Add onporter.run

[rudimk]

• Description of Organization

• Reason for PSL Inclusion

• DNS verification via dig

• Run Syntax Checker (make test)

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
• This request was not submitted with the objective of working around other third-party limits

• The Guidelines were carefully read and understood, and this request conforms
• The submission follows the guidelines on formatting

---

For Private section requests that are submitting entries for domains that match their organization website's primary domain:

• Note that this isn't applicable here since my organisation's primary domain is porter.run which is different from the domain being submitted for inclusion here - onporter.run.

---

Description of Organization

Organization Website: https://porter.run

Porter is a fully-managed PaaS that lets teams automate DevOps, and enables them to deploy and manage apps within AWS, GCP, DO as well as on-prem infrastructure. This is accomplished by allowing users to easily orchestrate Kubernetes clusters in their own cloud accounts, and then provides a managed PaaS overlay on top.

One of the features provided by Porter are app domains, which are typically unique DNS entries provisioned on a shared domain - onporter.run. This allows users to quickly get started with running their apps using Porter, without the need for a custom domain right away.

I handle infrastructure at Porter, and I'm making this submission on Porter's behalf.

Reason for PSL Inclusion

The reason for this submission is cookie security. Each subdomain on onporter.run is technically owned by different Porter users, similar to how subdomains on web hosting services work. We'd like for our users to be able to set cookies within their own subdomains, but we certainly don't want them to set cookies for onporter.run, due to the risks that would pose.

We're not looking to circumvent Let's Encrypt's rate limits with this inclusion; we have separately applied to them for a rate increase, and these two requests have no bearing with each other.

Finally, the onporter.run domain is set to expire in 2025.

DNS Verification via dig

dig +short TXT _psl.onporter.run
"https://github.com/publicsuffix/list/pull/1483"

make test

I've run make test and I can confirm everything passes.

[dnsguru]

• DNS Validated;
• No Conflict with Base
• Tests Pass
• Guideline Conformant

Approved

[groundcat]

Hello @rudimk I have noticed that the domain onporter.run has been returning an NXDOMAIN error. Is this project still active? If the service has been decommissioned and the domain is no longer linked to an active project, please confirm whether it can be safely removed from the PSL. Additionally, the WHOIS information indicates that the domain expires on 2025-09-28. To maintain inclusion in the PSL, please ensure the domain is renewed for more than two years at all times. If we do not hear back from you within 30 days, your entry may be subject to removal. Thank you. #1119

[rudimk]

Hey there. We typically don't host anything on the root, but there are hundreds of subdomains for onporter.run - think that probably explains the NXDOMAIN error you're seeing. Is that something that needs fixing - like do you need me to add a basic landing page or something to ensure the root domain resolves to something?

Re the domain's validity - currently away on holiday but I'll be back online around the 6th, will renew the domain for 2+ years. Thanks so much for flagging this!

To confirm - we're definitely active and PSL inclusion allows us to give our customers the ability to have a quick onporter.run domain with a LE cert but with varying cookie ownership. Apart from the domain renewal, please let me know if you want me to point onporter.run someplace and have it resolve at the root domain level.

[wdhdev]

Thanks for the confirmation. A basic landing page on the root could be helpful to reduce any potential false flags like this in future.

[groundcat]

Upon closer look, the domain returns this information:

Query:

dig @ns3.onporter.run. onporter.run. SOA

Response:

onporter.run. 3600 IN SOA a.misconfigured.powerdns.server. hostmaster.onporter.run. 2024122908 10800 3600 604800 3600

The primary nameserver is set to a.misconfigured.powerdns.server. - The NXDOMAIN errors are likely occurring because the PowerDNS server appears to be misconfigured with placeholder values rather than proper nameserver settings. I'd recommend checking the PowerDNS configuration and ensuring proper nameserver records are set up.

[rudimk]

Gotcha. Think I need to look at what's inside default-soa-content and fix that up. Once again, appreciate the tip, thanks folks!

[simon-friedberger]

@rudimk If you add a landing page, adding some information on how to report abuse would be great!

[rudimk]

Hey folks. So couple things:

1. I'll add a basic landing page with info on reporting abuse by Monday.
2. What's proving to be a tad trickier is the domain lifetime extension. This domain was recently moved over to Squarespace as part of the Google DNS EOL, and Squarespace apparently doesn't show an option to preemptively extend the registration period. While I've reached out to Squarespace's support - it's been 3+ days now and there's been no response. I'd like to ensure we're not booted off the PSL until we're able to figure out what to do next(even if it means migrating the domain to say Cloudflare).

Really appreciate it, thanks so much!

[wdhdev]

Squarespace doesn't allow extending domain registrations as far as I know. We are fine if you don't meet that requirement as your registrar doesn't support it, but please ensure it is renewed every year.

[fakeboboliu]

If you want to have a try, for Squarespace, manual renewal can be done by temporary disabling auto renewal.
There will be an "add years" button if they mercifully allow you to renew your own domain.

[rudimk]

Hey folks - got a basic landing page with an option to report abuse up on https://onporter.run. Regarding Squarespace - we'll have it renewed by next week, in touch with their support team since the option add years still doesn't show up.

[rudimk]

Hey folks - just wanna flag, we've taken care of the domain renewal. It's valid up to September 28 2027 🫡