".rs" domains and corporate firewalls


#1

Hi folks,

Apologies if this has been already discussed. I quick search of rust-lang users and internals didn’t find anything. A related conversation is Rust behind a corporate firewall but that focuses on mirroring of packages so I thought I would make a new topic. The issue to bring up is that a lot of corporate firewalls will block the “.rs” top level domain. Depending on the company you may be able to request exceptions. But those are typically requested one at a time for each domain and the requests take some time to process.

Here are some sites that are affected:

Just want to raise awareness of the issue. As Rust gets adopted more by industry this might become more of an issue.


Alternate download location
#2

I’d say docs.rs should be a high priority, as many crates are now letting that be the primary documentation.


#3

Why would any firewall block a TLD of a sovereign and reputable state?


#4

“What’s an RS? Sounds communist.

“Well, it’s a top-level domain that…”

“Oh, so it’s a sex kink thing. Ban it.

“What? No, I said ‘domain’, not ‘domin…’”

Are you talking back to me?!

“… no, sir. Banned it is.”


#5

I think if your IT team is blocking .rs (serbia) then you should get them to unblock it. If they won’t do that then then subverting their ‘security’ by mirroring sites via sneakernet or whatever will probably go down like a lead balloon.


#6

Another important domain would be rustup.rs since the the first advertised way to install it on Linux and macOS is to curl https://sh.rustup.rs ... adding one more barrier to an easy install experience.


#7

Thanks for bringing this issue up.

It’s hard to evaluate the seriousness of this issue without further information. Do we have any numbers to indicate that .rs is blocked significantly more often than other tlds?

Frankly, I’m also quite worried about the long-term impacts of relying on Serbian infrastructure. It could bite us badly with changes in global politics. It may be prudent to migrate to some other scheme.


#8

With regards to the magnitude of the issue, yeah I was thinking over the next week of trying to do an informal survey on twitter to see how frequent the “.rs” domain is blocked by corporate firewalls.


#9

@brson, now that rustup is 1.0 and the primary sanctioned install mechanism for Rust, would it make sense to move it to being hosted on https://rustup.rs to https://www.rust-lang.org?

Maybe https://rustup.rust-lang.org or https://www.rust-lang.org/rustup?


#10

We could apply for a gTLD (lang.rust, up.rust) :stuck_out_tongue:


#11

Please https://up.rust :laughing:


#12

I’m not sure a new TLD is the best place $185,000 could be allocated to the Rust project :stuck_out_tongue:


#13

Well, rustc.io available, but not rust.io nor ru.st, unfortunatelly


#14

It never occurred to me before that .io -> Iron Oxide -> Rust. I’m sure that wasn’t an accident in crates.io, or at least we should pretend it was intentional anyway. :slight_smile:


#15

Bear in mind that there are ethical concerns involved in the use of the .io domain. See here and here. It might be advisable to avoid it.


#16

The ccTLDs are rarely managed by countries directly, but rather by non-profits (case for .rs), universities, or even Ltds (.me, .io). For that reason it is very unlikely these domains will go poof the same moment something serious happens and everybody will have plenty of time setup the 302s and stuff when stuff actually happens.


#17

Yet another occurrence reported. It seems that we cannot fight the reality, even though (as @nagisa pointed out) the current governing authority of .rs, RNDIS, is a non-profit foundation and probably less affected by the politics.

I’m not sure if it’s entirely feasible, but dns.js.org is an interesting precedent if you consider an alternative domain. It strongly relies on Github pages, but the only infrastructure requiring GH is the domain list manipulated by PRs and we already require that level of GH usages for crates.io. Maybe very common projects with .rs domains can be CNAMEed into that namespace when necessary.


#18

For me even static.rust-lang.org is blocked by some generic rule. But rs domain sounds suspicious to some I think.


#19

It is shocking to know it. The second link is very interesting. I had io domain myself, it is going to retire eventually but can not be closed right now.


#20

This is the first time I see this. This honestly sounds interesting, but I wouldn’t know of a good, catchy, available domain to use that with :).