Among the many issues affecting ICANN’s thousand new TLDs is collisions, that is, the same name already used elsewhere. The other uses are non-standard and unofficial, but some names turn out to have been used a lot. One approach to see how bad the collisions are is controlled interruption, in which the TLD publishes wildcard records with obvious impossible values, in the hope that systems that use colliding names see them and do something about it.

The process is pretty simple. For 90 days the domain publishes records like these currently in the new .hotels TLD:

hotels. 3600 in a   127.0.53.53<br /> hotels. 3600 in mx 10 your-dns-needs-immediate-attention.hotels.<br /> hotels. 3600 in txt “Your DNS configuration needs immediate attention see https://icann.org/namecollision”<br /> hotels. 3600 in srv 10 10 0 your-dns-needs-immediate-attention.hotels.<br /> *.hotels. 3600 in a   127.0.53.53<br /> *.hotels. 3600 in mx 10 your-dns-needs-immediate-attention.hotels.<br /> *.hotels. 3600 in txt “Your DNS configuration needs immediate attention see https://icann.org/namecollision”<br /> *.hotels. 3600 in srv 10 10 0 your-dns-needs-immediate-attention.hotels.

When the 90 days are up, the domain takes out the interruption records, and starts putting in real ones. That’s the theory, and what the ICANN registry agreements require. The practice turns out to be different.

A surprising number of domains just forgot to take out the interruption records, so the wildcards are there along with the real registered names. There are still wildcards in .STORE,  .XN—P1ACF (.???), .XN—HXT814E (.??), .XN—3DS443G (.??), .XN—FIQ228C5HS (.???), .XN—45Q11C (.??), .FUN, and .FIRMDALE, all along with delegated real domains.

For some reason, a few domains expanded the collision wildcards to large numbers of specific names. The .XN—55QX5D (.??) zone has SRV, MX, and TXT records for about 14,000 plausible looking domain names, like 101trader.xn—55qx5d and alibaba.xn—55qx5d, along with the delegated names. Similarly the .XN—IO0A7I (.??) zone has about 10,000 sets of SRV, MX, and TXT, again plausible looking names like poker.xn—io0a7i and memory.xn—io0a7i. I have no idea where the sets of names came from, or why someone would do that.

There are also many TLDs that have had wildcards for a lot longer than 90 days but don’t have anything else. For example, .CREDITUNION was delegated in late 2015 but still has nothing but a few required records and the controlled interruption records.

While these wildcards and other extra SRV, TXT, and MX records in TLD zone files are largely harmless, it is rather odd that they’ve been there for a year or more and nobody noticed until now. It’s not like they’re hard to find—once I heard that one zone had them, it took under an hour to run a one line script over downloaded zone files and find the rest of them. Even though ICANN does a lot of automated scanning of gTLDs, it apparently didn’t occur to them to look for forbidden records in the zone files. (In fairness, it didn’t occur to me either.)

Running a registry is apparently harder than it looks, but fortunately, so few people care about new TLDs that mistakes don’t matter.