Setting up a free *.city.state.us locality domain (2025)

Posted by speckx 20 hours ago

Setting up a free *.city.state.us locality domain (2025)(fredchan.org)

566 points | 175 comments

kraptv 18 hours ago|

I have three locality domains, all with different registrars in Oregon. Two are with unique delegated locality domain registrars (think old school consultancies or ISPs that still exist) and one directly via localitymanagement.us (GoDaddy/USTLD).

One of the registrars is from an out of state operator that has been dead for three years. I tracked his widow down and had a number of cordial conversations over about 18 months. I've helped his widow renew some personal domains but she's recently told me that she's going to stop paying the hosting bill of the locality registrar and it'll shut down June 1st. I've offered to take over hosting, we'll see if she is convinced.

Several other locality users will likely also see their domains disappear once that happens as the USTLD registrar will require a notarized letter from the city/county of that domain to approve any "new" (new in their system) domains. Not easy for any mid or large sized city in the US.

I love locality domains clearly, but the bureaucracy applied since the start has piled up over the years.

I do worry that this poor Seattle ISP is going to get DDoS'ed by outsider (find an appropriate locality please if you go down this route) due to the popularity of this article, though!

RIP Jon.

1vuio0pswjnm7 15 hours ago||

"RIP Jon."

In the 90s when learning about the internet I remember reading stuff written by "Jon Postel", a univeristy employee in California

Today, a curious student trying to learn about the internet would probably end up reading stuff written by "Big Tech" and/or academics who have financial relationships with these or other so-called "tech" companies

I remember Postel and one other person, perhaps at SRI, I forget her name, had a plan for these sort of hierarchical geographical domainnames. I recall it was _not_ commercial in nature. It "seemed like" Postel saw the internet, including DNS, as a public service. Needless to say, any such non-commercial vision was not realised

ICANN DNS became a money grab

If Postel had survived to today, would he have sold out like so many of his peers

I like to pretend he would not but I have no idea

1vuio0pswjnm7 6 hours ago|||

I believe the document I'm thinking of may have been RFC 1480

https://www.ietf.org/rfc/rfc1480.txt

If so, the other person was Ann W Cooper

AFAIK Cooper was never at SRI, but Postel was at one time

Putting aside the inaccurate memory, the point I wish to make as an ordinary computer user reading about the internet is that Postel wrote about the internet as a _public resource_. Check out the tone of this random Postel RFC, for example

https://www.ietf.org/rfc/rfc1591.txt

Postel received a PhD in Computer Science in 1974 from UCLA and, apparently, he was a _two-finger typist_ who preferred handwritten slides over PowerPoint and used monochrome logos instead of color (I find this interesting; I'm not suggesting anyone else would)

Joyce K Reynolds, who co-authored some of the most important RFCs with Postel on protocols, was a social sciences major (another factoid I find interesting)

car 14 hours ago||||

The hierarchical geographical domains you are remembering must have been the 2000 '.geo' Top Level Domain (TLD) proposal from SRI. It didn't work out, but I remember thinking at the time that it was a cool idea.

It would have provided geographical information based on a domain encoded grid, not for human but machine consumption (e.g. acme.2e5n.10e30n.geo).

https://en.wikipedia.org/wiki/.geo

In a similar vein there is the 'e164.arpa' domain for mapping telephone numbers.

https://en.wikipedia.org/wiki/Telephone_number_mapping

donmcronald 15 hours ago|||

> ICANN DNS became a money grab

It’s too bad more people don’t understand how the domain industry is structured under ICANN. IMO, the registries are ICANN’s customers, the registrants are part of the product being sold, and the registrars are a liability shield.

One day there will be a grab for .com.

CalRobert 5 hours ago|||

It’s a protection racket too. When they first launched generic tld’s, donuts(a shady registry) had a product that didn’t allow domain registration but -did- block registration of a domain across all tlds in case you didn’t want to pay for company-name.[200+ tlds]

Barbing 15 hours ago||||

Fun fact (you probably remember), you used to report phishing sites with one simple email and they would actually be taken down.

These days I get the feeling a lot of the registrars are essentially/effectively in on it (at least by inaction). A well-run ICANN feels needed, who can track takedown compliance.

donmcronald 14 hours ago|||

Abuse handling is a mess. AFAIK, the registries, registrars, and ICANN all share responsibility in terms of mitigation. There’s no consistency.

ocdtrekkie 12 hours ago|||

The entire domain squatting/parking industry exists because filing an ICANN dispute costs more than paying the squatter. Absolutely insane.

arjie 14 hours ago||||

In hindsight, quite lucky it’s a California non profit. That allowed us to stop the dot-org sale.

icedchai 14 hours ago|||

I still remember when they started charging for domains. Until late 1995, they were free.

fullstop 17 hours ago|||

I used to have some domains registered with "theparsec.com", and would communicate with the owner, "ML", on occasion. It was great, he was responsive and helped me out if an order didn't go through for some reason.

In 2022, their TLS certificates were off -- a subdomain used by a backend redirect process was no longer valid, so I contacted "ML" and they were unresponsive. I managed to get my domains to a new register by ignoring some TLS warnings and transferring them. As of July of 2022, I have not heard from "ML" and I assume that he passed away. I don't know their identity or what became of them. All I know is that their name is/was Mark.

mikeyouse 16 hours ago||

The internet is weirdly good for creeping on people with this level of detail —

https://nationalpublicdata.com/people/l/mark-lord/nv/reno/pd...

Looks like you can reach him at mark84@gmail if you want to say ‘hi’.

fullstop 15 hours ago|||

I did some more creeping, but this is probably the end for me if he doesn't get back to my email. He was involved with real estate, but their realty webpage is offline and the last record in the Internet Archive is from 2018. That's the last time I heard from him as well. My original comment was incorrect -- that's the last time I interacted with his service.

I wonder if the whole thing was on auto-pilot until things eventually broke.

fullstop 15 hours ago|||

I had found that person, and thought that it could be him. The site that I used did not provide an email address, though. Even the link that you provided shows other addresses than that to me.

mikeyouse 15 hours ago||

Yeah it’s weird how they obfuscate some and surface different emails - this one seems to have both in normal and incognito mode: https://www.fastpeoplesearch.com/mark-lord_id_G-414558371175...

fullstop 15 hours ago||

It's probably an attempt to maximize search hits. I wonder if they would always be provided if your user-agent matched google's webcrawler UA.

The last email address in your link, the sbcglobal one, is for someone else entirely. She's involved in the church in Springfield, IL. I assume that she got tied in by Mark's surname.

bombcar 17 hours ago|||

The notarized letter may be easier to get than you think - if you live in the city/county. The key is being professional, polite, and present.

tiffanyh 14 hours ago||

Super interesting.

Naive question, what do you use the locality domain for?

nickswalker 11 hours ago||

Unfortunately the author is correct that you’re pretty screwed if the locality is no longer delegated. I messaged GoDaddy to register one in Boston, they asked for a _notarized_ letter on the local governments letter head approving. No one within the Boston city government knew what their procedure would be, and those willing to say yes didn’t have a notary around. They ended up citing a state law indicating that no locality domains were to be used for _government_ purposes in MA as their reason to say no, when of course that has no bearing on private use…

If anyone would like to band together to push city of Boston or Cambridge to start approving these, please let me know! I can revive some email chains.

Spooky23 9 hours ago||

That law was a reaction to a Federal thing (through CISA i think) to migrate all governments to the .gov domain in the US in the name of security and branding.

They were pushing it hard when DNSSEC was being babbled about by cyber people.

philipwhiuk 32 minutes ago||

To be honest migrating government infrastructure to .gov makes it much easier to at least get some minimal handle on the extent of critical governmental infrastructure.

Spooky23 2 minutes ago||

[delayed]

chimeracoder 9 hours ago||

> They ended up citing a state law indicating that no locality domains were to be used for _government_ purposes in MA as their reason to say no, when of course that has no bearing on private use… > If anyone would like to band together to push city of Boston or Cambridge to start approving these, please let me know! I can revive some email chains.

I'm confused by this. Some have migrated away from the locality domains but some are still in use even by official/state purposes.

Here's the website for the Newton, MA public schools: https://www.newton.k12.ma.us/

Belmont: https://www.belmont.k12.ma.us/

I believe Cambridge used to use one as well but I can't confirm that.

morpheuskafka 16 hours ago||

This list of (supposedly 7388, didn't realize there even were that many?) of them can apparently now be registered online replacing the email method in the OP: https://localitymanagement.us/registrar/domain/delegatedzone...

edit -- seems like the server has been "slashdotted" by this thread, I was finally able to get an account created but can't log in. doesn't seem very well coded anyway since I was apparently able to change the password twice using the same activation link lol.

chickensong 15 hours ago||

Amazing slow site. If it does manage to find a valid domain, it doesn't show any contact info, nor registration form. Do I need to create an account and log in to see those?

morpheuskafka 2 hours ago|||

Seems like the company has now suspended newly created accounts and disabled signups... aren't they being paid or required on some kind of government contract to manage this system?

dawnerd 5 hours ago|||

I tried to go through that site earlier today but they wanted a notarized letter from the city gov which, yeah, that's not going to happen.

mfkp 11 hours ago|||

Now it's showing "self registration is currently disabled, please contact customer support"

russellbeattie 14 hours ago||

> "Slashdotted"

Here's a nickel, kid. Get yourself a better computer.

fred_is_fred 7 hours ago||

Preferably a beowulf cluster of them.

foresto 17 hours ago||

Having a domain under the .us TLD once seemed appealing to me for practical reasons: It's short, consistently inexpensive, and hasn't already sold the vast majority of its useful namespace to squatters.

Unfortunately, it forbids WHOIS privacy services, which makes it a privacy and security hazard for personal domains. Pity, that.

anonu 17 hours ago||

There's almost no real privacy online in the US. When I search for my name my phone number and almost every address I've ever lived at it is publicly retrievable - on multiple sites. Even with a private WHOIS I get spam from various companies via my registrar asking to speak to me about making a website.

rootusrootus 16 hours ago|||

You can get some of the major sources to remove you with a service like Optery [0]. Costs a few bucks, but if you let them work at it a few months you can drop the subscription and the effects will linger for a while before you start finding yourself on public databases again.

I used it myself and I have trouble finding information about myself, even with my inside knowledge. If someone is determined enough you probably can't really hide from them, especially if they have any connections to law enforcement or one of the big data sinks. But you can definitely make it harder for casuals.

[0] https://www.ycombinator.com/companies/optery

yieldcrv 12 hours ago||

I just can't get myself to pay for this problem that's ultimately a failure of the government and relies on another corporation behaving with my data

fortunately I'm a California resident so looks like that government has passed a solution that's free, thanks for sharing that guys

tuwtuwtuwtuw 4 hours ago||

Here in sweden, personal data such as name, address, income, birth date, personal number, car ownership, etc. is public by design.

I find it interesting how the view on this differs depending on country and what people are used to.

ZeWaka 17 hours ago|||

It's worth sitting down for an hour and filing a bunch of information redaction requests.

edot 11 hours ago|||

Might help with phone numbers, but addresses are trivial to find and cannot be removed, if you own property in the United States. Every county publishes property records, searchable by name. Unless you own your house with an LLC, if someone knows or can guess the state you live in, they can 1) search on the property records website of the top 10 counties by population, and if that fails 2) expand to searching other counties until you pop up. Not sure how to mitigate this, other than the LLC method.

EduardoBautista 16 hours ago|||

There are services that will submit this information to hundreds of sites for you.

I used incogni and it seemed to have a positive result.

https://incogni.com/

bragr 15 hours ago||

Or if you're in California: https://privacy.ca.gov/drop/

Barbing 15 hours ago||

Thank you! How’d you find out about this?

bragr 14 hours ago||

It was in the news when it went into effect at the beginning of the year.

KPGv2 8 hours ago|||

People running WHOIS against kylesmith.com might discover that it's owned by someone named Kyle Smith.

I'll actually offer my take: domain names under the US TLD are a shared, public good, and no one should be allowed to anonymously own a shared, public good.

NetMageSCW 13 hours ago|||

Yes, I have a 3 letter .us domain that I’ve had for a while. Hard to get a three letter domain in any other popular TLD.

ranger_danger 12 hours ago|||

There are still many thousands of three-letter domains for (third-party) sale on .com/net/org though. Sedo.com lists a handful of .net domains that are under $100. Most are more than that though.

foresto 11 hours ago||

> for (third-party) sale

Many of us find it unethical to give money to scalpers.

> a handful of .net domains that are under $100

And this is why.

Imustaskforhelp 11 hours ago|||

can't say .expert that its popular by any measure but I have https://use.expert

In my opinion, there are still some really great short domains available. I actually even know some but don't have the budget to buy them.

The thing with domains is also that they aren't one time, I mean I am happy paying for domains which are 20$ say once even (and this comes as someone frugal but I just love domains) but most of these domains cost quite a lot.

For example use.expert would cost me around 40-50$ per year. I mean its 3-4$ per month so I am happy with it but still, my point is that I absolutely know more domains which I wish to buy but it would just be an hassle long term. I can probably sell them at cheap auctions to recoup the price but it just doesn't feel that worth it to me but overall, yeah.

hungryhobbit 17 hours ago|||

From TFA:

Will WHOIS requests leak my address?

Nope. Even though you must supply your address in the registration form, a WHOIS request for your locality domain will only show information about the registrar.

xahrepap 17 hours ago|||

This is definitely not true for general .us domains.

I registered one a year or two ago. And assuming my normal default Whois privacy was being applied (I clicked through too fast. Wasn’t paying attention)

I noticed my mistake after the spam bots started hitting me up for their web design products.

foresto 17 hours ago||||

That was clearly not true for domains directly under .us when I last read their rules, roughly a year ago.

I suppose it might be true for .city.state.us subdomains, but those fail my first criterion (they're not short), and are themselves a privacy hazard since they substantially narrow the search space for personal info about the domain owner. So it doesn't refute my criticism.

lftl 17 hours ago|||

Hrmm... I just tried this from my personal .us domain I've had for 23 years and it shows all my info.

yieldcrv 16 hours ago||

you can literally write anything in the whois though

registrars have forwarded me ICANN notices about having info verification for 10 years and nothing happened

nothingburger

majorchord 10 hours ago|||

"you can literally drive as fast as you want on the highway"

ranger_danger 10 hours ago||||

> you can literally write anything in the whois though

It's still fraud though. And there are multiple ways that might trigger an investigation into the validity of your contact info, such as abuse reports, court cases or failing to renew. Some people with axes to grind have been known to get domains of people they don't like taken down just by complaining to the registrar.

reaperducer 13 hours ago||||

you can literally write anything in the whois though

Can confirm.

I have a domain that's had outdated whois information since 2006. Nobody cares.

Even when it was up to date, it never got any spam, I suspect because the contact information was in a country that wasn't valuable to spammers.

foresto 16 hours ago|||

Good luck in your gamble.

righthand 15 hours ago||

ICE getting 4th jobs enforcing WHOIS registration data soon.

kiddico 19 hours ago||

Seeing the *.k12.oh.us in the delegated subdomains brought me back to highschool. When I was little I always wondered why the city name was before k12. Didn't know it was structured like that everywhere.

anamexis 18 hours ago||

School districts are often supersets of municipalities.

runjake 18 hours ago||

This is the correct answer.

From RFC 1386, Section 3.3.1:

  "Public schools are usually organized by districts 
  which can be larger or smaller than a city or county."

https://datatracker.ietf.org/doc/html/rfc1386#page-12

throw_await 18 hours ago||

What a wierd phrasing. It reads to me like it excludes the possibility of it being the same.

staticshock 17 hours ago||

"can be" ≠ "must be"

pbhjpbhj 17 hours ago||

"can be" is used to list all possible values, which is where the confusion arises. It sounds like: ∀x, x>C v x<C.

"Might be", I think would be better.

wavemode 17 hours ago|||

"can" can be a synonym for "might" / "may"

(purists would argue that it can't, but common usage trumps purism)

Also, I will point out that, even from the perspective of formal logic, the original statement has "city or county". In other words there is no single fixed C - C could be a city or a country. Since counties can be larger than cities, it stands to reason that a school district could be larger than the size of a city while being equal to the size of a county. And can be smaller than the size of a county while being equal to the size of a city.

So, even assuming that the original statement is taken to have the logical meaning you've interpreted, that meaning does not technically forbid school districts from being equal to the size of a county (as long as that county is larger than some city, so that we can still make the true statement "this district is larger than a city"), nor from being equal to the size of a city (as long as that city is smaller than some county, so that we can still make the true statement "this district is smaller than a county").

dsr_ 13 hours ago|||

MAY is the correct choice.

https://www.rfc-editor.org/rfc/rfc2119

anamexis 11 hours ago||

This is not in the context of a requirement level. The definition of MAY as defined there makes no sense here.

EvanAnderson 18 hours ago|||

I managed a couple ".k12.oh.us" domains back in the day. The employees hated the domain in their email addresses, but I found it very logical. I saw all kinds screwed-up addresses in bounce messages forwarded to my company address when "can't email people in the District" tickets got sent my way (a lot of "districtname.oh.k12.us", etc). I guess it wasn't so simple for "normies".

One of the schools ended up using a ".com" domain that was one character longer than their ".k12.oh.us" domain but easier to tell people verbally (I guess).

I also managed a "co._countyname_.oh.us" domain, too. Again, universal hatred for the domain in email addresses, and again I found it logical and reasonable.

The County government ended-up getting a ".gov" domain that was 5 characters longer than their "co._countyname_.oh.us" domain and, in my opinion, hell to tell people verbally ("It's Countyname County Ohio dot Gov. Yes-- all one word. The words County and Ohio are spelled out. No, not O-H-- Ohio is spelled out." >sigh<)

bombcar 17 hours ago|||

I'm still mildly annoyed every time usps.gov redirects me to usps.com

Xirdus 17 hours ago||||

Once you stop thinking of domain as an addressing tool and start thinking of them as branding, the complaints will make sense. "Dot k12 dot oh dot us" is a terrible brand name.

EvanAnderson 17 hours ago||

I have a hard time with public dollars going to "branding" but I do recognize it's a concern for some people and I'm a vastly minority opinion.

Xirdus 16 hours ago|||

Everything needs branding. "United States of America" and "USA" is branding. Good branding makes people's lives easier and (on average) a tiny bit happier. That has some impact on quality of life. Spending a few tax dollars on improving people's QOL is a good thing if you ask me.

As a specific example, imagine how many less people would enroll in Medicare if instead it was called Lifelong Assistance in Meeting Medical Needs of Aging Able-Bodied Population. Just finding eligibility criteria and the correct forms to submit would be 10 times harder.

(I think it would be even better if Medicare and Medicaid weren't so similar and easy to confuse with one another. Recently I had to explain both concepts to an immigrant who knew about neither but found contradictory information online about both.)

Atotalnoob 17 hours ago||||

Public dollars or not, it IS branding.

Having a strong, consistent, easy to use name IS a positive.

It’s easy to remember, which means more “engagement”. For a local government organization, that means more support, more feedback, and the constituents are “getting their moneys worth” more than a government organization that they can’t ever interact with.

It’s a clear win for using your dollars BETTER

ericjmorey 13 hours ago|||

Why would you have a problem with public dollars being used for effective communication?

TMWNN 15 hours ago|||

.gov should never have been expanded to outside the US federal government.

(.com should never have been expanded to outside US-headquartered companies, either.)

NetMageSCW 13 hours ago|||

The second is hard to justify unless you are willing to say .com should have been replaced with .com.us

hed 13 hours ago|||

Agreed on both.

MithrilTuxedo 18 hours ago|||

mayo.k12.sc.us was my high school. It seems a shame they're not still using it.

reaperducer 13 hours ago|||

Seeing the .k12.oh.us in the delegated subdomains brought me back to highschool.*

When I was in my wandering days before there were search engines, I would always enter http://travel.state.*st*.us, or http://travel.*st*.us to look up tourism web sites.

It was unusual for a city or state to not have a travel.city.state.us, or travel.state.us domain.

T3RMINATED 19 hours ago||

Our school and town dropped all the .mi.us domains and they have their own domains now, why would they do that? I know it used to be k12 too.

xp84 18 hours ago||

They nearly all did that because the average person never figured out how the DNS hierarchy worked, and many of them never even got comfortable with the idea of having more than one dot in a domain (with the exception of a “www.” prefix). So it was easier for each district to just make up a random .com or .org.

bombcar 17 hours ago||

https://www.youtube.com/watch?v=-CsN6rbonMo is basically perfectly accurate

https://www.youtube.com/watch?v=9gNFFZpIDU8 (we need .egg and .muffin)

car 14 hours ago||

In Germany it is possible to register an ENUM domain for a phone number. This provides a DNS mapping from the E164 number to DNS records, e.g. for IP phones, etc.

