Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / Blogs

Oh, Those Wild and Crazy New TLDs

John Levine

Among the many issues affecting ICANN's thousand new TLDs is collisions, that is, the same name already used elsewhere. The other uses are non-standard and unofficial, but some names turn out to have been used a lot. One approach to see how bad the collisions are is controlled interruption, in which the TLD publishes wildcard records with obvious impossible values, in the hope that systems that use colliding names see them and do something about it.

The process is pretty simple. For 90 days the domain publishes records like these currently in the new .hotels TLD:

hotels. 3600 in a 127.0.53.53
hotels. 3600 in mx 10 your-dns-needs-immediate-attention.hotels.
hotels. 3600 in txt "Your DNS configuration needs immediate attention see https://icann.org/namecollision"
hotels. 3600 in srv 10 10 0 your-dns-needs-immediate-attention.hotels.
*.hotels. 3600 in a 127.0.53.53
*.hotels. 3600 in mx 10 your-dns-needs-immediate-attention.hotels.
*.hotels. 3600 in txt "Your DNS configuration needs immediate attention see https://icann.org/namecollision"
*.hotels. 3600 in srv 10 10 0 your-dns-needs-immediate-attention.hotels.


When the 90 days are up, the domain takes out the interruption records, and starts putting in real ones. That's the theory, and what the ICANN registry agreements require. The practice turns out to be different.

A surprising number of domains just forgot to take out the interruption records, so the wildcards are there along with the real registered names. There are still wildcards in .STORE, .XN--P1ACF (.рус), .XN--HXT814E (.网店), .XN--3DS443G (.在线), .XN--FIQ228C5HS (.中文网), .XN--45Q11C (.八卦), .FUN, and .FIRMDALE, all along with delegated real domains.

For some reason, a few domains expanded the collision wildcards to large numbers of specific names. The .XN--55QX5D (.公司) zone has SRV, MX, and TXT records for about 14,000 plausible looking domain names, like 101trader.xn--55qx5d and alibaba.xn--55qx5d, along with the delegated names. Similarly the .XN--IO0A7I (.网络) zone has about 10,000 sets of SRV, MX, and TXT, again plausible looking names like poker.xn--io0a7i and memory.xn--io0a7i. I have no idea where the sets of names came from, or why someone would do that.

There are also many TLDs that have had wildcards for a lot longer than 90 days but don't have anything else. For example, .CREDITUNION was delegated in late 2015 but still has nothing but a few required records and the controlled interruption records.

While these wildcards and other extra SRV, TXT, and MX records in TLD zone files are largely harmless, it is rather odd that they've been there for a year or more and nobody noticed until now. It's not like they're hard to find — once I heard that one zone had them, it took under an hour to run a one line script over downloaded zone files and find the rest of them. Even though ICANN does a lot of automated scanning of gTLDs, it apparently didn't occur to them to look for forbidden records in the zone files. (In fairness, it didn't occur to me either.)

Running a registry is apparently harder than it looks, but fortunately, so few people care about new TLDs that mistakes don't matter.

By John Levine, Author, Consultant & Speaker
Related topics: ICANN, Registry Services, New TLDs
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Mobile Internet

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.