Page MenuHomePhabricator
Create Task
Maniphest T252132

Deploy Wikimedia DNS: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) public resolver
Open, MediumPublic
Actions

Description

This task tracks the deployment of Wikimedia DNS, a caching, recursive DNS-over-HTTPS and DNS-over-TLS resolver service.

It is currently an experiment and its use is discouraged until things are stable. If you still plan on using it, your help with the testing is appreciated, but please note that things may break and features may be deprecated at any time as we work towards finalizing this project.

Documentation for this project will be updated on the Wikitech page.

Details

SubjectRepoBranchLines +/-
wikidough: switch to LE's alternative chainoperations/puppetproduction+2 -2
operations-dnslint: bump to 0.0.12integration/configmaster+1 -1
operations-dnslint: create version 0.0.12integration/configmaster+7 -1
Add doh4002 to BGP anycast in ulsfooperations/homer/publicmaster+1 -0
Add doh5002 to BGP anycast in eqsinoperations/homer/publicmaster+1 -0
Add doh1001 and doh1002 to BGP anycast in eqiadoperations/homer/publicmaster+2 -0
Add doh4001 to BGP anycast in ulsfooperations/homer/publicmaster+1 -0
Add 185.71.138.0/24 to network::external and diffscanoperations/puppetproduction+3 -1
Add doh5001 to BGP anycast in eqsinoperations/homer/publicmaster+1 -0
acme_chief: authorize doh300* hosts for Wikidoughoperations/puppetproduction+1 -0
acme_chief: add certificates for wikimedia-dns.orgoperations/puppetproduction+5 -3
aptrepo: add a component for knot-dnsutilsoperations/puppetproduction+1 -0
Add zone for wikimedia-dns.org (Wikidough)operations/dnsmaster+38 -1
wikidough: lookup domain and IP from hieraoperations/puppetproduction+7 -2
wikidough: use check_https_url_custom_ip for DoH checkoperations/puppetproduction+1 -1
nagios_common: add check_https_url_custom_ipoperations/puppetproduction+5 -0
P:wikidough: Add TCP connect check for DoH and DoToperations/puppetproduction+12 -0
O:nagios_common: drop -c/-w they are not what i thoughtoperations/puppetproduction+1 -1
nagios_common: add check_tcp_ssloperations/puppetproduction+6 -0
wikidough: add nrpe::monitor_serviceoperations/puppetproduction+33 -0
wikidough: update description for roleoperations/puppetproduction+1 -1
dnsdist: allow custom headers in the HTTP response and enable HSTSoperations/puppetproduction+12 -0
dnsdist: update configuration variables in dnsdist.confoperations/puppetproduction+8 -8
dnsdist: respond to qtype=ANY queries with NOTIMPoperations/puppetproduction+9 -0
wikidough: enable OCSP stapling in dnsdistoperations/puppetproduction+13 -2
hieradata: update preferred cipher suite order for Wikidoughoperations/puppetproduction+2 -2
wikidough: add an option to set the landing pageoperations/puppetproduction+31 -5
wikidough: increase TCP connection limits for dnsrecursoroperations/puppetproduction+2 -0
wikidough: enable QNAME minimisation for the dnsrecursor moduleoperations/puppetproduction+6 -4
aptrepo: add a component for pdns-recursoroperations/puppetproduction+1 -0
dnsdist: update value for IP rate-limitingoperations/puppetproduction+2 -2
wikidough: set TLSv1.2 as the minimum version for DoToperations/puppetproduction+80 -32
wikidough: enable support for EDNS Client Subnetoperations/puppetproduction+10 -5
dnsdist: add a parameter to set the size of the ring buffersoperations/puppetproduction+6 -0
dnsdist: reload the certificates instead of restarting the serviceoperations/puppetproduction+16 -5
wikidough: update firewall rulesoperations/puppetproduction+6 -6
prometheus: use the correct password for the wikidough joboperations/puppetproduction+2 -2
prometheus: add wikidough statisticsoperations/puppetproduction+26 -0
wikidough: update dnsdist web server listen addressoperations/puppetproduction+7 -1
wikidough: add comment about private dataoperations/puppetproduction+3 -0
dnsdist: add parameter for web server configurationoperations/puppetproduction+61 -18
dnsdist: update the queries per second limitoperations/puppetproduction+2 -2
wikidough: set up the pdns-recursoroperations/puppetproduction+8 -0
dnsrecursor: make forward-zones and edns-subnet-whitelist optionaloperations/puppetproduction+6 -0
dnsdist: set default provider (TLS library) for DoToperations/puppetproduction+2 -0
wikidough: update profile to use a single recursoroperations/puppetproduction+20 -21
dnsdist: allow access to control socketoperations/puppetproduction+36 -15
dnsdist: add a parameter for setting addDOHLocal's base URLoperations/puppetproduction+6 -2
dnsdist: update the configuration file template (improves 48144c89)operations/puppetproduction+3 -3
dnsdist: add parameters for TLS configurationoperations/puppetproduction+60 -15
dnsdist: add a parameter to use dnsdist's packet cacheoperations/puppetproduction+18 -4
dnsdist: allow DoT (DNS-over-TLS)operations/puppetproduction+15 -4
wikidough: allow traffic to tcp/443 (DoH port)operations/puppetproduction+7 -0
dnsdist: add parameter to limit number of queriesoperations/puppetproduction+9 -1
dnsdist: add parameters for TLS certificatesoperations/puppetproduction+23 -5
wikidough: deploy certificates on the malmok hostoperations/puppetproduction+5 -0
dnsdist: add a class to install and configure dnsdistoperations/puppetproduction+55 -1
acme_chief: update configuration to generate a certificate for malmokoperations/puppetproduction+7 -0
aptrepo: add a component for dnsdistoperations/puppetproduction+1 -0
wikidough: add role and profile (first commit)operations/puppetproduction+15 -1
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Stashbot added a comment.Feb 1 2021, 5:10 PM

