[HN Gopher] Example Domain
___________________________________________________________________
Example Domain
Author : Allezxandre
Score : 109 points
Date : 2021-12-20 11:29 UTC (11 hours ago)
(HTM) web link (example.com)
(TXT) w3m dump (example.com)
| hereforphone wrote:
| There are several domains dedicated for example and special
| purposes. This is just one.
|
| https://www.iana.org/assignments/special-use-domain-names/sp...
|
| https://www.iana.org/domains/reserved
| nness wrote:
| The advantage of example.com is that its still served over HTTP,
| which is very helpful if you are trying to force a redirect for
| wifi login or 'out of quota' on a phone plan.
| 1vuio0pswjnm7 wrote:
| Why is it that popular browsers do not allow users to manually
| disable the behaviour that necessitates this apparently common
| workaround.^1 Is this another example of "tech" company
| paternalism.
|
| 1. Examples
|
| https://security.stackexchange.com/questions/149852/how-legi...
|
| https://zapier.com/blog/open-wifi-login-page/
|
| http://www.my80211.com/home/2012/7/23/web-auth-redirect-does...
| lolsal wrote:
| > Why is it that popular browsers do not allow users to
| manually disable the behaviour that necessitates this
| workaround.
|
| Probably the number of people that care about overriding this
| behavior could be counted on one hand.
|
| > Is this another example of "tech" company paternalism.
|
| No.
| BenjiWiebe wrote:
| Let me introduce you to neverssl.com!
| shakna wrote:
| The difference being, example.com is run by IANA [0] and
| guaranteed by them, whereas neverssl is just a kind-hearted
| soul, and may one day resolve to something else.
|
| [0] https://www.iana.org/domains/reserved
| aleksi wrote:
| That page says that example.com is registered by IANA. It
| makes no promises about it being plaintext HTTP only or
| even that HTTP service is available.
| shakna wrote:
| Only somewhat.
|
| > 2. Application software SHOULD NOT recognize example
| names as special and SHOULD use example names as they
| would other domain names.
|
| > 3. Name resolution APIs and libraries SHOULD NOT
| recognize example names as special and SHOULD NOT treat
| them differently. Name resolution APIs SHOULD send
| queries for example names to their configured caching DNS
| server(s).
|
| > 6. DNS server operators SHOULD be aware that example
| names are reserved for use in documentation.
|
| You are guaranteed to be able to try and resolve the
| domain, which should generally be enough for the crappy
| man-in-the-middle systems to work.
|
| However, example.com should never suddenly start serving
| you a cryptominer, etc. Which is the larger concern.
| innocenat wrote:
| > You are guaranteed to be able to try and resolve the
| domain, which should generally be enough for the crappy
| man-in-the-middle systems to work.
|
| I have never seen any captive portal work at DNS level
| though (and that by itself sounds problematic). They
| works at HTTP level. So if one day example.com start
| using HSTS then it will also be a problem, in addition to
| nowadays browser defaulting to HTTPS so you have to type
| http://example.com yourself.
|
| neverssl.com guarantees all of that, at least as long as
| it's there.
| Isthatablackgsd wrote:
| > neverssl.com guarantees all of that, at least as long
| as it's there.
|
| It didn't work for me when I tried to use it in the
| airport (DCA). I tried to get to the captive portal
| through Firefox and Vivaldi. It took a couple restart of
| my browser to managed to get to the captive portal. It is
| not guaranteed that it will work as in my case.
| toast0 wrote:
| Some of the captive portals I've run into do work at the
| DNS level, possibly tied to some other firewalling to
| prevent traffic leakage, I can't remember.
|
| Those were pretty problematic, for all the reasons you're
| thinking... Better to use a hostname you're not hoping to
| actually use.
| roywiggins wrote:
| Yeah, but neverssl.com could expire and start serving
| porn (or whatever), but we can be pretty sure example.com
| won't.
| 3np wrote:
| I've had WiFi captive portals that somehow don't redirect
| neverssl.com but do for other http/80 domains. Truly
| bewildering - I don't understand how it could happen by
| mistake, nor why anyone would do that on purpose.
| jen729w wrote:
| The other difference being that neverssl.com does a bit
| more as it immediately redirects you to a unique subdomain,
| ensuring that any caching that your browser is trying is
| subverted.
|
| Sure, it might go away one day. _Until it does_ , it's the
| best solution to this problem.
| teddyh wrote:
| There are a number of those. I use
|
| http://detectportal.firefox.com/
| Biganon wrote:
| I always use http://perdu.com because it makes me smile.
| It's not even intended for testing purposes.
| GrifMD wrote:
| http://captive.apple.com was my go to just because I'd see
| it flash in the url bar before redirecting when connecting
| to airplane wifi. I like the subdomain, it's an apt
| description of the state your in before passing through the
| login/payment flow for these kinds of networks.
| paradaux wrote:
| Chrome's equivalent is http://www.gstatic.com/generate_204
| for those curious, and plenty of other browsers have their
| own.
|
| Neat tools as until I learned of the existence of these
| ssl-less sites to prompt captive portals I use to try to
| connect to various sites until it showed up.
| oftenwrong wrote:
| IANA also reserves TLDs like '.test' and '.example' as well as
| some IDN equivalents.
|
| https://www.rfc-editor.org/rfc/rfc2606.html
|
| https://www.iana.org/domains/reserved
| santiagobasulto wrote:
| And .local, right?
| colmmacc wrote:
| There are also documentation and example IP prefixes!
| 192.0.2.0/24 and 2001:db8::/32.
| [deleted]
| politelemon wrote:
| The web logs on example.com must be a treasure trove of
| interesting traffic, and also a security risk in some ways,
| depending on who has been testing with it.
| entropie wrote:
| I wonder how they managed to get a horizontal scrollbar.
|
| Edit: its a chrome extenstion I use.
| folkrav wrote:
| I don't get a horizontal scrollbar unless I resize the viewport
| to <159px wide.
| entropie wrote:
| I use brave.
|
| But you are right. Its not really the fault of the markup of
| the side.
|
| I use "Definer" chrome plugin [1].
|
| That injects a absolute positioned #definer-bubble div with
| width:100% that does not work well with sites css thats sets
| a margin for every div.
|
| https://chrome.google.com/webstore/detail/definer-
| advanced-p...
| psim1 wrote:
| $ dig example.com. mx +short 0 .
|
| It has an interesting MX record. I wonder what this does?
| Specifically, what should a mail agent do when the MX record
| points to "." ?
| oftenwrong wrote:
| That's a "null MX", indicating that the domain does not accept
| mail.
|
| https://datatracker.ietf.org/doc/html/rfc7505
| psim1 wrote:
| Thanks! That RFC is new to me.
| Lightbody wrote:
| This is a great reminder that when working with test data for
| stuff like email delivery, always use example.com (or a few other
| similar TLDs) and not stuff like "test.com" or "acme.com" or
| "dummyuser.com". I see this all the time by devs and they don't
| understand the risk and why example.com was put into the
| standards.
| linuxlizard wrote:
| I have a .com domain with 'test' in the name. I was mildly DNS
| spammed because Microsoft admins would create that thing with
| test in the name. I'd get 10-20 DNS packets a day. I moved it
| to an external DNS provider just to give my logs a break.
| mathfailure wrote:
| 20 packets a day? Phew! So you barely survived the DDoS!
| 3np wrote:
| Maybe they're running their DNS server on a solar-powered
| Arduino.
| tsss wrote:
| Well, you also have to run the Kubernetes cluster, ELK
| stack, Postgres, Redis, Kafka, Prometheus, Grafana and
| Jaeger to monitor the application and scale elastically
| between 0 and 20 packets.
| tdrdt wrote:
| Exactly this. People heavily underestimate how many domain
| names are registered.
|
| There is a huge chance that you hit a mailbox when you make up
| an email address.
