Closed briand44 closed 3 years ago
richardbporter
commented
3 years ago This is not really a problem we can solve. Since our policy does not disallow vanity domains, I think it would be easier to just allow them rather than do the redirects ourselves. Maybe we just need to update our policy to not recommend using DNS forwarding unless someone knows of a registrar or service that does this?
richardbporter
commented
3 years ago We also already have a number of live vanity domains on our service and I know of more that will be needed in the future.
richardbporter
commented
3 years ago @briand44 https://sitenow.uiowa.edu/node/31/latest
briand44
commented
3 years ago I am good with your changes, although we may want to revisit all of this text at some point. I am interested in @mjoneill thoughts? Is Hostmaster still going to approve top level domains or is that something OSC is going to do from a marketing perspective? Should we be referencing the Domain Name Policy here somewhere?
Domains outside uiowa.edu, e.g. mysite.com, are highly discouraged.
I wonder if we need to lighten our stance on that a bit? I am wondering if we should add something like, "except when there is a direct marketing benefit...." or some specific cases where this would be ok?
mjoneill
commented
3 years ago Is Hostmaster still going to approve top level domains
For now, yes. Hostmaster communicated that they did not want to solely own this responsibility. Neither does OSC. I think we need to work together on this. For now, let's keep the bus rolling.
As I read it, the domain name policy says they are generally prohibited, except in exceptions.
@briand44 and @richardbporter, do you mind if I make a revision to your revisions and see if that helps? I'm thinking of linking to the domain name policy https://itsecurity.uiowa.edu/domain-name-policy as part of this.
briand44
commented
3 years ago @mjoneill please do.
mjoneill
commented
3 years ago @briand44 and @richardbporter: I was able to get to this. Some edits that link to the U's domain name policy and lean into the prohibitions against off uiowa.edu domain names a bit more. Warning: Still working on my first coffee, so a second set of eyes is appreciated. If you see anything that doesn't look right, holler. If it's clean, I think we can publish.
GoDaddy doesn't support forwarding https domains so users get an SSL error. An example can be seen at https://uilicensing.com. http://uilicensing.com will forward but with browsers defaulting to https we can't rely just on the http forwarding.
We are recommending customers do this for non uiowa domains. https://sitenow.uiowa.edu/policies
How should we handle these?
Cover both domains (uilicensing.com/licensing.sites.uiowa.edu) in our SAN cert on Acquia and have customer point DNS to Acquia and create htaccess redirect? This would require us to work with customer to validate domain each year since the non uiowa domain would be forwarding, we wouldn't be able to validate ourselves using https validation.
Just use non uiowa domain? This could simplify things because we would not need to create a redirect and we would only need to cover the non uiowa domain in our SSL cert. We would be able to validate this domain just like any other. Downside is there is not a uiowa domain (Domain Name Policy?) --- This could be an issue if the domain was a subdomain (compliance.hawkeyesports.com) because we need to validate the top level domain and we wouldn't have access to do that. Customer would need to do this each year.
Possible options of having multiple SSL certs.
Are there Registrars who do support forwarding https?