ICANN to prohibit nonexistent-domain redirect for new TLDs

ICANN considers saying "No yuo!" to "ALL YOUR DNS ERRORS ARE BELONG TO US." For the managers of new top-level domains, at least.

Earlier this week, the Internet Corporation for Assigned Names and Numbers (ICANN) published a draft of an "explanatory memorandum" for a proposed clause that prohibits the managers of new generic top-level domains (gTLDs) as well as IDN country code top-level domains (ccTLDs) from redirecting users when they try to access a nonexistent domain name. In 2003, Verisign, the operator of the .com and .net gTLDs, ran such a system under the name Site Finder for several weeks, until criticism from the community made them turn it off.

Systems like Site Finder work by modifying DNS servers to respond with an IP address rather than an NXDOMAIN error message whenever a request arrives for a domain name that doesn't exist. The IP address belongs to a Web server that serves up a page explaining that the domain doesn't exist, with helpful links to guesses as to what the user may have been looking for. Oh yes, and ads. There are some problems with this, but first an ICANN refresher.

A top-level domain is the last part of a domain name, and it comes in two flavors: generic ones, such as .com, .net, .biz, .museum, and country codes, such as .us, .mx, and .fr. Now that it is finally possible to create ccTLDs in non-latin scripts through Internationalized Domain Names (IDN), we can expect new ccTLDs for countries like Russia and Japan. So there will be new contracts between ICANN, which is in charge of the "root" of the domain name system, and the organizations managing the new IDN ccTLDs, which will have the redirection prohibition clause. Also, as of next year, ICANN's plans for lots of new gTLDs will materialize, which will also require a new contract each. For existing TLDs, ICANN strongly discourages the practice, but that's as far as ICANN goes.

The ICANN discussion draft list nine problems with NXDOMAIN redirection and cites numerous expert groups, such as the IETF's Internet Architecture Board (IAB), that find fault with the practice. The problems boil down to the fact that with redirection in place, it's impossible for computers to determine that a domain doesn't exist. For applications where the user is in the driver's seat this isn't much of a problem: whether it's the browser that says a certain website doesn't exist, or a page hosted by the TLD registry doesn't make much of a difference. But for an application like e-mail, it can lead to suboptimal performance. When a mailserver starts the process to deliver an outgoing message, it looks up the recipient's domain name. If that domain name doesn't exist, the server generates an error message, so the user knows that she or he mistyped the domain name almost immediately. However, if the domain name exists, the server will try to deliver the message. If it can't, it will retry for some time and only generate a failure message after hours or even days. There are of course ways to speed up this process for the operator of a redirection service, but this has to be done separately for every possible application.

But basically the objections of the expert community is half disgust over this maltreatment of the Internet architecture, and half resentment over this transparent money grab by setting up an almost infinite number of typo squatting pages at once. Especially as managing a TLD is as close to a license to print money as things get on the Internet.

Since the rise and fall of Site Finder, many others have copied the idea. For instance, some ISPs, such as Comcast and Verizon, run their own redirection service. The free/open provider of DNS services OpenDNS does the same, and Internet Explorer redirects mistyped URLs to Bing. (See if this link to arstechnicO.com is redirected on your system. Until someone decides to typo squat there, at least.) The operators of these redirection services generally have an opt-out of some kind, although most users don't realize that and it tends to be hard to find. (But if all else fails it's always possible to run your own DNS server.) The problem with running a redirection service TLD-wide is that opting out becomes much harder, as there are additional layers of caching DNS servers in between.

Good thing we have ICANN to "ensure the integrity of error responses."

Source: ars technica

Tags: ICANN, Internet

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (16)