#Domain Test
##Overview Domain Test is a tool designed to help developers test their applications for compatibility with new top-level domains (TLDs). Developed by Google and launched in a partnership between Google Registry, Donuts Inc, Uniregistry, and Ausregistry, Domain Test is an open source project available under the Apache 2 license and can be used across 126 new TLDs. It is freely available for use and modification.
In 2011, the Internet Committee for Assigned Names and Numbers (ICANN) approved a new gTLD program, where applicants could apply to own and operate new gTLDs. A total of 1,930 applications were filed, and beginning in 2013, ICANN began delegating new gTLDs to the root DNS zone. These gTLDs have a series of characteristics, such as string length and the use of non-Latin scripts, that can cause bugs in software. Domain Test helps developers identify and fix these problems.
This repository contains the documentation and code for Domain Test. For clarity, the documentation uses the term “new TLDs” to refer to the universe of new generic top-level domains (gTLDs), new country-code top-level domains (ccTLDs), and internationalized domain names (IDNs).
The Domain Test service runs on AppEngine and is available for any developer to use. The syntax examples in this documentation use the domaintest.みんな domain name. However, depending on what type of new TLD you want to test, you can substitute any of the strings in the Domain Test TLDs section of this documentation.
##HTTP Testing API You can use the HTTP Testing API to construct an HTTP GET or POST request that results in a predictable server response. By observing your application's handling of the server’s response, you can determine whether the application making the HTTP call works properly with new TLDs.
GET requests should use the following syntax:
http://domaintest.みんな/<command>?<parameter1>=<value1>&<paremeter2>=<value2>&...
POST requests can mix parameters between the query string, like GET, and the POST body. Both multipart/form-data and application/x-www-form-urlencoded are supported, and the postpayload parameter does not interpret the POST body at all.
The HTTP Testing API supports Cross-Origin Resource Sharing on all requests, including support for preflight. This means that you can test AJAX requests to new TLDs from JavaScript running on any page.
###ECHO
The echo command instructs the Domain Test service to echo a response based on the parameters you specify. You can construct an ECHO command with one or more of the parameters below.
status=<integer>determines the status code (default 200).payload=<urlencoded text>sets the body text or redirect url (default "").postpayloadis an alternative topayloadthat interprets the entire POST body as the payload.mime=<type>determines the MIME type (default text/plain).sleep=<seconds>causes a sleep before the response (default 0 sec, max 10 sec).header=<name=value>adds a header to the response.setcookie=<name=value>sets a session-scoped cookie.delcookie=<name>deletes a cookie.
For example, the request below will return the string echoed-narwhal.
http://domaintest.みんな/echo?payload=echoed-narwhal
The request below will return a 302 redirect to http://www.example.com/.
http://domaintest.みんな/echo?status=302&payload=http://www.example.com/
The request below will return a 302 redirect to http://www.example.com/ after sleeping for 10 seconds.
http://domaintest.みんな/echo?status=302&sleep=10&payload=http://www.example.com/
###STASH
The stash command instructs the Domain Test service to stash a response to the parameters specified in the request for later retrieval. It uses the same parameters as the echo command. A stashed payload is truncated after 10K.
For example, the request below will stash the string 'stashed-narwhal'.
http://domaintest.みんな/stash?payload=stashed-narwhal
The Domain Test service responds to stash requests with a temp URL in the form below, which can be used later to retrieve the stashed response.
http://domaintest.みんな/temp/<token>
A single temp URL is available for use for 5 minutes after it's been generated, and it can be used once. Note that stashed data is stored in memory and should be considered highly ephemeral. Under some circumstances it may be lost even before the stated expiration time, in which case you should re-stash and try again.
###TOKEN
Alternatively, you can use the URL below if you want to pre-generate a token before stashing:
If you’ve pre-generated a token prior to stashing a request, you can assign a stash command to your pre-generated token using the token parameter:
http://domaintest.みんな/stash?token=<pre-generated_token>
A single pre-generated token can be used an unlimited number of times within one hour of generation.
##Email Testing API
The Email Testing API allows you to trigger an automatic email response from the Domain Test service, which enables you to determine whether an application’s email stack properly handles new TLDs. You can trigger an autoresponse by sending an email with a subject that begins with the word Test to <local-part>@domaintest.みんな, where <local-part> is any string:
To: narwhal@domaintest.みんな
Subject: Test ALL the autoresponders!
The autoresponder will reply with an email from tester@domaintest.みんな with the subject Automated testing service response. (Although you can send the outbound email to any address at domaintest.みんな the autoresponse will always be sent from tester@domaintest.みんな.) The autoresponder respects a Reply-To header, if present.
The email testing API is compliant with IDNA2008, but it does not support full email address internationalization as defined in RFCs 6530, 6531, and 6532.
If the second word of the email subject is a token retrieved from the /token endpoint, the headers (but not body) of the incoming email will be stashed at
http://domaintest.みんな/temp/<token>
for 15 minutes and will be retrievable once. You can use this to determine whether an email reached the Domain Test service, even if you do not receive an autoresponse.
##Security Considerations
By design, the Domain Test service is highly insecure. You should consider any data sent to the service to be public and should not stash or email anything other than test data. It is trivial to execute arbitrary JavaScript within the domaintest.みんな origin, both directly via /echo and stored via /stash, so it is crucial that there not be anything private within the same domain that is worth stealing. For this reason, there is no content on the domains listed below other than the Domain Test service.
