Cannot add co.douglas.or.us to CloudFlare - CF not adhering to RFC 1480

Answer these questions to help the Community help you get started.

What is the domain name?
co.douglas.or.us

Have you searched for an answer?
Yes

Please share your search results url:
“cloudflare” (“.state.us” OR “locality”) - Google Search

When you tested your domain, what were the results?
Cloudflare does not allow adding base domains of the United States Locality system.
co.los-angeles.ca.us = Not allowed to add the County Of Los Angeles. CO = County Of.
ci.los-angeles.ca.us = Not allowed to add the City of Los Angeles. CI = City.

Describe the issue you are having:
Cloudflare does not seem to understand RFC 1480, and calls such domains “subdomains”, where in fact the domain above it is the geographic locality with no name servers (only an SOA). The “CO”, “CI” are the name servers, and the first level of domain available to counties and cities. “CO” is the root domain.

What error message or number are you receiving?
“Please ensure you are providing the root domain and not any subdomains”

What steps have you taken to resolve the issue?

1. Contacted Cloudflare support. They suggested that I take over the entire geographic locality. Just to be sure this wasn’t possible - I contacted the registrar and they said that this would be prohibited as it would give me control over domains that were not mine and is explicitly forbidden by the US Department of Commerce who set up the US Locality system.

Was the site working with SSL prior to adding it to Cloudflare?
N/A

What are the steps to reproduce the error:

1. Try adding “county Of Los Angeles” of the United States Locality system per RFC 1480 to Cloudflare. co.los-angeles.ca.us will result in an error saying that “co” is a subdomain, when per 1480 it is not.
2. Contact the US Locality registrar under contact from the United States Department of Commerce and ask to take over an entire geographic locality. For example, be the city of Los Angeles, and try to take over “los-angeles.ca.us” and now you have control over the “County Of” Los Angeles as well.

Have you tried from another browser and/or incognito mode?
Yes.

Per the RFC: RFC 1480 - The US Domain (ietf.org)

In the case where there is both a county and a city with the same
locality name there is no problem, since the names will be unique
with the “CO” or “CI” keyword. In our area the county has a fire
department and the city has its own fire department. They could have
names like:

  Fire-Dept.CI.Los-Angeles.CA.US
  Fire-Dept.CO.Los-Angeles.CA.US

In this case, I do have control over the “CO”, and can change where its name servers point, but Cloudlfare continues to insist that unless I can violate the RFC and take ownership of the entire geographic locality, that adding my domain is not possible because it is a subdomain (which per the RFC it is NOT).

Cloudflare determines what zones can be added by referring to the public suffix list (PSL).

or.us is in the list, douglas.or.us isn’t therefore you can’t add co.douglas.or.us to Cloudflare. You would need to get the .us locality administrator to get it added to the PSL (it seems no city-level .us suffixes are in the list at the moment).

https://publicsuffix.org/list/

The PS list is dead end for resolving this as it would violate several of the PSL rules.

1. Vendors should not use the PS List as a solution to their validation issues, per the PS List rules:

“* PRs citing as rationale that a company referred them to the PSL as a solution or as a quality review sieve or enablement means for some of their products’ core feature(s) may experience long delays or non-acceptance on requests. Wherever possible, such projects should maintain their own solutions and not make such referrals.”

2. The PS list states that using it to get around 3rd party limitations is prohibited:

“We do not accept entries that have the objective of getting around limitations that have been put in place by a vendor… The PSL is not a ‘workaround’, and Pull Requests that appear to be doing this should expect to be declined. Be thorough and candid with the rationale furnished with the request.”

So, it would be denied for use by a single geographic locality, that will ultimately be only useful to one small county (100k pop), and only to get around the limitations of the CF domain input field.

3. The PSL is intentionally incomplete to maintain a small size:
   "The PSL is a globally used resource. PR submitters should understand that tens of millions, perhaps hundreds of millions of devices and uses may incorporate the change being requested, and need to consider if the request authentically merits such widespread inclusion. Expanding the file size even in small ways increases the overhead for everyone. File Size and scale of impact of a request is a consideration. "

No localities are added to the list because doing so would increase the list size substantially with the need to add all geographic localities (at minimum every county in every state). I understand and agree with the PSL on this.

This is a Cloudlfare issue not recognizing RFC 1480. That they use the PS List means there has to be some workaround or appeal process for when that list is incomplete.

No need to shoot the messenger. It’s Cloudflare’s policy.

There was a sniff in this thread that someone got it done, but no details.

My apologies, my tone in text is terrible. No doubt CF support feels the same : (

I appreciate your input, especially toward the PS list. I did look into that.

That CF manually fixed one of these domains is hopeful. I’ll keep pushing.

Hi @user8289,

Checked with the DNS/Registrar Teams and the conclusion is, it may be possible for an Enterprise (Premium) Support customer with a Liberate the Zone (LTZ) feature enablement.

A brief on the discussion: Circling back on the PSL.

Please check further with the Sales Team here:
https://www.cloudflare.com/en-gb/plans/enterprise/contact/

Thank you.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.