[misc] Problem With .dev Domain

Context:

Recently I thought of using my .dev domain for testing my hobby project. I came across “Unsecure Connection” error which was kinda strange for me. For a long time programmers used .dev domains for testing their code. Until Chromium forced all domains with the .dev TLD to only respond to secure connections with just a single Chromium commit. An Engineers added one new line to the codebase which forced secure communications for the entire .dev TLD. Encryption just became mandatory for every website that ends in .dev. That left HTTP .dev sites with “Unsecure Connection” error.

Enabling HTTPS is easier when you’re dealing with a real website with a domain that you own. In that case, you can get a certificate that says “This website is secure.” This involves creating what’s called a “self-signed certificate” for your development website. But your OS would not trust self-signed certificates. This is because anyone could make one. So once you create your certificate, you also need to teach every computer that accesses the development environment to trust that certificate. This can be a painful process if you don’t have a process for installing code on development machines.

Solution

Change your development domain, but to what? In 1999 RFC 2606 reserved following domains:

“.test” is recommended for use in testing of current or new DNS related code.

“.example” is recommended for use in documentation or as examples.

“.invalid” is intended for use in online construction of domain names that are sure to be invalid and which it is obvious at a glance are invalid.

The “.localhost” TLD has traditionally been statically defined in host DNS implementations as having an A record pointing to the loop back IP address and is reserved for such use. Any other use would conflict with widely deployed code which assumes this use.