But indeed ICANN is right - this stupid money-grab will lead to epic fails.
The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a set of resources to help administrators avoid potentially costly mix-ups ahead of the generic top-level domain (gTLD) rollout. The company said that its new set of guides will show network admins how to check for, remedy and guard against "name …
Move to a FQDN.
ie, give our clients money!
Just dump all the new gTLDs at the border.
Pretend they don't exist, and very quickly, you'll be right!
It's nice of El Reg to post the links to said resources. It's not as if El Reg's readership is of the more technical persuasion.
Used in research to avoid "new molecules" being created by a typo ;-)
Surely at the point of creation the fingerprint of a gTLD could be created signed etc... and distributed?
Or am I missing something?
I think the only "fake" DNS I've ever used is ".local", though I can see how that might one day end up being sold out in order to make cash (come on, there's NO other reason to do that in any sensible, ordered, hierarchical DNS system).
Fact is, the only places I've seen it deployed it would be easier to just block external ".local" addresses from resolving rather than trying to go through your entire infrastructure and find and remove all instances of it from everything. Block it, wait for someone to moan, and by then you can give them a specific exception for what they want (i.e. put an entry for whateverwebsite.local into your local DNS anyway) and wait for the next complete rename/overhaul before you try to resolve the issue. And, if it's never a problem... well, it's never a problem.
Or you could just stop spewing junk into the TLD's that were set down decades ago and causing the world and systems that you're supposed to be managing more "fake" problems for the sake of a small bit of profit.
Can't sell .local. Apple already stole it (for mDNS.)
Isn't anyone going to stop this fiasco? All it needs is a few of the major ISPs to agree to not honour these new crappy non-domained-domains, and hopefully they will go the way of the .biz / .museum etc.
It's in their interests to stop this, as it will produce administration and support heacaches.
It's in the interests of businesses wanting to avoid another needless landgrab.
It's in the interests of marketing departments and consumers (You can simply write myste.com on the bottom of your adsm and everyone knows what it means)
Of course, now that nominet is planning the same thing, I've all but given up hope.... I'm beginning to hope that its implementation is a massive screwup that has to be abandoned, taking Icann with it
its implementation is a massive screwup that has to be abandoned, taking Icann with it
Obamacare 2, then?
To identify an organisation type? Commercial, non profit, network...
To identify the country of operation (even if not tax operation)?
SLDs then perform country based versions of the above.
WTF does *.google. provide? An incomplete looking URL... in the current world of search first, find URL later if at all, I can't recall the last time I tapped in a whole URL to a web browser (actually I can, I was configuring a new remote access system, typed it once, bookmarked it) so it breaks recognition and saves 4 characters of typing in extremely rare cases.
That would have been the Czechoslovakian top level domain. Nowadays .cz and .sk are used.
 For the geopolitically-challenged: the Central European country of Czechoslovakia ceased to exist nearly 21 years ago, having split into the Czech Republic and Slovakia.
Thanks, AC - I was just going to post exactly the same thing.
It really is strange that, twenty years after the event, people haven't realised that Czechoslovakia no longer exists, and is two independent states. It drives my (Czech) wife mad when people say "I haven't been to Czechoslovakia yet, but I'm thinking of going in a couple of years". Fortunately she has taken my pleadings to heart, and no longer does that thing where she looks as if she is going to rip out the speaker's throat with her teeth - she now merely sets them straight with a tone of voice that could freeze a star ... :-(
Why would you move your stuff to a new FQDN, assuming you already have a perfectly good existing one for your company? E.g., I use a third-level domain like *.location.company.com. for my intranets, albeit they're unsophisticated affairs and I'm not a network type, so I'm sure to be missing something.
Failing that, I guess we'll all move to example.com. :)
Or traditional FQDN only DNS, and keep the status quo.
" Why would you move your stuff to a new FQDN,assuming you already have a perfectly good existing one for your company?
It's not a stupid comment.
Short answer - you wouldn't!
It's just a way for Icann and some domain speculators to make some money. Also, some idiot marketing folk (who haven't thought through the problems it will cause them, even leaving aside the technical issues)
I don't understand why you would want all your internal systems to have to talk to one another using a label that you use for external things (e.g. TMs / brands). If I do this, does my internal mail server or file server have to respond on all of the domains we have?
When my company does a complete re-branding, do I have to go around and change everything internally because the marketing department now sells things under a different name?
Should I change things so that the old names no longer resolve too, or should I keep a cname record for every different name/brand that the company has used for the last 20 years?
<sarc>On a related point if I have to use FQDNs for everything internal, should I also dump 10.1 ? Can I still buy 20,000 public IP addresses anywhere?</sarc>
Naaaaah! I know you were being rhetorical, but I'll answer anyway :-)
I do personally use a registered domain for my internal stuff, but it's not necessary.
One of the reasons is so that I can keep the internal / external DNS configs on one machine. However, the domain is slaved to internal nameservers, and all internal machines use internal nameservers so that the internet is not a dependency.
In fact, whilst I agree about the domain mess, anyone who's internal systems could break due to this (or to the other often mentioned thing about some ISP's returning a default IP instead of NXDOMAIN on unknown addresses) really needs to fix their setup anyway..... If your internal printer fails because network solutions (or whoever) put a * wildcard under .com, then you have other potential security and reliability issues to fix!
As for the tongue-in-cheek comment about having internal mailservers listen on all domains, I don't see how that is relevent to the situation you are commenting on... Surely, more of a hypothetical question is should your external mailserver accept stuff routed to names assigned to registered internal hosts? !!
And what do Active Directory admins use instead of .local? mDNS screws up AD resolution on Linux if you stick with a .local ending.*
* Yes, you can fiddle with nsswitch to fix it, but it's one more annoyance.
>> mDNS screws up AD resolution
Does admin use of .local screw up mDNS ? AFACT, .local was reserved a long time ago for mDNS (it's not just an Apple thing), but admins insist on using it for new ADs. I've had this "discussion" with my manager (hence AC posting) who still insists on using .local for everything even though it's used by mDNS. Apparently, "Microsoft say to do that".
I was involved in a planning project for an early Active Directory implementation in late 1999/early 2000, and the documentation we used referred to .local. I'm pretty sure that pre-dates Apples introduction of Rendevouz/Bonjour. There's a standards-track RFC from February 2013 for mDNS, that mentions (but doesn't identify) an earlier 2004 RFC, but there's no indication that Microsoft were breaking any existing conventions by suggesting the use of .local for internal domain names in 1999.
(I left the company in August 2000, after the planning process was completed, so I'm pretty sure on the time line).