Click the comments link on any story to see comments or add your own.
Subscribe to this blog
30 Apr 2017
Among the many issues affecting ICANN's thousand new TLDs is collisions, that is, the same name already used elsewhere. The other uses are non-standard and unofficial, but some names turn out to have been used a lot. One approach to see how bad the collisions are is controlled interruption, in which the TLD publishes wildcard records with obvious impossible values, in the hope that systems that use colliding names see them and do something about it.
The process is pretty simple. For 90 days the domain publishes records like these currently in the new .hotels TLD:
hotels. 3600 in a 127.0.53.53 hotels. 3600 in mx 10 your-dns-needs-immediate-attention.hotels. hotels. 3600 in txt "Your DNS configuration needs immediate attention see https://icann.org/namecollision" hotels. 3600 in srv 10 10 0 your-dns-needs-immediate-attention.hotels. *.hotels. 3600 in a 127.0.53.53 *.hotels. 3600 in mx 10 your-dns-needs-immediate-attention.hotels. *.hotels. 3600 in txt "Your DNS configuration needs immediate attention see https://icann.org/namecollision" *.hotels. 3600 in srv 10 10 0 your-dns-needs-immediate-attention.hotels.
When the 90 days are up, the domain takes out the interruption records, and starts putting in real ones. That's the theory, and what the ICANN registry agreements require. The practice turns out to be different.
A surprisng number of domains just forgot to take out the interruption records, so the wildcards are there along with the real registered names. There are still wildcards in .STORE, .XN--P1ACF (.рус), .XN--HXT814E (.网店), .XN--3DS443G (.在线), .XN--FIQ228C5HS (.中文网), .XN--45Q11C (.八卦), .FUN, and .FIRMDALE, all along with delegated real domains.
For some reason, a few domains expanded the collision wildcards to large numbers of specific names. The .XN--55QX5D (.公司) zone has SRV, MX, and TXT records for about 14,000 plausible looking domain names, like 101trader.xn--55qx5d and alibaba.xn--55qx5d, along with the delegated names. Similarly the .XN--IO0A7I (.网络) zone has about 10,000 sets of SRV, MX, and TXT, again plausible looking names like poker.xn--io0a7i and memory.xn--io0a7i. I have no idea where the sets of names came from, or why someone would do that.
There are also many TLDs that have had wildcards for a lot longer than 90 days but don't have anything else. For example, .CREDITUNION was delegated in late 2015 but still has nothing but a few required records and the controlled interruption records.
While these wildcards and other extra SRV, TXT, and MX records in TLD zone files are largely harmless, it is rather odd that they've been there for a year or more and nobody noticed until now. It's not like they're hard to find -- once I heard that one zone had them, it took under an hour to run a one line script over downloaded zone files and find the rest of them. Even though ICANN does a lot of automated scanning of gTLDs, it apparently didn't occur to them to look for forbidden records in the zone files. (In fairness, it didn't occur to me either.)
Running a registry is apparently harder than it looks, but fortunately, so few people care about new TLDs that mistakes don't matter.
comments... (Jump to the end to add your own comment)
Add your comment...
Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.
My other sites
© 2005-2014 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.