Mentioned in SAL (#wikimedia-operations) [2021-02-01T17:10:07Z] <sukhe> upload dnsdist_1.5.1-3wm1 to apt.wm.o (buster) - T252132

gerritbot added a comment.Feb 1 2021, 5:39 PM

Change 660868 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: update description for role

https://gerrit.wikimedia.org/r/660868

gerritbot added a comment.Feb 1 2021, 5:43 PM

Change 660868 merged by Ssingh:
[operations/puppet@production] wikidough: update description for role

https://gerrit.wikimedia.org/r/660868

ssingh added a subtask: T273679: Wikidough: Upgrade to dnsdist 1.6.0.Feb 2 2021, 9:35 PM
ssingh added a subtask: T274431: Wikidough: Support EDNS(0) Padding: RFC 7830 and RFC 8467.Feb 10 2021, 9:14 PM
ssingh added a subtask: T275409: Create and document Wikidough's privacy policy.Feb 22 2021, 4:53 PM
Legoktm subscribed.Feb 22 2021, 7:00 PM
gerritbot added a comment.May 4 2021, 6:21 PM

Change 685030 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] wikidough: add nrpe::monitor_service

https://gerrit.wikimedia.org/r/685030

gerritbot added a comment.May 5 2021, 8:12 PM

Change 685571 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] aptrepo: add a component for knot-dnsutils

https://gerrit.wikimedia.org/r/685571

LSobanski unsubscribed.May 6 2021, 9:32 AM
gerritbot added a comment.May 6 2021, 1:46 PM

Change 685800 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] P:wikidough: Add tcp connect checks for DoH and DTLS

https://gerrit.wikimedia.org/r/685800

gerritbot added a comment.May 6 2021, 1:50 PM

Change 685030 abandoned by Ssingh:

[operations/puppet@production] wikidough: add nrpe::monitor_service

Reason:

https://gerrit.wikimedia.org/r/c/operations/puppet/ /685800/

https://gerrit.wikimedia.org/r/685030

gerritbot added a comment.May 6 2021, 2:54 PM

Change 685823 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] nagios_common: add check_tcp_ssl

https://gerrit.wikimedia.org/r/685823

gerritbot added a comment.May 6 2021, 3:54 PM

Change 685823 merged by Ssingh:

[operations/puppet@production] nagios_common: add check_tcp_ssl

https://gerrit.wikimedia.org/r/685823

gerritbot added a comment.May 7 2021, 12:24 PM

Change 686534 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] O:nagios_common: drop -c/-w they are not what i thought

https://gerrit.wikimedia.org/r/686534

gerritbot added a comment.May 7 2021, 12:29 PM

Change 686534 merged by Jbond:

[operations/puppet@production] O:nagios_common: drop -c/-w they are not what i thought

https://gerrit.wikimedia.org/r/686534

gerritbot added a comment.May 7 2021, 12:38 PM

Change 685800 merged by Ssingh:

[operations/puppet@production] P:wikidough: Add TCP connect check for DoH and DoT

https://gerrit.wikimedia.org/r/685800

gerritbot added a comment.May 7 2021, 3:03 PM

Change 686622 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] nagios_common: add check_https_url_custom_ip

https://gerrit.wikimedia.org/r/686622

gerritbot added a comment.May 7 2021, 3:12 PM

Change 686625 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] wikidough: use check_https_url_custom_ip for DoH check

https://gerrit.wikimedia.org/r/686625

gerritbot added a comment.May 10 2021, 2:21 PM

Change 686622 merged by Ssingh:

[operations/puppet@production] nagios_common: add check_https_url_custom_ip

https://gerrit.wikimedia.org/r/686622

gerritbot added a comment.May 10 2021, 2:52 PM

Change 686625 merged by Ssingh:

[operations/puppet@production] wikidough: use check_https_url_custom_ip for DoH check

https://gerrit.wikimedia.org/r/686625

gerritbot added a comment.May 10 2021, 2:56 PM

Change 688336 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] wikidough: lookup domain and IP from hiera

https://gerrit.wikimedia.org/r/688336

gerritbot added a comment.May 10 2021, 3:02 PM

Change 688336 merged by Ssingh:

[operations/puppet@production] wikidough: lookup domain and IP from hiera

https://gerrit.wikimedia.org/r/688336

ssingh added a subtask: T283027: Offer Wikidough as an anycasted service.May 17 2021, 6:37 PM
gerritbot added a comment.May 18 2021, 3:26 PM

Change 692625 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/dns@master] Add zone for wikimedia-dns.org (Wikidough)

https://gerrit.wikimedia.org/r/692625

Volans added subscribers: cmooney, ayounsi, BBlack, Volans.May 19 2021, 4:33 PM

With the current automation and logic in the generation script, adding just the IP would create this file, that is far from ideal:

diff --git a/org-global b/org-global
new file mode 100644
index 0000000..84245bb
--- /dev/null
+++ b/org-global
@@ -0,0 +1 @@
+wikimedia-dns                            1H IN A 185.71.138.138

It's far from ideal because it could be included in a single place and ofc as soon as we would have another first level domani (example.org) its IPs would endup in the same file, making it not INCLUD-able in the places we'd need.

I also need to check why it's not creating the reverse zone but that's another problem.

In light of this, to unblock @ssingh I'd suggest to go the manual way for now and dig a bit more on how we can map this into our workflow.

@BBlack @ayounsi @cmooney: do you have any thoughts?

Volans added a comment.May 19 2021, 4:35 PM

I've updated https://netbox.wikimedia.org/ipam/ip-addresses/8539/ to set the DNS as manual for now so that it doesn't gets auto-generated.

gerritbot added a comment.May 20 2021, 3:47 PM

Change 692625 merged by Ssingh:

[operations/dns@master] Add zone for wikimedia-dns.org (Wikidough)

https://gerrit.wikimedia.org/r/692625

gerritbot added a comment.May 20 2021, 3:52 PM

Change 685571 abandoned by Ssingh:

[operations/puppet@production] aptrepo: add a component for knot-dnsutils

Reason:

this change is no longer required

https://gerrit.wikimedia.org/r/685571

gerritbot added a comment.May 20 2021, 7:31 PM

Change 693210 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] acme_chief: add certificates for wikimedia-dns.org

https://gerrit.wikimedia.org/r/693210

gerritbot added a comment.May 21 2021, 2:26 PM

Change 693210 merged by Ssingh:

[operations/puppet@production] acme_chief: add certificates for wikimedia-dns.org

https://gerrit.wikimedia.org/r/693210

ayounsi mentioned this in T283359: Create RIPE Atlas measurements against our authoritative DNS servers; alert on them.May 25 2021, 7:14 AM
gerritbot added a comment.Jun 3 2021, 12:11 PM

Change 697942 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] acme_chief: authorize doh300* hosts for Wikidough

https://gerrit.wikimedia.org/r/697942

gerritbot added a comment.Jun 3 2021, 1:22 PM

Change 697942 merged by Ssingh:

[operations/puppet@production] acme_chief: authorize doh300* hosts for Wikidough

https://gerrit.wikimedia.org/r/697942

gerritbot added a comment.Jun 4 2021, 9:46 AM

Change 698162 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/homer/public@master] Add doh5001 to BGP anycast in eqsin

https://gerrit.wikimedia.org/r/698162

gerritbot added a comment.Jun 4 2021, 10:31 AM

Change 698162 merged by jenkins-bot:

[operations/homer/public@master] Add doh5001 to BGP anycast in eqsin

https://gerrit.wikimedia.org/r/698162

ssingh mentioned this in rOHPU6f7b4ee23d04: Add doh5001 to BGP anycast in eqsin.Jun 4 2021, 10:31 AM
gerritbot added a comment.Jun 4 2021, 2:32 PM

