Why You Shouldn't Link to Unregistered Domains in Documentation
What are unregistered domains?
Unregistered domains are domain names that are not currently owned or registered by any individual or organization. Common examples include placeholder domains like example.com (although this is actually registered by IANA), company.internal, or mydomain.local.
Security Risks
- Domain Squatting: Malicious actors can register these domains and set up harmful content
- Phishing Attacks: Attackers can capture sensitive information through previously unregistered domains
- Data Leakage: Internal information might accidentally be sent to these domains
- DNS Hijacking: Potential for redirecting traffic to malicious sites
Additional Problems
- Broken links in documentation
- Confusion for users and developers
- Potential security automation false positives
- Maintenance overhead when domains change ownership
Best Practices
- Use officially reserved domains (like example.com, example.org)
- Use your organization's actual domains
- Clearly mark placeholder URLs as examples
- Regular review and updating of documentation links
- Use internal DNS names only for internal documentation
Conclusion
Using unregistered domains in documentation poses unnecessary security risks and can lead to maintenance issues. Always use officially reserved domains or your organization's actual domains in documentation and internal documents.