The “delegation-only” patch to BIND that was released for Internet Service Providers and others who wanted to block Site Finder service is reported to be disrupting emails to .name emails (that look like ‘[email protected]’). As a result, the Global Name Registry has submitted a letter [PDF] to ICANN stating:

“Due to recent events concerning changes to the DNS operations for .com and .net and the reaction of the community leading to the release of certain workarounds for a specific DNS server package, .name users are experiencing difficulties with the second level email forwarding service for .name. These issues have resulted from the hastily introduced patch to the BIND software, including the so-called ?root-delegation-only? feature. Certain ISPs have implemented this patch, and the incorrect use of this software will impact .name second level email users.”

The letter further states:

“Anyone who configures the .name zone as delegation-only, or fails to exclude .name from their root-delegation-only configuration, is currently blocking email to any address of the type [email protected]. This includes ALL people who have registered their .name email-forwarding address. To be clear, only users of the .name second level email forwarding service are affected by this issue. Domain name service for third level .name addresses is not affected. Global Name Registry is disappointed to see .name customers being caught up in the crossfire between other parties on the Internet and what has perhaps been an emotional rollout of a technical countermeasure to the .com and .net zone change. Even if this issue currently affects only a relatively small number of .name users, we take this loss of service for our users very seriously.”

The operator of the .name webmail services has also posted a complaint to the NANOG mailing list indicating that their services are disrupted by the BIND patch deployed to block VeriSign’s Site Finder.

“We operate webmail services for the .name TLD (MX and DNS resolution are handled by the nic.name people).

After the recent Verisign brouhaha, several of y’all patched their nameservers to stop believing Verisign (so did we).  Just that quite a few of you also seem to have set up your resolvers to do the same thing with other wildcarded TLDs.

.name is a wildcarded TLD and does have legit domains on it.  Right now we are seeing a lot of problems with .name domains being treated as unresolvable thanks to this, and mail from .name users is not getting through as mailservers are configured not to accept mail from unresolvable domains.

I know, .name domains don’t have zones or NS records attached to them - but yes, this is a legit wildcard (kind of like .museum, but this one is for vanity domains).  I’d request DNS admins here to not treat .name as delegation-only.”

Further updates to ISC BIND “delegation-only” Feature can be found here.