Decentralized and under user control, no shitty silos like FaceTime, WhatsApp.

ENUM stands for “Telephone Number Mapping.” It is essentially a bridge between the world of telecommunications and the Internet. With a single ENUM domain, you can combine all your contact options under your familiar phone number:

https://www.denic.de/en/products/enum-domains/

zajio1am 10 minutes ago||

The main point of ENUM was compatibility with open SIP, unfortunately that never really happened and most SIP operators do not accept incoming calls from public internet (and do not route outgoing calls based on ENUM).

wowczarek 8 hours ago|||

Sadly ENUM is dead or buried or both for many countries.

captn3m0 13 hours ago||

I saw this lets you do Fax over IP. Any other advantages or usecases?

car 13 hours ago|||

I don't know if this gets much personal use, seems real cumbersome.

But this is of huge interest to carriers, since it allows them to skip the PSTN/peering cost when the callee endpoint is an IP phone.

There is private ENUM for carrier use I recall, not sure what the current status is, with LTE/VoLTE, RCS etc.pp.

http://dam3d3.free.fr/PFE/Pathfinder/GSMA_PathFinder_WebSite...

Here the list of countries that have ENUM delegated for their country code.

https://www.itu.int/en/ITU-T/inr/enum/Pages/delegations.aspx

DonHopkins 8 hours ago|||

Time travel.

cormorant 19 hours ago||

Some similarities to *.<lastname>.name -- one of which is that the Public Suffix List thinks you're part of a single site with others you have no control over. Another is the weird registration procedure, but this one is weirder!

dextercd 16 hours ago||

Apparently VeriSign plans to discontinue .name: https://itp.cdn.icann.org/en/files/consensus-policies/rsep-2...

cormorant 15 hours ago||

> and existing third level domain names will be terminated

Wow! The risks of being esoteric

dawnerd 18 hours ago||

I want to set one up now and use it to call out the city board members taking kickbacks from flock.

pugworthy 18 hours ago||

This is probably not the kind of approach to taking out new domain names you should encourage. A lot of other causes might think this is their way to set up an "official" representation of their strongly held political beliefs, and I think you can imagine where that might go with some groups.

vasco 18 hours ago||

"Don't use your free speech because other people might use theirs in ways you don't like"

prepend 18 hours ago||

Why would city board members care what your domain name is?

dawnerd 18 hours ago||

Oh they probably don't. But it might annoy them slightly if the foia docs were hosted there.

toast0 17 hours ago||

My city already has to publicly list and host foia requests and host documents provided, if they were provided electronically. Most of the requests are for permit drawings, which are provided on paper to the local reprographics company and are not digitized, but most of the potentially annoying requests result in a pdf that's publicly available from a portal linked by the city. Not sure why it would be annoying, even in the slightest, to have it also available somewhere else.

arionhardison 11 hours ago||

I'm working on something like this... its: <city-name>.<country-iso2>.codify.city e.g.: https://los-angeles.us.codify.city or https://paris.fr.codify.city etc..... my goal is to replace sites from https://www.civicplus.com/ and https://www.revize.com/ with AI-native interfaces into city services, governments, economies etc... like a local AI-agent Economy managed by actual governing officials etc... but the admin is a separate product ATM.

https://codify.nyc is the one I am going to be launching first, hopefully in a few weeks. I only have 100 or so cities on board and live right now. They have been very useful in understanding all the mechanics and nuance of delivering services at the city/local level.

Your project looks interesting, let me know if you see any place we could work together.

embedding-shape 10 hours ago|

> its: <city-name>.<country-iso2>.codify.city

> https://codify.nyc

Sorry for maybe misunderstanding, but isn't it supposed to be "new-york.us.codify.city" you're about to launch, given the other examples you've made? Wouldn't "codify.nyc" be the wrong way around?

1vuio0pswjnm7 15 hours ago|

At bottom, the Cincinnati, Ohio domainname URL now points to a "Site Not Found" page on Dreamhost^1

1. https://web.archive.org/web/20260513154601if_/https://nguyen...

Here is the /locality.html page

https://web.archive.org/web/20141217060926if_/http://nguyen....

cormorant 15 hours ago|

It still (again?) loads for me.

More comments...