Add "[region].zeabur.app"

[pan93412]

Public Suffix List (PSL) Submission

Checklist of required steps

• Description of Organization

• Robust Reason for PSL Inclusion

• DNS verification via dig

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• This request was not submitted with the objective of working around other third-party limits.

• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• The Guidelines were carefully read and understood, and this request conforms to them.
• The submission follows the guidelines on formatting and sorting.

Abuse Contact:

[email protected]

• Abuse contact information (email or web form) is available and easily accessible.

  URL where abuse contact or abuse reporting form can be found:
  https://zeabur.com, "Contact" and "Discord".

---

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

---

Description of Organization

Zeabur is a PaaS designed to simplify the deployment process for developers. It supports various programming languages and frameworks, enabling users to deploy applications with just a few clicks. Zeabur offers features such as automatic code analysis, continuous integration and deployment (CI/CD), auto backup, etc., which allows developers to focus more on development without worrying about infrastructure maintenance. 

Organization Website:

https://zeabur.com

Reason for PSL Inclusion

There was a [ugc].zeabur.app. To improve latency and DNS management, we are adding "[ugc].[region].zeabur.app," which points to the IP of our specific shared region. The old [ugc].zeabur.app domain is still available but is not generated by default.

Number of users this request is being made to serve:
500+ per region.

DNS Verification

• Add DNS verification

[groundcat]

Would it be possible to use *.zeabur.app for your use case instead of individual [region].zeabur.app entries? This would help keep the PSL entries minimal while potentially achieving the same functionality through PSL's wildcard feature.

[pan93412]

Would it be possible to use *.zeabur.app for your use case instead of individual [region].zeabur.app entries? This would help keep the PSL entries minimal while potentially achieving the same functionality through PSL's wildcard feature.

I afraid it may introduce some issues, since the subdomain can be:

[ugc].zeabur.app
[region].zeabur.app

[simon-friedberger]

What is the technical reason for needing these regional domains? Is the intent that the users migrate to customer_id.region.zeabur.app?

In that case, I agree with @groundcat. Please migrate your users and use *.zeabur.app. If your users are not using domain cookies or Cloudflare management adding this should actually not affect them.

[pan93412]

What is the technical reason for needing these regional domains? Is the intent that the users migrate to customer_id.region.zeabur.app?

In that case, I agree with @groundcat. Please migrate your users and use *.zeabur.app. If your users are not using domain cookies or Cloudflare management adding this should actually not affect them.

We migrated to customer_id.region.zeabur.app to work around the DNS limit for subdomains. Previously, we added the following domains:

xxx.zeabur.app A [region-1]
yyy.zeabur.app A [region-2]
zzz.zeabur.app A [region-3]

However, we reached the DNS limit for subdomains. Therefore, we migrated to:

*.[region-1].zeabur.app A [region-1]
*.[region-2].zeabur.app A [region-2]

I want to add these PSL entries to resolve several issues:

• We have received reports that some antivirus software mistakenly identifies [region].zeabur.app as being owned by a single entity, leading to blocked access. Adding these PSL entries will clarify that it is not owned by just one user.
• Some password management applications treat the website name of [customer_id].[region].zeabur.app as [region] instead of [customer_id]. PSL entries can provide better guidance for them.
• Same-origin cookies in [domain].[region].zeabur.app should not be shared across these domains.

Not sure if there is a better solution for this. Would it better to add another domain entry like:

*.*.zeabur.app

?

[wdhdev]

We don't support multi-level wildcards unfortunately.

[simon-friedberger]

I am not aware of any restrictions on DNS subdomains, except for the fact that a label can have at most 63 bytes but that should easily be enough. What am I missing here?

[simon-friedberger]

I think you are misunderstanding what wildcards do. Adding *.zeabur.app should be enough.

[pan93412]

I think you are misunderstanding what wildcards do. Adding *.zeabur.app should be enough.

We have different gateway IP for each region. Each gateway serves only for their own region. I don't think a single wildcard record is useful for this…

The DNS record limit (can create at most 3,500 records I think? not sure about it) seems from our name-server provider. Anyway, we eventually decide to open a dedicated subdomain for serving such services.

[wdhdev]

According to a NS record lookup you are using Cloudflare, and I suspect you are using the Pro/Business plan as you have a 3,500 DNS record limit. You can contact Cloudflare to get a record increase if you need, and normally they will be happy to give it to you. For example, I have a domain with a 10,000 DNS record limit on CF, due to it having over 7,000 DNS records concurrently.

[pan93412]

According to a NS record lookup you are using Cloudflare, and I suspect you are using the Pro/Business plan as you have a 3,500 DNS record limit. You can contact Cloudflare to get a record increase if you need, and normally they will be happy to give it to you. For example, I have a domain with a 10,000 DNS record limit on CF, due to it having over 7,000 DNS records concurrently.

Sure, I would elevate to my partners. However, I would still like to know if our current solution can be added as the PSL entities. Seems like AWS has done it before?

[wdhdev]

Are you trying to get added to the PSL in order to add separate zones to Cloudflare?

[simon-friedberger]

Adding *.zeabur.app is just fine. If you want to name the individual regions, that is also possible but you have to motivate that better.

[pan93412]

Are you trying to get added to the PSL in order to add separate zones to Cloudflare?

Yeah, though I'm not entirely sure what you mean. Did the explanation in #2300 (comment) matched what you thought?

[pan93412]

Adding *.zeabur.app is just fine. If you want to name the individual regions, that is also possible but you have to motivate that better.

Sure, then I will just stick on the current PSL records, since most time it works pretty well. Thanks again for you guys' kind help!