Update contact email for nyc.mn, add cn.st#2675
Update contact email for nyc.mn, add cn.st#2675simon-friedberger merged 2 commits intopublicsuffix:mainfrom
Conversation
|
@awsjulian initially created this pull request last year. For ownership, I am asking her to comment on this thread to confirm this one, if this is something that is required since we are not using the same GitHub account. |
|
Yes, authorization confirmed. |
publiczonenoc
changed the title
|
Please do not put transfer and addition in the same PR, as this may cause confusion; or rather, please do not intentionally cause confusion.
Therefore, your By the way, there're records matching {
"Status": 0 /* NOERROR */,
"TC": false,
"RD": true,
"RA": true,
"AD": false,
"CD": false,
"Question": [
{
"name": "edu.cn.st.",
"type": 2 /* NS */
}
],
"Answer": [
{
"name": "edu.cn.st.",
"type": 2 /* NS */,
"TTL": 21600,
"data": "ns-global.kjsl.com."
},
{
"name": "edu.cn.st.",
"type": 2 /* NS */,
"TTL": 21600,
"data": "ns0.nic.publiczone.org."
},
{
"name": "edu.cn.st.",
"type": 2 /* NS */,
"TTL": 21600,
"data": "ns4.nic.publiczone.org."
},
{
"name": "edu.cn.st.",
"type": 2 /* NS */,
"TTL": 21600,
"data": "ns3.nic.publiczone.org."
},
{
"name": "edu.cn.st.",
"type": 2 /* NS */,
"TTL": 21600,
"data": "ns1.nic.publiczone.org."
},
{
"name": "edu.cn.st.",
"type": 2 /* NS */,
"TTL": 21600,
"data": "ns2.nic.publiczone.org."
}
],
"Comment": "Response from ns1.nic.publiczone.org.(2607:7c80:53::53)."
} |
@fakeboboliu I'd like to address your concerns: I'm not sure what you mean by this accusation :-( The diff in this PR is self-explanatory: one section updates contact information for nyc.mn, the other adds cn.st. We also well explained the changes in the PR template above. There's no room for confusion when the changes are clearly separated in the diff. https://github.com/publicsuffix/list/pull/2675/files 
The reason I included both was that they share the same abuse monitoring infrastructure and operational context. However, I understand your concern. If the maintainers can confirm what they prefer, I'm happy to split this into two separate PRs: one for updating nyc.mn contact information, and another for the cn.st addition. I've also seen similar combined PRs in this repository where maintainers handle updates and new additions together without issue. We have already requested a registry extension to 2028-06-20 to meet the PSL's two-year minimum requirement. The WHOIS data has not yet updated to reflect this extension. We have already contacted Dynadot (our registrar), and they confirmed this is a registry-level issue or delay. 
The user statistics I referenced are from our existing PublicZone infrastructure (primarily nyc.mn and our other services). Since cn.st WILL BE newly launched, it does not yet have independent usage data. NS records for edu.cn.st, gov.cn.st, etc.: Yes! We are happy that you found them. These records exist, and they are supposed to exist. These are reserved second-level domains that are not available for public registration. We have intentionally created NS records for sensitive labels like We just also added 
Our zone updater script is designed so that if an NS record exists for a domain, it cannot be registered - even if someone successfully injects our database or compromises our PHP codebase. This is our last line of defense against abuse. It's a fail-safe that operates at the DNS layer, independent of application logic. The specific SLDs we've reserved are based on CNNIC-used official suffixes (China Internet Network Information Center standards), which are particularly sensitive for our Chinese user base. See below: Lines 814 to 821 in d3567de This prevents bad actors from registering subdomains like If you have specific technical concerns about our submission, I'm happy to address them. But please, keep the tone constructive and professional. IF you are genuinely interested to learn more, here's how our registration validation system works: |
ok, but why don't you just put something like in the cn.st zone file? Seems easier - just a thought https://www.rfc-editor.org/rfc/rfc5737
Also, some special strings like www, ftp, mail, and others of this nature should also be blocked. But users are not allowed to register xx.cn.st anyway right? up to you to implement them or not. I guess putting these in DNS could help solve DNS pollution like unauthorized resolving to malicious IPs, which is pretty common in mainland China by the way. |
|
@awsjulian Thank you for the suggestion, I've implemented it. I've removed NS and replaced them with A records pointing to 192.0.2.1 (TEST-NET-1) for reserved labels including I had two options:
I prefer option 1 (the wildcard) because it's more elegant and avoids cluttering the PSL.
Lines 13319 to 13373 in d3567de Users are not allowed to register second-level domains like The A records provide an additional safeguard against unauthorized resolution. |
DNSSEC exists for this purpose. |
I apologize if you found my tone harsh. I've gotten used to a more direct way of communicating in recent weeks.
This is precisely the reason for my doubt: the number of users acquired through acquisition actually belongs to nyc.mn. And I think that new domains should be processed in the seperate PR, even you have transfered or re-registered a listed domain.
Well this is actually 4th-level, but that doesn't matter. |
publiczonenoc
changed the title
|
5 participants
Public Suffix List (PSL) Submission
Checklist of required steps
Description of Organization
Robust Reason for PSL Inclusion
DNS verification via dig
Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the
_pslTXT record in place in the respective zone(s).Submitter affirms the following:
Abuse Contact:
Abuse contact information (email or web form) is available and easily accessible.
URL where abuse contact or abuse reporting form can be found:
noc at publiczone.orgFor PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.
To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.
PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.
(Link: about propagation/expectations)
Description of Organization
PublicZone provides free subdomains and DNS management services to developers, open source projects, and communities. We are committed to supporting the open source ecosystem by making domain management accessible and affordable.
PublicZone has acquired the nyc.mn subdomain registry from the NYC.mn Subdomain Service team. (We want to extend our sincere thanks to the NYC.mn team for their years of service to the community and for entrusting us with this registry through a symbolic $1 token transfer.)
PublicZone will also operate cn.st, a subdomain registry designed to serve users in mainland China and the broader Chinese-speaking developer community. Based on our operational data from the past year, more than half of our registered users are located in mainland China. The cn.st domain was established to better serve this significant geographic user base with a censorship-free domain structure that is familiar and intuitive for Chinese users.
While our website displays a $5/year domain fee, we currently do not have any payment gateway connected and do not collect actual payments. We do not plan to profit from this service. In the future, we will follow the nyc.mn model: users will be asked to donate to charities of their choice, provide proof of donation, and we will add equivalent credits to their account. This allows us to support the open source community while encouraging charitable giving. We are also running the GitHub developer credits program (free credit of $50 for projects with 100+ stars), which is designed to support legitimate open source developers.
Organization Website:
https://publiczone.org/
Reason for PSL Inclusion
This pull request serves two purposes: (1) updating the contact information for our existing nyc.mn entry, and (2) adding a new domain, cn.st, to the Public Suffix List.
Existing Entry: nyc.mn
The reason for nyc.mn being on the Public Suffix List remains unchanged: accurate domain boundary recognition across all modern browsers, protecting the safety of our subdomain registrants and users.
Our service is similar to eu.org, providing subdomains to Internet users.
New Entry: cn.st
We are requesting the addition of the wildcard
*.cn.stto the Public Suffix List. The{tag}.cn.stdomain uses a hierarchical structure where the second level serves as a registrant type tag (e.g.,org,net,dev), while registrations occur at the third level. For example, users register subdomains likemyusername.org.cn.st,myusername.net.cn.st, ormyusername.dev.cn.st. The second-level identifiers are not open for direct registration but instead categorize the type of project or registrant.Based on our operational data from the past year, the operator has observed that more than half of our active users are located in mainland China. The {tag}.cn.st domain was established to better serve this geographic user base with a domain naming convention that is intuitive and familiar to Chinese-speaking developers.
Fun fact:
.cn.stonce served as a subdomain registry suffix back in 2006, according to https://web.archive.org/web/20060601000000*/cn.stAbuse Prevention and Monitoring
We recognize that free subdomain services are often targets for abuse, as seen with services like eu.org. To address this challenge, we have invested heavily in proactive abuse detection and prevention:
Our goal is to make subdomain services accessible and affordable for developers in developing countries while maintaining a strong stance against abuse. This proactive approach differentiates us from other free subdomain providers and ensures the integrity of our service.
Both nyc.mn and cn.st have registration terms exceeding two years, and we are committed to maintaining the
_pslTXT records for the duration of our PSL listing.Note on int.al: PublicZone also operates the int.al subdomain registry (intended for international users). However, we have chosen not to include int.al in this pull request. Based on our current usage projections, the user base for int.al remains limited, and we believe in adhering to the PSL's principle of adding entries only when genuinely necessary. Should int.al see significant adoption in the future, we will submit a separate request at that time with appropriate justification and user data.
Number of users this request is being made to serve:
DNS Verification
Domain Expiry