Change 698206 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/puppet@production] Add 185.71.138.0/24 to network::external

https://gerrit.wikimedia.org/r/698206

gerritbot added a comment.Jun 9 2021, 6:25 AM

Change 698206 merged by Ayounsi:

[operations/puppet@production] Add 185.71.138.0/24 to network::external and diffscan

https://gerrit.wikimedia.org/r/698206

Stashbot added a comment.Jun 9 2021, 6:26 AM

Mentioned in SAL (#wikimedia-operations) [2021-06-09T06:25:59Z] <XioNoX> Add 185.71.138.0/24 to network::external and diffscan - T252132

gerritbot added a comment.Jun 9 2021, 12:00 PM

Change 698971 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/homer/public@master] Add doh4001 to BGP anycast in eqsin

https://gerrit.wikimedia.org/r/698971

gerritbot added a comment.Jun 10 2021, 1:32 PM

Change 698971 merged by jenkins-bot:

[operations/homer/public@master] Add doh4001 to BGP anycast in ulsfo

https://gerrit.wikimedia.org/r/698971

ssingh mentioned this in rOHPU27935eb46397: Add doh4001 to BGP anycast in ulsfo.Jun 10 2021, 1:34 PM
gerritbot added a comment.Jun 10 2021, 1:56 PM

Change 699217 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/homer/public@master] Add doh1001 and doh1002 to BGP anycast in eqiad

https://gerrit.wikimedia.org/r/699217

gerritbot added a comment.Jun 10 2021, 2:27 PM

Change 699217 merged by jenkins-bot:

[operations/homer/public@master] Add doh1001 and doh1002 to BGP anycast in eqiad

https://gerrit.wikimedia.org/r/699217

ssingh mentioned this in rOHPUb1f013210378: Add doh1001 and doh1002 to BGP anycast in eqiad.Jun 10 2021, 2:28 PM
gerritbot added a comment.Aug 5 2021, 9:11 PM

Change 710358 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/homer/public@master] Add doh5002 to BGP anycast in eqsin

https://gerrit.wikimedia.org/r/710358

gerritbot added a comment.Aug 9 2021, 2:11 PM

Change 710358 merged by jenkins-bot:

[operations/homer/public@master] Add doh5002 to BGP anycast in eqsin

https://gerrit.wikimedia.org/r/710358

jenkins-bot mentioned this in rOHPU0816e8ebebd0: Add doh5002 to BGP anycast in eqsin.Aug 9 2021, 2:12 PM
gerritbot added a comment.Aug 12 2021, 4:06 PM

Change 712400 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/homer/public@master] Add doh4002 to BGP anycast in ulsfo

https://gerrit.wikimedia.org/r/712400

gerritbot added a comment.Aug 13 2021, 1:30 PM

Change 712400 merged by jenkins-bot:

[operations/homer/public@master] Add doh4002 to BGP anycast in ulsfo

https://gerrit.wikimedia.org/r/712400

jenkins-bot mentioned this in rOHPU144c9e75f8aa: Add doh4002 to BGP anycast in ulsfo.Aug 13 2021, 1:34 PM
ssingh closed subtask T283027: Offer Wikidough as an anycasted service as Resolved.Aug 13 2021, 2:03 PM
Stashbot added a comment.Aug 13 2021, 6:43 PM

Mentioned in SAL (#wikimedia-operations) [2021-08-13T18:43:23Z] <bblack> reprepro: uploaded gdnsd-3.8.0-1~wmf1 to buster-wikimedia - T252132

gerritbot added a comment.Aug 13 2021, 6:51 PM

Change 712990 had a related patch set uploaded (by BBlack; author: BBlack):

[integration/config@master] operations-dnslint: create version 0.0.12

https://gerrit.wikimedia.org/r/712990

gerritbot added a comment.Aug 13 2021, 6:51 PM

Change 712991 had a related patch set uploaded (by BBlack; author: BBlack):

[integration/config@master] operations-dnslist: bump to 0.0.12

https://gerrit.wikimedia.org/r/712991

ssingh added a subtask: T289536: Deploy durum: check service for Wikidough.Aug 23 2021, 9:25 PM
gerritbot added a comment.Aug 24 2021, 8:01 PM

Change 712990 merged by jenkins-bot:

[integration/config@master] operations-dnslint: create version 0.0.12

https://gerrit.wikimedia.org/r/712990

gerritbot added a comment.Aug 24 2021, 8:19 PM

Change 712991 merged by jenkins-bot:

[integration/config@master] operations-dnslint: bump to 0.0.12

https://gerrit.wikimedia.org/r/712991

ssingh closed subtask T289536: Deploy durum: check service for Wikidough as Resolved.Sep 16 2021, 2:44 PM
Volans reopened subtask T289536: Deploy durum: check service for Wikidough as Open.Sep 20 2021, 8:42 AM
gerritbot added a comment.Sep 30 2021, 4:33 PM

Change 725036 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/puppet@production] wikidough: switch to LE's alternative chain

https://gerrit.wikimedia.org/r/725036

gerritbot added a comment.Sep 30 2021, 4:40 PM

Change 725036 merged by Ssingh:

[operations/puppet@production] wikidough: switch to LE's alternative chain

https://gerrit.wikimedia.org/r/725036

ssingh added a subtask: T292737: Anycast: Add IPv6 support to bird and anycast-healthchecker (Puppet).Oct 7 2021, 2:01 PM
BBlack moved this task from Some old column to Traffic team actively servicing on the Traffic board.Oct 8 2021, 8:17 PM
ssingh closed subtask T289536: Deploy durum: check service for Wikidough as Resolved.Oct 12 2021, 3:04 PM
ssingh closed subtask T273679: Wikidough: Upgrade to dnsdist 1.6.0 as Resolved.Nov 4 2021, 11:25 AM
Stashbot added a comment.Jan 11 2022, 7:30 PM

Mentioned in SAL (#wikimedia-operations) [2022-01-11T19:30:10Z] <sukhe> upload pdns-recursor_4.6.0-1wm1 to apt.wm.o (buster) - T252132

ssingh closed subtask T292737: Anycast: Add IPv6 support to bird and anycast-healthchecker (Puppet) as Resolved.Feb 17 2022, 10:38 AM
ssingh added a subtask: T305589: Upgrading Wikidough and durum VMs to bullseye.Apr 6 2022, 8:58 PM
ssingh renamed this task from Deploy Wikidough: Experimental DNS-over-HTTPS (DoH) public resolver to Deploy Wikidough: Experimental DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) public resolver.May 17 2022, 2:40 PM
ssingh updated the task description. (Show Details)
Mstyles subscribed.May 18 2022, 5:54 PM
ssingh moved this task from Traffic team actively servicing to Ready for work on the Traffic board.Feb 21 2023, 3:48 PM
Aklapper removed a project: Patch-For-Review.Feb 21 2023, 9:55 PM
Dzahn unsubscribed.Feb 22 2023, 1:01 AM
Elitre added a subtask: Restricted Task.Mar 13 2023, 1:58 PM
Johan closed subtask Restricted Task as Resolved.Mar 14 2023, 12:27 PM
Johan reopened subtask Restricted Task as Open.
ssingh renamed this task from Deploy Wikidough: Experimental DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) public resolver to Deploy Wikidough: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) public resolver.Mar 14 2023, 7:01 PM
ssingh closed subtask T305589: Upgrading Wikidough and durum VMs to bullseye as Resolved.
Elitre subscribed.Mar 20 2023, 10:51 AM
Aklapper removed ssingh as the assignee of this task.Mar 21 2023, 9:38 AM

@ssingh: Removing task assignee as this open task has been assigned for more than two years - See the email sent to task assignee on Feburary 22nd, 2023.
Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome! :)
If this task has been resolved in the meantime, or should not be worked on by anybody ("declined"), please update its task status via "Add Action… 🡒 Change Status".
Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator. Thanks!

ssingh claimed this task.Mar 21 2023, 4:43 PM
BCornwall moved this task from Ready for work to Backlog on the Traffic board.Mar 30 2023, 9:07 PM
BCornwall removed a project: SRE.May 1 2023, 5:03 PM
ssingh renamed this task from Deploy Wikidough: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) public resolver to Deploy Wikimedia DNS: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) public resolver.May 31 2023, 3:19 PM
ssingh updated the task description. (Show Details)
TheresNoTime subscribed.May 31 2023, 3:22 PM
Maintenance_bot added a project: SRE.May 31 2023, 3:29 PM
bd808 added a project: Epic.May 31 2023, 5:40 PM
Fabfur subscribed.Jul 15 2023, 9:56 PM
ssingh added a subtask: T205378: Support ECH on Wikimedia servers.Sep 1 2023, 12:30 AM
ssingh added a comment.Sep 5 2023, 6:31 PM

https://meta.wikimedia.org/wiki/Wikimedia_DNS is a detailed introduction of the project, including an FAQ.

valerio.bozzolan subscribed.Sep 7 2023, 8:53 AM
Shizhao added a project: User-notice.Sep 14 2023, 2:33 AM
Quiddity moved this task from To Triage to Not ready to announce on the User-notice board.Sep 14 2023, 4:19 PM
Risker subscribed.Oct 6 2023, 3:27 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL