private section requests that are submitting entries for domains that match their organization website's primary domain:

Seriously, carefully read the downline flow of the PSL and the guidelines.
Your request could very likely alter the cookie and certificate (as well as other) behaviours on your 
core domain name in ways that could be problematic for your business.

Rollback is really not predicatable, as those who use or incorporate the PSL do what they do, and when.
It is not within the PSL volunteers' control to do anything about that.  

The volunteers are busy with new requests, and rollbacks are lowest priority, so if something gets broken 
it will stay that way for an indefinitely long while.

(Link: about propogation/expectations)

Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.

Description of Organization

Organization Website:

Individual, not acting on behalf of employer.
DNS architect at GoDaddy, member of DNS-OARC, IETF contributor.
No connection to request per se.
Improving entry by instantiating second level domains covered by the wildcard.
No change in policy.

Reason for PSL Inclusion

Not my domain(s), but I am submitting a list of entries for the CCTLD 'ck' at the second level, to enumerate entries that would otherwise be covered by the single wildcard entry '.ck'.
The purpose is to enable anyone using the PSL to generate accurate RPZ zone files.
RPZ (response policy zone) files are ordinary zone files, and as such, do not support wildcard interior labels like 'foo..example.com'. Enumerating the matching actual entries allows this to instead be 'foo.bar.example.com', if the only actual wildcard match was 'bar'.

No policy change results from this PR. The existing matching of wildcard vs literal SLD has the same level rules.

This is one of several similar submissions, for other CCTLDs which currently have only wildcard SLDs listed.

DNS Verification via dig

Not responsible for the domain, so cannot add these TXT records.
However, here is dig output demonstrating that the specific second level domains exist (as ENTs):

; <<>> DiG 9.16.13 <<>> @downstage.mcs.vuw.ac.nz biz.ck. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25520
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;biz.ck. IN NS