colasloth

What is this?

The domain colasloth.com is just like any other domain, with the exception that it simply resolves to 127.0.0.1, i.e. localhost, instead of pointing to the address of a specific machine. All subdomains under the domain also resolve to localhost, which can be useful in many situations.

How does it work?

The DNS records of the domain are configured in a way that directs all requests to localhost. This is achieved with an A record for colasloth.com pointing at 127.0.0.1, and another A record for the wildcard *.colasloth.com doing the same. This means that URLs such as foo.bar.colasloth.com also resolve to localhost.

The same applies to IPv6 — identical AAAA records exist, pointing at ::1.

You can verify this with an nslookup or dig to colasloth.com or any subdomain under it. You can also rest assured that requests to colasloth.com never leave your machine – the route the packets in your requests take can be checked by running a traceroute for the domain.

But why?

In short: to simplify configuration.

Using a domain such as colasloth.com during development of web applications enables teams to work together on a project, without requiring every collaborator to manually edit their hosts file. A good example scenario is where a reverse proxy is used locally to receive requests at port 80, delegating traffic onwards to various networking applications running at different ports. In this case requests to http://colasloth.com will appear as they are to the reverse proxy, and can be forwarded to the correct application accordingly. E.g. you could configure your proxy to point api.colasloth.com at your REST API, colasloth.com at your frontend, and static.colasloth.com at your static file server – all at the same time. As such, the development environment can be made to closely mimic the environment used in production.

To remove all uncertainty: colasloth.com is obviously free to use for any project – no strings attached. The domain will continue to function the way it does indefinitely, barring any unforeseen circumstances, so you can be confident that your development environments will work in the future as well.

As of 2022, the domain is registered until 2031, which should probably be Good Enough™ for anyone looking to use this domain for its intended purpose.

What about TLS?

Unfortunately, certificates can be easily be revoked once the private key is "leaked", and clearly we can't have nice things with similar ease.

However, I'll happily provide TLS certificates upon request, subject to rate limits set by the certificate authority. What you'll get is a certificate (fullchain.pem, chain.pem, and cert.pem) and individual private key (privkey.pem) covering both colasloth.com and *.colasloth.com, issued by Let's Encrypt. The private key will only be provided to you, so the certificate will only be revoked if you leak it to an untrusted party. I'll also send you a renewed certificate some week or so before expiry, until you tell me to stop.

If this sounds of interest, let me know by contacting me over email or the bird app. I don't currently have an automated system to handle this, but in case of sufficient interest, I'll probably set something up.