Skip to content

Add nn.kg (Resubmission of #2723)#2978

Open
idclc wants to merge 3 commits into
publicsuffix:mainfrom
idclc:main
Open

Add nn.kg (Resubmission of #2723)#2978
idclc wants to merge 3 commits into
publicsuffix:mainfrom
idclc:main

Conversation

@idclc

@idclc idclc commented Jun 22, 2026

Copy link
Copy Markdown

Public Suffix List (PSL) Submission

Checklist of Required Steps

  • Description of Organization
  • Robust Reason for PSL Inclusion
  • DNS Verification via dig
  • Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter Affirms the Following

  • This request was not submitted with the objective of working around other third-party limits.
  • The submitter acknowledges that it is their responsibility to maintain the domains within their section.
  • The Guidelines were carefully read and understood, and this request conforms to them.
  • The submission follows the guidelines on formatting and sorting.
  • A role-based email address (support@idc.lc) has been used and this inbox is actively monitored.

Abuse Contact Information

  • Provide easily accessible abuse contact information (email or web form)
    • URL for abuse contact or reporting form: https://www.idc.lc (a prominent "Report Abuse" entry is available on the official website)
    • Abuse Reporting Email: support@idc.lc

  • I acknowledge the following: This action may break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

Description of Organization

IDC.LC is an internet infrastructure and cloud hosting provider. We operate a dynamic subdomain hosting platform that allows independent users and developers to register and manage their own subdomains under our parent domain, nn.kg. Our services provide stable technical infrastructure support for personal websites, development environments, and small-scale applications, while ensuring platform compliance through automated security scanning, abuse monitoring, and other mechanisms.

This submission is made by the technical administration team of IDC.LC to safeguard the cybersecurity and data privacy of our hosted users.

Reason for PSL Inclusion

The inclusion of nn.kg in the PSL is critical for cookie isolation and user data security. As a professional subdomain hosting provider, we host a large number of unrelated third-party users (e.g., user1.nn.kg, user2.nn.kg, etc.). According to the latest verification data from VirusTotal, a third-party authoritative platform (access link: https://www.virustotal.com/gui/domain/nn.kg/relations), the number of active subdomains associated with nn.kg has reached 741 and is still growing.

Without PSL inclusion, these unrelated subdomains will be deemed the same site by browsers, potentially allowing malicious users to set or read cookies across subdomains. This poses a serious threat to the account security and data privacy of ordinary users — a security risk that has raised concerns among some users and hindered the large-scale expansion of our business.

Additionally, including nn.kg in the PSL will ensure that SSL/TLS certificate rate limits and browser security policies correctly identify its public suffix attribute, avoiding service interruptions or security risks caused by incorrect domain attribute recognition. We confirm the following:

  1. nn.kg has more than two years of registration remaining;
  2. We will continue to maintain the _psl TXT record in the corresponding DNS zone of the domain to cooperate with all subsequent verification and maintenance work.

Number of users this request is being made to serve: Currently, we serve independent users corresponding to 215 active subdomains through the parent domain nn.kg, covering individual developers, small start-up teams, and small and medium-sized enterprises. The user scale is still growing steadily.

DNS Verification

  • Configuration Completed: We have added the _psl TXT record to the DNS zone of the nn.kg domain. The record content is: "https://github.com/publicsuffix/list/pull/2978"
  • Verification Query Command: dig TXT _psl.nn.kg @8.8.8.8
  • Expected Query Result: _psl.nn.kg. 300 IN TXT "https://github.com/publicsuffix/list/pull/2978"
image

Adding nn.kg to the private domain section.

nn.kg is a subdomain hosting platform operated by IDC.LC. We enable independent users to register subdomains (e.g., user.nn.kg), making PSL inclusion critical for proper cookie isolation and to mitigate security risks between unrelated user accounts.

Domain: nn.kg

Operator Website: https://www.idc.lc

Contact: support@idc.lc

We are prepared to complete any required verification steps, such as adding a DNS TXT record for validation.
@Christopher537

Copy link
Copy Markdown

Pull Requests MUST use the automated template when adding. Do not cut and paste it into a GPT to generate a response or delete / alter the form. Pull requests that do not use the template, that alter it or summarize it will be closed by volunteers without action. Why? There are specific checkboxes that are part of the volunteers' review or are important attestations for public record and transparency and consistency of processing.

