Home / Blogs

The .Name Domain Disrupted by Site Finder Patch

The "delegation-only” patch to BIND that was released for Internet Service Providers and others who wanted to block Site Finder service is reported to be disrupting emails to .name emails (that look like 'firstname@lastname.name'). As a result, the Global Name Registry has submitted a letter [PDF] to ICANN stating:

"Due to recent events concerning changes to the DNS operations for .com and .net and the reaction of the community leading to the release of certain workarounds for a specific DNS server package, .name users are experiencing difficulties with the second level email forwarding service for .name. These issues have resulted from the hastily introduced patch to the BIND software, including the so-called “root-delegation-only” feature. Certain ISPs have implemented this patch, and the incorrect use of this software will impact .name second level email users."

The letter further states:

"Anyone who configures the .name zone as delegation-only, or fails to exclude .name from their root-delegation-only configuration, is currently blocking email to any address of the type firstname@lastname.name. This includes ALL people who have registered their .name email-forwarding address. To be clear, only users of the .name second level email forwarding service are affected by this issue. Domain name service for third level .name addresses is not affected. Global Name Registry is disappointed to see .name customers being caught up in the crossfire between other parties on the Internet and what has perhaps been an emotional rollout of a technical countermeasure to the .com and .net zone change. Even if this issue currently affects only a relatively small number of .name users, we take this loss of service for our users very seriously."

The operator of the .name webmail services has also posted a complaint to the NANOG mailing list indicating that their services are disrupted by the BIND patch deployed to block VeriSign's Site Finder.

"We operate webmail services for the .name TLD (MX and DNS resolution are handled by the nic.name people).

After the recent Verisign brouhaha, several of y'all patched their nameservers to stop believing Verisign (so did we).  Just that quite a few of you also seem to have set up your resolvers to do the same thing with other wildcarded TLDs.

.name is a wildcarded TLD and does have legit domains on it.  Right now we are seeing a lot of problems with .name domains being treated as unresolvable thanks to this, and mail from .name users is not getting through as mailservers are configured not to accept mail from unresolvable domains.

I know, .name domains don't have zones or NS records attached to them - but yes, this is a legit wildcard (kind of like .museum, but this one is for vanity domains).  I'd request DNS admins here to not treat .name as delegation-only."

Further updates to ISC BIND "delegation-only" Feature can be found here.

Follow CircleID on
Related topics: DNS, Domain Names, ICANN, New TLDs
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias