
Firefox now also forces .dev TLD to HTTPS - Mojah
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/?hn
======
Spivak
Does nobody read the RFCs before deciding on using a TLD for private use?
Everyone seems to know private address space but why does nobody bother to
learn private DNS names?

[https://tools.ietf.org/html/rfc2606](https://tools.ietf.org/html/rfc2606)

    
    
        .test
        .example
        .invalid
        .localhost
    

".test" is recommended for use in testing of current or new DNS related code.

".example" is recommended for use in documentation or as examples.

".invalid" is intended for use in online construction of domain names that are
sure to be invalid and which it is obvious at a glance are invalid.

The ".localhost" TLD has traditionally been statically defined in host DNS
implementations as having an A record pointing to the loop back IP address and
is reserved for such use. Any other use would conflict with widely deployed
code which assumes this use.

~~~
Doxin
Okay so which TLD should I use in a development environment? I'm not writing
DNS-related code so .test is out. The domain actually does resolve on my local
resolver so .example is out, as is .invalid. .localhost is out for anything
not on the local host. So that leaves what?

~~~
Spivak
The wording in the RFC could stand to be a little better but what do you
expect from engineers that are miles deep in DNS? You're looking for .test --
'related' is far more broad than is initially implied and means 'code that
uses DNS'.

------
sp332
I'm not sure anyone should have been given the .dev TLD. However since Google
has it, it makes sense for them to pin HSTS for the domain. Anyone else with a
.dev domain is potentially impersonating a Google domain.