You should think carefully before running the service on your own domain, since it opens an XSS vector against any other content on the domain. In addition, since stored XSS attacks can live beyond the lifetime of a stash (for example, by manipulating the HTML5 Application Cache), running the service on a domain name means that the domain name in question will always be vulnerable from a security perspective. You should not reuse a domain that is running Domain Test for any non-testing purpose, even in the future.
##Examples
###Testing Client Software
Suppose you’ve developed an RSS reader and want to know whether it’ll work with feeds that are served off of a new TLD. You can use the HTTP Testing API to craft a URL that returns an RSS feed. Here's an example using GET:
(In practice, it may be easier to prepare a smaller URL by using /stash with the postpayload parameter.)
You can take this URL and plug it into your app. If your app works properly --- the RSS feed loads and renders the みんな TLD --- then you can be reasonably confident that your app properly handles this type of new TLD. If not, you’ve found a bug!
###Testing Webhooks
You can use the /stash endpoint to test webhooks. Suppose you are testing a service that posts the weather to a URL of your choosing every few minutes. You can go to the /token endpoint on domaintest.みんな and get a token that you can use with /stash. Then you give the weather service a URL that looks like this:
http://domaintest.みんな/stash?token=<token>&postpayload
This will cause the Domain Test server to save whatever gets POSTed to this URL and make it available here:
http://domaintest.みんな/temp/<token>
You can then poll this URL until there is something there to see. If the service successfully posted the weather to this new TLD's "webhook" then you will be able to see it. If nothing shows up, even after the weather should have been sent, you've probably found a bug!
###Other Things to Try
By combining the various parameters of /stash and /echo, you can make the Domain Test service mimic almost any kind of server. Here are some things to try:
#####Set a cookie using the unicode form of .みんな and verify that it's served on the xn--q9jyb4c ASCII version too.
http://domaintest.みんな/echo?addcookie=foo=bar&letyoudown=occasionally
#####Make the server present an HTTP Basic Auth challenge.
http://domaintest.みんな/echo?header=WWW-Authenticate=Basic+realm=%22foo%22&status=401&blend=no
#####Get echo to serve a downloadable attachment.
http://domaintest.みんな/echo?payload=foo&header=Content-Disposition=attachment&cowbell=less
##Discussion The discussion forum for this project is hosted on Google Groups: domain-test@googlegroups.com.
##Domain Test TLDs The Domain Test tool is available on the following TLDs, thanks to a partnership between Google Registry, Donuts Inc, Uniregistry, and Ausregistry.
| اختبارنطاق.شبكة | domaintest.contractors | domaintest.graphics | domaintest.repair |
| domaintest.みんな | domaintest.cool | domaintest.gripe | domaintest.report |
| domaintest.academy | domaintest.cruises | domaintest.guitars | domaintest.schule |
| domaintest.agency | domaintest.dating | domaintest.guru | domaintest.services |
| domaintest.associates | domaintest.dental | domaintest.holdings | domaintest.shoes |
| domaintest.bargains | domaintest.diamonds | domaintest.holiday | domaintest.singles |
| domaintest.bike | domaintest.directory | domaintest.house | domaintest.solar |
| domaintest.blackfriday | domaintest.discount | domaintest.institute | domaintest.solutions |
| domaintest.boutique | domaintest.domains | domaintest.international | domaintest.support |
| domaintest.builders | domaintest.education | domaintest.investments | domaintest.surgery |
| domaintest.cab | domaintest.email | domaintest.kitchen | domaintest.systems |
| domaintest.camera | domaintest.engineering | domaintest.land | domaintest.tax |
| domaintest.camp | domaintest.enterprises | domaintest.lease | domaintest.technology |
| domaintest.capital | domaintest.equipment | domaintest.lighting | domaintest.tienda |
| domaintest.cards | domaintest.estate | domaintest.limited | domaintest.tips |
| domaintest.care | domaintest.events | domaintest.limo | domaintest.today |
| domaintest.careers | domaintest.exchange | domaintest.link | domaintest.town |
| domaintest.cash | domaintest.expert | domaintest.maison | domaintest.toys |
| domaintest.catering | domaintest.exposed | domaintest.management | domaintest.training |
| domaintest.center | domaintest.fail | domaintest.marketing | domaintest.university |
| domaintest.cheap | domaintest.farm | domaintest.media | domaintest.vacations |
| domaintest.christmas | domaintest.financial | domaintest.partners | domaintest.ventures |
| domaintest.cleaning | domaintest.fish | domaintest.photography | domaintest.viajes |
| domaintest.clinic | domaintest.fitness | domaintest.photos | domaintest.villas |
| domaintest.clothing | domaintest.flights | domaintest.pics | domaintest.vision |
| domaintest.codes | domaintest.florist | domaintest.pictures | domaintest.voyage |
| domaintest.coffee | domaintest.foo | domaintest.plumbing | domaintest.watch |
| domaintest.community | domaintest.foundation | domaintest.productions | domaintest.works |
| domaintest.company | domaintest.fund | domaintest.properties | domaintest.wtf |
| domaintest.computer | domaintest.furniture | domaintest.recipes | domaintest.zone |
| domaintest.condos | domaintest.gallery | domaintest.reisen | |
| domaintest.construction | domaintest.glass | domaintest.rentals |
##Legal Domain Test is an open source project available under the Apache 2 license. Use of the Domain Test service is subject to Google’s Terms of Service and Privacy Policy. Learn more.