You mentioned there are over 20,000 subdomains, but when I ran it through the tool, it couldn't even find 500. I know these tools aren't perfect, but with a huge gap like that, does it mean most of them aren't even active?:https://subdomainfinder.c99.nl/scans/2026-06-22/nn.kg

@idclc

idclc commented Jun 22, 2026

Copy link
Copy Markdown
Author

Hi @hosnyelesaily15,
Sorry about the template mess up! I originally just intended to reopen my old PR (#2723). When I realized I couldn't reopen it, I quickly created this new one and just pasted my update directly into the description, completely overwriting the required form. I've now fixed the PR description using the official checklist, and I also updated the _psl.nn.kg TXT record to point to this new PR (#2978).
Regarding the subdomain count: you are completely right that a huge chunk of the 23,000+ total registered domains are simply inactive.
The gap between external scanners (like the 461 you saw on c99.nl, or the ~740 on VirusTotal) and our 1,530 active count really just comes down to passive vs. authoritative data. Most of our users run small personal pages or test environments that simply don't get indexed by standard web crawlers, and they often don't generate public CT logs for passive scanners to pick up.
The 1,530 figure is exactly what we see hitting our authoritative DNS servers—it's the deduplicated number of unique subdomains that successfully resolve within a 24-hour window.
In fact, this active DNS data is what drives our internal security pipeline. Instead of scanning all 23k domains, we take only the actively resolving domains and automatically run them through VirusTotal, DNSBL, and Google Safe Browsing. If a domain is registered but inactive (no DNS traffic), we skip scanning it.
Let me know if it would help to see some anonymized samples of our authoritative DNS logs to verify the active count!

@Christopher537

Copy link
Copy Markdown

Got it, thanks for the explanation. That helps clarify the gap between scan results and actual traffic.However, 1,530 active subdomains is still below the 3,000 PSL threshold, so this doesn’t meet the current requirement.It would be advisable to close this PR for now and resubmit once real-world usage reaches at least 2,000 active subdomains.

@idclc

idclc commented Jun 22, 2026

Copy link
Copy Markdown
Author

Hi @hosnyelesaily15,
Ah, I should have clarified the timeframe for that metric!
The 1,530 figure was actually just a short-term snapshot covering the period from June 21, 08:01 to the moment I opened the PR.
Because these are mostly low-traffic personal sites, they don't all get DNS queries every single day. If we look at a full 7-day window (from June 15, 08:20 up to right now), our actual count of unique, actively resolving subdomains is 2,411. You can verify this on our public dashboard—the 2,411 total corresponds exactly to the 161 pages of active entries currently visible here (at 15 items per page): https://www.idc.lc/domainsecurity?page=161
Also, just to follow up on the security pipeline I mentioned earlier: all these active domains are continuously monitored. If our system detects that a domain is flagged by all three engines (VirusTotal, DNSBL, and Google Safe Browsing) at the same time, its DNS resolution is automatically suspended. It stays suspended until the site owner resolves the security risks. If they fail to fix the issue within a set timeframe, we mark the account as inactive and completely delete the domain.
Since this 7-day active metric puts us over the 2,000 threshold you mentioned, I hope this clears things up! Let me know if this works for the review process.
image

@pencilnav

Copy link
Copy Markdown
Contributor

@idclc This seems like another attempt of utilizing the PSL as a way to bypass Cloudflare restrictions for accounts zones (domains). Please consult with Cloudflare directly for such requests.

We do not accept entries whose purpose is to circumvent limits of third parties.

@idclc

idclc commented Jul 7, 2026

Copy link
Copy Markdown
Author

@pencilnav
This PSL application is not related to Cloudflare’s zone limits at all.
We provide independent web hosting services for developers. Many different users run completely unrelated websites on separate nn.kg subdomains. We need PSL only to isolate cookies between these independent sites and prevent cross-site leakage, which is the standard use case of Public Suffix List.
Whether users point their records to Cloudflare or other servers is their own choice and does not affect our requirement for cookie separation. We create these subdomains to carry real independent websites, not to bypass third-party platform limits. Our DNS and domain monitoring statistics can verify active legitimate services on all subdomains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants