Update .pg -- instantiate SLDs for pg

[brian-peter-dickson]

• Description of Organization

• Reason for PSL Inclusion

• DNS verification via dig

• Run Syntax Checker (make test)

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place

Submitter affirms the following:

• We are listing any third party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
• This request was not submitted with the objective of working around other third party limits
• The Guidelines were carefully read and understood, and this request conforms
• The submission follows the guidelines on formatting

---

For Private section requests that are submitting entries for domains that match their organization website's primary domain:

Seriously, carefully read the downline flow of the PSL and the guidelines.
Your request could very likely alter the cookie and certificate (as well as other) behaviours on your 
core domain name in ways that could be problematic for your business.

Rollback is really not predicatable, as those who use or incorporate the PSL do what they do, and when.
It is not within the PSL volunteers' control to do anything about that.  

The volunteers are busy with new requests, and rollbacks are lowest priority, so if something gets broken 
it will stay that way for an indefinitely long while.

(Link: about propogation/expectations)

• Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.

---

Description of Organization

Organization Website:

I do not represent my employer.
DNS architect at GoDaddy.
No affiliation with domain owner.
Voluntarily adding second level domain entries in addition to existing wildcard.

Reason for PSL Inclusion

I am not affiliated with the domain owner, and cannot add the TXT record(s) as a result.
The request is to add second-level domains for the CCTLD, in addition to the existing wildcard ".pg".
The PSL policy for "pg" is not affected by the change.
What this accomplishes is that it enables use of the PSL for generating an RPZ zone.
RPZ (response policy zone) zones are ordinary DNS zones.
Prepending PSL entries to create RPZ records works correctly if the PSL entry does not have any wildcards.
DNS zones cannot have interior wildcards, or at least interior wildcards will never match any query.
For example, if the PSL entry is ".pg", then prepending "foo" gives "foo.*.pg", which never matches any query.

Adding the SLDs for pg will ensure that the generated records will all be of the form "foo.bar.pg", where "bar" is a real SLD underneath "pg" (the CCTLD). RPZ matching then works as expected.

DNS Verification via dig

I am not affiliated with "pg", but am able to confirm that the SLDs in question exist, via "dig" output with NOERROR results:

; <<>> DiG 9.16.13 <<>> @ns.uu.net. ac.pg. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39625
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 101c368bab01c6d44cff0e076153a62eb40d5c381364966e (good)
;; QUESTION SECTION:
;ac.pg. IN NS

;; AUTHORITY SECTION:
pg. 14400 IN SOA ns1.unitech.ac.pg. dns.unitech.ac.pg. 2021092302 14400 7200 1728000 14400

;; Query time: 66 msec
;; SERVER: 137.39.1.3#53(137.39.1.3)
;; WHEN: Tue Sep 28 16:33:02 PDT 2021
;; MSG SIZE rcvd: 114

; <<>> DiG 9.16.13 <<>> @ns.uu.net. com.pg. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4721
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 24ff3ce91a59064db2b2fd616153a62e7354ed5ae2696803 (good)
;; QUESTION SECTION:
;com.pg. IN NS

;; AUTHORITY SECTION:
pg. 14400 IN SOA ns1.unitech.ac.pg. dns.unitech.ac.pg. 2021092302 14400 7200 1728000 14400

;; Query time: 71 msec
;; SERVER: 137.39.1.3#53(137.39.1.3)
;; WHEN: Tue Sep 28 16:33:02 PDT 2021
;; MSG SIZE rcvd: 118

; <<>> DiG 9.16.13 <<>> @ns.uu.net. gov.pg. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62835
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: feb95dd58db18f2af0c263a56153a62e3b09f5c381fcb891 (good)
;; QUESTION SECTION:
;gov.pg. IN NS

;; AUTHORITY SECTION:
pg. 14400 IN SOA ns1.unitech.ac.pg. dns.unitech.ac.pg. 2021092302 14400 7200 1728000 14400

;; Query time: 66 msec
;; SERVER: 137.39.1.3#53(137.39.1.3)
;; WHEN: Tue Sep 28 16:33:02 PDT 2021
;; MSG SIZE rcvd: 118

; <<>> DiG 9.16.13 <<>> @ns.uu.net. mil.pg. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10768
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 357a03fd67399c96b0cb5b346153a62e1440c5f055472bc9 (good)
;; QUESTION SECTION:
;mil.pg. IN NS

;; AUTHORITY SECTION:
pg. 14400 IN SOA ns1.unitech.ac.pg. dns.unitech.ac.pg. 2021092302 14400 7200 1728000 14400

;; Query time: 65 msec
;; SERVER: 137.39.1.3#53(137.39.1.3)
;; WHEN: Tue Sep 28 16:33:02 PDT 2021
;; MSG SIZE rcvd: 118

; <<>> DiG 9.16.13 <<>> @ns.uu.net. net.pg. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34334
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e8201a25946a8542b8adf38f6153a62e47c8f0317b5c78b6 (good)
;; QUESTION SECTION:
;net.pg. IN NS

;; AUTHORITY SECTION:
pg. 14400 IN SOA ns1.unitech.ac.pg. dns.unitech.ac.pg. 2021092302 14400 7200 1728000 14400

;; Query time: 70 msec
;; SERVER: 137.39.1.3#53(137.39.1.3)
;; WHEN: Tue Sep 28 16:33:02 PDT 2021
;; MSG SIZE rcvd: 118

; <<>> DiG 9.16.13 <<>> @ns.uu.net. org.pg. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28388
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 23b75d23b850cf4982ab1ec26153a62ee740fd918c3396c0 (good)
;; QUESTION SECTION:
;org.pg. IN NS

;; AUTHORITY SECTION:
pg. 14400 IN SOA ns1.unitech.ac.pg. dns.unitech.ac.pg. 2021092302 14400 7200 1728000 14400

;; Query time: 66 msec
;; SERVER: 137.39.1.3#53(137.39.1.3)
;; WHEN: Tue Sep 28 16:33:02 PDT 2021
;; MSG SIZE rcvd: 118

make test

Make test was run, and all results were "PASS".

[dnsguru]

Closing, see #1439 - the DNS Validation portion of this is crucial to any changes in the 'ICANN section'. The time and focus / attention are appreciated @brian-peter-dickson - these can be re-opened if the NIC adds validation entries into the DNS so these can be verified.