| throwawayboise wrote:
| Yep, even if you use a "random" email address like
| j4i58tujq45uh@foobar.com, they may very well have a "catch
| all" email account that will receive that mail.
| GauntletWizard wrote:
| I have an integration test domain. It's just another domain, so
| far as my systems are concerned, but it's another domain I own
| and sign up as a customer for all my services. Rather: I sign
| it up as a customer on my staging instance, which is a real,
| public facing instance, that gets no advertising.
|
| It's a real domain with functioning... whatever I need to test.
| Email, DNS, Identity servers, etc.
| psadauskas wrote:
| I always use `myco.example` for testing requests and emails, as
| well as documentation. https://en.wikipedia.org/wiki/.example
|
| It'll never resolve to anything, and makes it really obvious
| the code is for testing or sample code.
| tomcam wrote:
| No guarantee an .example TLD won't be created
| magicconch wrote:
| The first line of the linked Wikipedia page states that it
| will never be created.
| renewiltord wrote:
| Literally the standard, my dude.
| https://datatracker.ietf.org/doc/html/rfc2606#section-2
| throwawayboise wrote:
| Standards can change, but I guess if you allow for that,
| _example.com_ is no better.
| macintux wrote:
| Reminds me of the corp.com saga.
|
| https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-...
| anonu wrote:
| Only took 12 years of posting this to get a decent discussion
| going:
|
| https://news.ycombinator.com/from?site=example.com
| ezekiell wrote:
| I would to know how much traffic this website receives
| addingnumbers wrote:
| For a while my Amazon Alexa gadget was hitting three domains
| several times an hour, example.com/net/org. I looked with
| tcpdump and verified it was following every lookup with an HTTP
| get.
|
| I only left the Alexa on for a week while I was recovering from
| eye surgery, but it made those the top three most frequently
| queried domains for that whole month on my pi-hole charts.
|
| Presumably it was some connectivity test, but all three of
| those domains were hosted at the same IP at the time. Which
| would defeat the point of using three domains, if the goal was
| to reduce the possibility of one outage causing a false
| negative on the test.
| kijeda wrote:
| It was about 80Mbps earlier this year:
| https://twitter.com/kjd/status/1405887961791569924
| [deleted]
| seqizz wrote:
| I also want to know how many secrets just flow in
| intosi wrote:
| I forgot I had it installed on my phone, but clicking the link
| opened, to my surprise, the Simply Piano app. Why you'd associate
| your app with that domain for legitimate purposes is a bit of a
| mystery to me.
| smashed wrote:
| Probably by copy pasting example code?
| pjerem wrote:
| That.
| BillinghamJ wrote:
| Isn't that meant to be cryptographically paired? Apps shouldn't
| be able to intercept random domain names whenever they want
|
| You'd need the right info at URLs like:
|
| https://example.com/apple-app-site-association
|
| https://example.com/.well-known/apple-app-site-association
|
| https://example.com/.well-known/assetlinks.json (Android)
|
| (which obviously don't exist for this domain)
| [deleted]
| lgats wrote:
| iOS or Android?
| jaffacakes wrote:
| This shouldn't be possible on Android. Google requires apps
| capturing http/s deeplinks verify ownership of the URI.[1] They
| can accept any other schema declared in their manifest
| otherwise. Example code would seem most plausible, but I can't
| see how it would work.
|
| [1] https://developer.android.com/training/app-links/verify-
| site...
| kevingadd wrote:
| Twitter deeplinks open the third-party Twitter client I have
| installed (Fenix) on Android for me.
| pupppet wrote:
| Good on whomever for making it a public service rather than a
| crap site filled with ads.
| t3rabytes wrote:
| It's IANA directly: https://www.iana.org/domains/reserved
| pupppet wrote:
| Oh the number of times I've used that domain in mockups half
| wondering if I'm sending someone to a future porn site, I
| should've just checked!
___________________________________________________________________
(page generated 2021-12-20 23:01 UTC)