Home / Blogs

Oh, Those Wild and Crazy New TLDs

Among the many issues affecting ICANN’s thousand new TLDs is collisions, that is, the same name already used elsewhere. The other uses are non-standard and unofficial, but some names turn out to have been used a lot. One approach to see how bad the collisions are is controlled interruption, in which the TLD publishes wildcard records with obvious impossible values, in the hope that systems that use colliding names see them and do something about it.

The process is pretty simple. For 90 days the domain publishes records like these currently in the new .hotels TLD:

hotels. 3600 in a   127.0.53.53<br /> hotels. 3600 in mx 10 your-dns-needs-immediate-attention.hotels.<br /> hotels. 3600 in txt “Your DNS configuration needs immediate attention see https://icann.org/namecollision”<br /> hotels. 3600 in srv 10 10 0 your-dns-needs-immediate-attention.hotels.<br /> *.hotels. 3600 in a   127.0.53.53<br /> *.hotels. 3600 in mx 10 your-dns-needs-immediate-attention.hotels.<br /> *.hotels. 3600 in txt “Your DNS configuration needs immediate attention see https://icann.org/namecollision”<br /> *.hotels. 3600 in srv 10 10 0 your-dns-needs-immediate-attention.hotels.

When the 90 days are up, the domain takes out the interruption records, and starts putting in real ones. That’s the theory, and what the ICANN registry agreements require. The practice turns out to be different.

A surprising number of domains just forgot to take out the interruption records, so the wildcards are there along with the real registered names. There are still wildcards in .STORE,  .XN—P1ACF (.???), .XN—HXT814E (.??), .XN—3DS443G (.??), .XN—FIQ228C5HS (.???), .XN—45Q11C (.??), .FUN, and .FIRMDALE, all along with delegated real domains.

For some reason, a few domains expanded the collision wildcards to large numbers of specific names. The .XN—55QX5D (.??) zone has SRV, MX, and TXT records for about 14,000 plausible looking domain names, like 101trader.xn—55qx5d and alibaba.xn—55qx5d, along with the delegated names. Similarly the .XN—IO0A7I (.??) zone has about 10,000 sets of SRV, MX, and TXT, again plausible looking names like poker.xn—io0a7i and memory.xn—io0a7i. I have no idea where the sets of names came from, or why someone would do that.

There are also many TLDs that have had wildcards for a lot longer than 90 days but don’t have anything else. For example, .CREDITUNION was delegated in late 2015 but still has nothing but a few required records and the controlled interruption records.

While these wildcards and other extra SRV, TXT, and MX records in TLD zone files are largely harmless, it is rather odd that they’ve been there for a year or more and nobody noticed until now. It’s not like they’re hard to find—once I heard that one zone had them, it took under an hour to run a one line script over downloaded zone files and find the rest of them. Even though ICANN does a lot of automated scanning of gTLDs, it apparently didn’t occur to them to look for forbidden records in the zone files. (In fairness, it didn’t occur to me either.)

Running a registry is apparently harder than it looks, but fortunately, so few people care about new TLDs that mistakes don’t matter.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC