back to article Top level domain explosion could wreak MAYHEM on NET

A plan to populate the internet with hundreds or thousands of new top-level domains has security researchers pondering some of the unintended consequences that could be exploited by online criminals. Some of the scenarios aren't pretty. Consider the mayhem that might result from addresses that end in “exchange,” “mailserver,” “ …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Such drama

    Open up the TLDs

    1. Anonymous Coward
      Anonymous Coward

      Open up the DNS

      Seriously, there's no reason why there has to be just one. Start your own, get a few ISPs on board, offer plebs instructions on how to start using it, and bob's your uncle. Now you can define your own TLD policy, and peer with the 'mainstream' DNS whenever you wish. Or, make client software which uses its own resolver implementation.

      I'm kind-of surprised that Google, Apple, and Microsoft haven't already done this. A tick-box in the browser config to say 'use Google-DNS' is all that it would take to divert most users' queries most of the time. There's no reason why ICANN has to be a monopoly provider for name resolution.

      1. wag
        Coat

        re Open up the DNS

        So what you're suggesting is, if ICANN can, I can too. So I can can ICANN. Uncanny.

  2. ratfox
    WTF?

    What the heck?

    Is the point just to try to get as much money as possible or what?

    A fee of $185'000 is NOTHING. There are thousands of companies that can easily shell out the money. If this goes through, you can expect a land grab of epic proportions, bringing domain squatting to a new level. What is the point?

    1. unitron

      What is the point?

      $185,000 times thousands of companies times several to many different applications, perhaps?

  3. jacobbe
    Thumb Down

    ICAAN- Daft as a brush

    Daft Idea.

    There is no need or much demand for this any way. And I mean the only organisation that i have ever notice use ".eu " is the european union itself.

    1. The Indomitable Gall

      Not a "daft" idea...

      It's a daft idea, but an inequitable one.

      One internet for the rich, with any name you choose, and another for us plebs. It favours the big companies over small ones, the haves over the have nots. It also reaches into the future and sticks its fingers up at nations not yet in existence, because what's going to be left for them as their national TLDs?

    2. Stu_The_Jock
      FAIL

      .eu IS in use

      Everytime I need to amend my expenses claims or book holiday at work I have to use out HR systems suppliers site that is <ourcompany>.<theircompany>.EU

      Actually I use quite a few services on EU domains.

  4. Anonymous Coward
    Devil

    You get whatever Xmas you deserve

    That is what you get when you put registrars in charge of DNS infrastructure. First internationalised domain names, now this.

    The more domains companies like Coca Cola have to register to protect their brands and trademarks the merrier. For them.

    And security be damned. In fact it was damned long ago:

    Is this: НSВС ???

    F*** No, it is Cyrillic N, S, Cyrillic V, Cyrillic S.

    Did anyone care? No. This is from the same songbook. Will anyone besides security geeks care? No. It will be railroaded through as it means more money for the domain names scam.

  5. John G Imrie

    F-Secure talking Bollocks?

    F-Secure Chief Research Officer Mikko Hypponen recently speculated on the damage that could be done with a TLD consisting of the number 1, since it would allow the owner to create a routable host called 127.0.0.1, the IP address for “localhost.”

    IIRC you can't register a domain name with just digits you have to have at least one non numeric character in the name.

    1. Anonymous Coward
      Anonymous Coward

      You mean

      like 192.com for example?

    2. Ian Yates

      Resolve

      Why would any browser or OS use a DNS lookup for something that fits the pattern of an IP? I can't believe any browser out there doesn't attempt to go direct to IP addresses, so his example is a fail - but it does highlight the kind of attacks that people will be thinking about,

      1. Richard 12 Silver badge
        Devil

        Internet Explorer seems to

        If you don't manually put the http:// or ftp:// etc before a raw IP address, IE 7 and 8 appears to try to do a DNS lookup on it.

        So yes, some browsers really do appear to be that stupid.

        You might argue that you should also specify the protocol, but did you *really* type "http://www.theregister.co.uk" to get here? Or did you do let your browsers autocorrect figure much or part of that out, like eveybody else.

  6. Captain Scarlet Silver badge
    Paris Hilton

    Ian?

    How many people or companies have something named Ian (Apart from Ian)?

    Am I missing something that I probably should have Googled before looking stupid?

    1. lIsRT

      No, you're not stupid, but many MANY font designers are.

      If:

      Ian

      and:

      lan

      look the same on your system, delete whichever font you're currently using.

      Sometimes serifs are there for a reason.

      1. Liam Thom
        Boffin

        What, all of them?

        You want him to delete all the sans-serif fonts?

        1. lIsRT

          I suppose not.

          OK, deleting might be an overreaction (I suspect this might not even be possible for some of the default Windows fonts); but, if you care about having unambiguous information in your browser's address bar (or anywhere else), then make sure to use a suitable font.

          Trebuchet seems to be an acceptable compromise, it's not too serif-y, but at least the l isn't just a vertical line.

    2. wag

      LAN not IAN

      as in "local area network"

  7. Danny 4
    Devil

    Russian Roulette

    Humm. Those three sites work just fine for me with Konqueror on Debian. I'm not sure whether to be scared or pleased...

  8. J. Cook Silver badge
    Pirate

    I see someone's called the WHAmbulance...

    It's the same group of people that's been crowing about the imminent death of IPv4 for the past... 10 (10? 15? something like that) years.

    Give it six months and something will get worked out.

  9. Eddy Ito
    Facepalm

    Bonjour!

    I've seen localhost and localdomain on practically every Linux box I've had but If only I could think of where it was I saw .local being used as a domain. Was it myPhone or Mac's Book? Bah, it'll come to me sooner or later, probably along with a thunk to the side of the head.

    Seriously, given this is set up as the playground for the wealthy it would behoove the likes of Apple, Microsoft, Red Hat (or a Linux consortium) and others to do something sensible like be first on the list for the domains they use as defaults. That way at least folks will know who is reading their mail... and zeroconfing a peak at all the questionably legal material going about your home network.

  10. copsewood
    Boffin

    So whose DNS is it anyway ?

    If ICANN were able to dictate the design of DNS resolvers, presumably they could impose resolution of single label DNS queries such as http://nike/ or sales@nike into MX, A or AAAA records. But that isn't how it works. Designers of DNS software, and operating system library designers are very likely to choose to be less obliging for the security reasons described in the otherwise fine article. Tough luck on any marketing droid who reckons a $185K application fee will get them single label names if the software is changed to block resolution of these.

    So how long would it take me to edit and recompile gethostbyname() to something which blocks external resolution of single label names if I don't want to let rich single label name marketing wet dreams to compromise my LAN ?

    Another approach might be to have the root zone compiled by a more responsible party than ICANN. This zone is a very small file which doesn't change very often, and it doesn't take much effort to write a shell script making use of dig to enumerate the current version. All that would take would be for the relatively few engineers who develop and distribute DNS client and resolver software to agree on a better root zone provider.

    1. Anonymous Coward
      Anonymous Coward

      Might actually do the same!

      Of course means I won't be able to type 'nike' in and go to nike, but then I don't think I've ever even typed nike into the address bar before anyway

  11. Anonymous Coward
    Flame

    Who cares?

    The security risk comes a long way down the list of why this is a buck stupid idea entirely designed to make stacks of cash for ICANN.

    Why exactly are these morons being given the Internet as their personal cash-cow anyway?

  12. UBfusion
    Facepalm

    XP is passé

    "Using a Windows XP SP3 computer, The Register was unable to reach any of the three sites above."

    I am proud to report that my super modern OS, Windows 7 SP1 x64 is very happily resolving http://ac/

    The older the OS is, the more secure it seems. Any one tried Windows 3.11 yet?

  13. Fuzz

    potential for problems here

    The problem with IE placing domains into the intranet zone is a real issue. IE will automatically attempt NTLM for any sites in that zone and the zone is simply any site without a dot in the domain name.

    When computers are on your internal network they should be using search domains so any lookup for a single word is actually looked up with your domain suffix. Since we're all using domains we own or ones that end in something.local there shouldn't be an issue. Your computer will try appending the search domain first before falling back to looking up just the single word.

  14. Flybert
    WTF?

    so this is over ..

    whether it's "single label" or ".TLD" ?

    IOW, using the example, whether it's "@nike" vs "@.nike" or "http://nike" vs "http://www.nike" or having to have some subdomain in the address like all other TLDs ?

    really ? .. just don't allow single label to resolve .. all other TLDs require "." , I could care less that it might be required to be @sales.nike or www.nike or shoes.nike to resolve

    also .. there are critical .com file extensions in Windows .. how come there isn't a big security problem with that ( other than fools that open an email attachment with .com thinking it's a websile link ;-0)

    1. Anonymous Coward
      Facepalm

      keh

      Critical .com file extensions in Windows.... how com there isn't a big security problem with that....

      Words.....fail.....me

    2. DRendar
      Headmaster

      @ flybert

      " I could care less that it mightbe requiredtobe @sales.nikeorwww.nike or shoes.nike to resolve"

      You mean you COULDN'T care less.

      What you said means the opposite of what you mean.

      1. CD001

        Unless

        Unless you expand it to the full "I could care less... but not by very much" ;)

      2. Flybert
        Headmaster

        meh ( grammar that )

        of course I could care less, and would not have posted about the subject |;-0

  15. mark l 2 Silver badge

    ac, io and tm

    ac, io and tm all work with just the tld under firefox 5 running on Windows 7 as well as on Mac and Ubuntu

    1. Havin_it

      Not my finding on Win7/FF5

      All typed in full (eg http://ac/), none resolved - instead got ac.com and so on. Can't ping any of them either (host not found).

      Wonder what's different?

  16. Anonymous Coward
    Stop

    The price of vanity?

    This expansion of TLDs is a reallly terrible idea.

    It seems like a cash cow for milking the same kind of idiots that get off on personalized number plates who somehow think it is cool to advertise their shallowness...

    Single word domains will be difficult to recognize as part of netspace without protocol designations.

    As for validation, it is already difficult enough to fully validate email addresses, which rely on having at least 1 dot embedded in the domain part, as well as a regexp to make seasoned unix programmers cry.

    http://company.com or co.uk, eu, etc do the job perfectly well, are recognizeable and give some clue as to a domains category. For instance, *.info, *.biz, *.tv are just most likely spam sites that can be safely ignored.

    Leaking single word domains onto the net is a bad idea - at least a dot gives some kind of defence.

    1. Anonymous Coward
      Anonymous Coward

      You gotta love it

      One of the reasons given for .xxx is that it would make it easier to block porn as you'd just block the TLD.

      Next thing we know, could be giving them the ability to resolve if you just type tits into the address bar?

      Actually, changed my mind I'm all for it!

    2. Anonymous Coward
      FAIL

      Ahh so youre one of *those* halfwits

      I run a ligitimate business and when we started up we registered a .info ( we now have the full deck)

      Emails bounced, not delivered, unable to use websites because of asshats like you making that assumption. So please take your assumption somewhere else a place it where the sun shineth not.

      In all serious enough its a big enough problem with people doing things like that plus a number of high profile websites didnt/do not accept .info as a valid TLD. This is just going to turn into a complete total and utter nightmare. As it is we deprciated the .info for the .ca .co.uk and .com domains we have as they work as they should.

      1. Anonymous Coward
        Anonymous Coward

        congratulations on your success!

        but I would not recommend anyone to start a business with a .info domain and be expected to be taken as seriously as with a reasonable sounding .com domain.

        Any new tld provides a land-grabbing opportunity for criminals to get respectable sounding domains, because all the respectable-sounding .coms went years ago, by likely respectable companies.

        Blame the spam/trojan/bot industry for sullying and infecting .info et al domains with dangerous shite... My "assumption" is based on the facts as I have seen them - analysis of the hundreds of thousands of spam messages trying (and failing) to get through my systems for the last 15 years.

  17. Anonymous Coward
    Anonymous Coward

    Test

    I just tried the three 2 letter examples that were given and connected without problems using firefox on OS/2

  18. Sandy106

    Title

    Why not just prohibit the senistive words from new domains? Or even better, stop ****ing with the internet altogether?

  19. Tomato42
    Stop

    TLDs

    Leave the top domains alone.

    If someone can't be bothered to add 4 to 6 letters to address, he certainly won't be bothered to check if security is right.

  20. Andy 36
    Boffin

    Security devie

    For corporate network, just like you explicitly allow outbound connection to IP's and ports, I would implement a DNS security proxy that will block DNS requests to TLD's that are questionable.

    For personal/home users, I'm sure security products will provide some functionality to block DNS that would otherwise be assumed local which in fact direct users outside the current network scope.

    Maybe ICANN won't sell these types of sensitive TLD's or most likely any hacker won't have the $100,000 dollars to buy these TLD's, and those that do and subsequently expose users then ICANN or governments will have the power to get that domain blocked.

    This isn't half as stupid as the peer to peer DNS idea that was proposed some time ago

  21. ysth

    Already too late?

    Aren't any of these "security issue" TLDs already an issue with a poisoned DNS server?

    1. Anonymous Coward
      Anonymous Coward

      Re: Already too late?

      The issue there is the poisoned DNS server, not the TLD.

      The TLD might exacerbate the problem but it isn't the real issue.

  22. John L
    Thumb Down

    Thanks for all the anti-recommendations

    I happen to think that the new TLDs are a dreadful idea, but anyone who had bothered to read the relevant parts of the ICANN draft applicant's guidebook would know that there is no possibility whatsoever of TLDs like the ones discussed in this article being assigned. On page 2-8 it explicitly lists LOCAL and LOCALHOST in a table of reserved names, and on pages 2-9 and 2-10 it describes the DNS Stability Review that is exactly about funky names like these.

    So thanks for providing this handy list of people who spout nonsense about DNS "security" without doing even a little bit of reading to see if they know what they're talking about.

  23. wwwhatsup
    FAIL

    Says it all.

    “It's a bunch of FUD,” he said, referring to the scenarios painted by Ray and other critics. “Yes, if domains like wpad or localhost or localdomain were assigned, bad things might happen. Those domains aren't going to get assigned. It's not like there aren't layers of approval that have to go in place to get a top level domain.”

    Says it all.

    1. Anonymous Coward
      Anonymous Coward

      Re: Says it all

      Its not just the obvious domains like wpad or localhost.

      I've seen companies internally use TLDs such as:

      private dhcp boot ftp

      Which could all be considered obvious, but how about

      beech wilson mint

      Which used the names of the buildings the computers where located in as the TLD

      Internally, some companies have used pretty much any naming scheme you can think of as the TLD for their internal servers. These will all be at risk.

      1. Anonymous Coward
        Anonymous Coward

        And what about those of us

        who have used .starfleet?

        NCC-1701-D.starfleet should resolve to the server and not to some subdomain at a new TLD.

        Admittedly, shouldn't have set it up that way but given that originally there was never any possibility of .starfleet becoming a TLD the geek inside me just couldn't resist!

  24. Rich 3

    Down to the browser & OS, surely?

    The browser and OS makers need to distinguish between a local host and a TLD and put in appropriate checks.

    Trusting an endpoint just because it doesn't have a domain is a bit risky anyway. If someone connects to a random access point, it can easily have a DNS that resolves mailhost or whatever.

    I'd also think that spending over $100k on a TLD would create a paper trail back to any perps - it's a bit like trying to buy a house undetectably.

  25. heyrick Silver badge
    Stop

    Flaw

    It's a real dumbass idea (in my opinion) to offer up all these TLDs, and expecting known names to pony up good cash to "protect" their name is tantamount to extortion.

    However... Surely if you owned the domain .1 and had people pointed to 127.0.0.1, any decent DNS client would interpret that as a numeric IP and not even bother trying to look it up?

  26. Anonymous Coward
    Anonymous Coward

    poor .xxx

    There's no reason for it to exist any more.

    Why bother registering playboy.xxx when you could just own .playboy ???

    I personally think they should have gone the other direction; that is remove all of the non country-specific TLDs (.com .net .edu .gov .mobi .biz, etc) and force them into countrycode TLDs: .com.us .net.us, etc.

  27. ElReg!comments!Pierre
    Paris Hilton

    I'm sorry, what?

    I might be as daft as the icon, but what the eff?

    "Suppose you owned '1'. Now you can set up 127.0.0.1 ..." I'm pretty sure that my network won't let anything like that go to the outside world. Pretty damn sure. Absolutely certain actually. And I doubt that *any* corporate network would let that go through. If there is one, the sysadmin needs to be put out of misery (pink-slip-grade, not cap-in-the-back-of-the-head-grade. Although....). Of course that would be assuming that someone managed to connect a machine so badly configured that it would send DNS requests for 127.0.0.1 to the network in the first place. Let me tell you, that would be met with severe retaliation. Permaban on the MAC, for starters, until the machine can be examined. And as some geeks have just enough sense to bork their machine *and* clone a MAC when they find out theirs is blocked, but are not smart enough to actually configure it correctly, a one-on-one talk about how more severe LARTs are about to be deployed.

    Same thing if a laptop is connected to a corporate WiFi and a request for "*.invalid", "mailserver", etc actually reaches an external DNS server: some sysadmin just doesn't deserve his salary.

    As for the statistics, I do use addies in .invalid, mostly for Usenet posting. I'm sure I'm not alone and I suppose that a big portion of the ".invalid" requests logged by the DNS servers are actually spambots trying to send spam to adresses collected via Yahoo! Groups or some other Usenet-to-web bridge. If someone was to register the ".invalid" domain for phishing purpose they would just receive gazillions ads for generic viagra and the occasionnal death threat from some Usenet troll-n00bz. Please let it be so!

    Actually I'm not sure, what is supposed to be new here? Surely everyone in charge of a network that accepts random machines already has routing filters for this kind of braindeadery, no? I know I do, but feel free to scare me with your horror stories!

  28. ElReg!comments!Pierre

    PS

    “Every little admin who hardcoded a short host name in some script somewhere is going to risk collision with a global top level domain unless that capability is somehow disabled entirely, which would imply that you can't actually serve anything from these global top level domains.”

    Yup. "bros before hoes". If a local domain name exists with that name, that's where you're going. If someone registers a "global" domain name that is the same, bad luck, too bad for them, not my problem. Most sysadmins stick to "The Rules" when it comes to domain names, any attempt to register "mail", "smtp", "localhost" etc as "global" names *must* be considered a phishing attempt. And thwarted. I really don't see the problem. "you can't actually serve anything from these global top level domains.” Damn right. It's a security feature, not a flaw.

    1. The Indomitable Gall

      Reread article

      The article points out the high volume of single-word internal names that leak out of corporate LANs and onto the internet every day.

      A significant part of the problem (not explicitly mentioned in the article) will be corporate laptops, because a lot of software isn't set up to check whether it's on your WAN or not before attempting to do anything -- it just fires off a request to the server and sees if it gets a response.

      While the most common examples won't be sold, that doesn't prevent more targetted attacks.

      Imagine you're in a major crime syndicate and you find out that a major global bank uses the name "piggybank" for its main accounts server. What do you do next? You set up a dummy financial services company called "PiggyBank Global Services" and just harvest all the data you can, then pass it on to your black hat IT department who start transferring funds out. And you just so happen to have a financial services company set up and ready to launder that cash. A defaulted loan here, an insurance payout there et voilà, you're several million better off.

    2. Nigel 11
      Meh

      Penalize attempted rule breaches!

      This might help just a little.

      Applying for a TLD should involve signing something like the following. "I have read the <rulebook>. I declare that this application is not in breach of the mandatory security requirements <reference>. I agree that my application fee will be forfeit, if this declaration is untrue".

      Nice little earner for the registrar, pocketing $18K or whatever, whenever another phisherman with big ideas (and big pockets) comes along.

      Not sure what one can do about insane use of arbitrary TLDs but applications for .localhost .lan etc. should be in breach of the security requirements (rule 1, list of illegal TLD names). They're also clearly in breach of the spirit of TLDs, which require the applicant to have a good claim to that TLD. localhost etc., are in the public domain courtesy of many years of widespread (ab)use.

      Personally I'll be surprised if many companies actually bother. It might annoy or antagonise more customers than it could possibly attract. Doesn't everyone and his dog use the Google (or Bing) search bar if they want to find, say, "Nike"?

  29. Tasogare

    Irritating

    On the one hand, I doubt ICANN is going to approve anything likely to cause this sort of trouble. On the other hand, WTF? Individual organizations do not need TLDs. It's a $200k vanity domain.

    TLDs for a purpose (e.g. .mail) make more sense, though of course the name-choosing issue still exists. The existing TLDs work reasonably well in this manner. (and I note that com, net, org, and a few other obvious ones do not resolve to anything on their own) I'm in favor of closing the hole in the manner described towards the end of the article.

    Yes, it means single-name addresses won't work, but so what? I can't think of any purpose for them that's useful to the user, as opposed to the corporate marketing boys at the sort of places that can afford a $200k application.

  30. treefort
    Thumb Down

    Kindof Sucks

    I know the internet is a "free market". It's capitalism working and making people tons of money, and there's nothing wrong with that. But it's really sucks when all the top level companies out there will be able to control every word they want to online because they are the only people that can afford 185,000 dollars price tag to register. I can't imagine this will help the internet at all. It will just allow a big name bank to get the name "bank" and be even more powerful.

    Just another thought.

    In the google browser, you do searches by typing into the url field. If what you type has a .com, or .net, etc.. you'll be taken to the site. If what you put in doesn't have a .com, or .net, etc.. if will take you to a google search. So what if someone just types in "banks". Where will google take you to if this new system takes effect? What about the competition.

    I just can't see how this will help the internet do anything. It's just a way for ICANN to make millions.

  31. Anonymous Coward
    Stop

    Stupid money grabbing...

    There is no need for more tlds

    There is an arguement that we should thin out what we have, and actually reserve .org for non profits, .net for network systems, .com for international companies and .co.us can get it's residents back...

  32. Tom 7

    While a lot of this is scaremongering

    there is a serious problem here. I wonder how much worse this will be made by millions of .com and .net sites moving away due to the US claiming to control and seize them when they conflict with one of their companies needs.

  33. toe-toe

    'mailserver', '.intranet', broken by design

    The use of invalid TLDs for internal networks was always a broken concept. Architects and network engineers would just create anew one when it suited them, ignoring the hierarchical nature of domains and sub-domains, ignoring the maximum number of domains in search paths, adding pointless layers of complexity, and pretending it added security because 'this will never be a valid external TLD'.

    It's a hack created by people who simply shouldn't have had the power to create it.

  34. Anteaus
    Alert

    Won't get fooled again...? (cue power-chord)

    We've been down this road already, what with Microsoft hiding the extension part of filenames from users, such that the user cannot tell what the function of the file is.

    Compromised PC sends attachment 'youvewon.txt.exe' user sees 'youvewon.txt' assumes it to be safe and double-clicks it. Bingo, computer owned.

    Agree. BAD idea.

    Also interesting to note that the bulk of DNS errors are due to Microsoft's Active Directory. Though, not surprising really.

  35. TeeCee Gold badge
    Mushroom

    So, someone (or sometwo, or somethree or...) got it wrong?

    "Windows.....accepts *any* name without dots in it as the more-trusted 'local intranet zone,'”

    There's certainly no fixing that at ICANN, although someone in Redmond needs a swift education with the clue stick. No, not that one, the large one with the nails sticking out of it.

    As for having your mail server known on your internal DNS as "exchange" rather than "exchange.<corp>.<TLD>", well if you've done that and it's going to be a problem you should look in the bloody mirror for the root cause of it. As ICANN don't retrofit common sense to the clueless, they can't fix that one either.

    I dunno how it is everywhere else, but if we backed out of doing something every time it was shown to break some clueless pillock's crappy workaround, we'd never get anything done.

  36. lIsRT
    Go

    Hilarity.

    I love this (no sarcasm whatsoever), just for the comedy that may ensue.

    For example, why register a .xxx domain when sooner or later someone will be offering .fuck ones?

    Or, imagine the Corn Farmers Association of <Wherever> decide to register .corn (squint at it, and imagine what happens when you start to need glasses).

    1. unitron
      Coat

      Unfortunately...

      ...I don't have to squint. That particular letter combination has been a problem for me for years.

      Mine's the one with several different pair with different prescriptions in the pocket (reading, computer screen, distance with bi-focal insert...)

  37. Pete 2 Silver badge

    All the FUD

    Really, it makes little difference whether a website is called www.<something>.com or www.<something> or www.<something>.com.earth It's only a name - that's all - just a name - nothing else.

    If there are security issues, it's because of a Y2K-style shortsightedness on the part of name/lookup configurations and maybe (just possibly) a little slackness in some of the rules. That can easily be fixed.

    It seems to me that the people who are raising objections have some sort of investment in the status quo (maybe they bought all their singles?) and are simply resistant to change. Fine: don't change and just wave the internet goodbye as it rolls off into the future, leaving you behind.

    1. Anonymous Coward
      Anonymous Coward

      Y2K Shortsightedness

      Or could it just possibly be that they were, you know, following published specifications?

    2. The Indomitable Gall

      It's not a name, it's an identifier.

      It's not a name, it's an identifier, and that distinction is more important than it may sound.

      The initial plan was for a descriptive identifier -- jones.co.uk = UK Company called Jones.

      In China, there's a problem because too many people have the same name. There aren't enough names in the world to go round, so we need identifiers (eg National Insurance number) for official purposes.

      Lots and lots of companies have the same "name", so treating URLs as names causes a massive problem.

      1. Pete 2 Silver badge

        Nope

        > It's not a name, it's an identifier

        No. It's only a name.

        If it was an identifier (to identify a specific person or business) as you suggest with NI numbers, VAT numbers of PAYE references the owner of the name would not be permitted to sell it to someone else.

  38. T.a.f.T.

    Wait... 300 TLDs?!?!?!

    "Right now, there are fewer than 300 TLDs"

    Ok so their are going to be a lot of contires (this says 248); then there is .com .biz .net .org .gov .edu .info ummm.... help me out here people.

    If we are not using what we have why do we need any more?

    Oh an infallible source en.wikipedia.rog/wiki/List_of_Internet_top-level_domians

    .aero ... the air industry gets it's own one but I bet Bowing does not use it in fact most of the specilised ones here dont get used, I have never even seen them! I guess this can go two wayes, everyone will have their own www.taft or everyone will just keep using www.taft.com and a lot of redirects.

    1. Al Jones

      .aero is is use

      www.dub.aero and www.snn.aero point to the websites for Dublin Airport (DUB) and Shannon Airport (SNN).

      SITA should have set up redirections for all registered airports if it wanted the .aero TLD to have any value.

      By the way - http://www.airbus.aero/ points to Melbourne IT - exactly the same as http://ac/

  39. Richard Harris
    Mushroom

    Ohhh the fun I could have

    First dibs on the .exe domain!

    .bat could be fun too!

  40. Anonymous Coward
    Joke

    They will fix it when...

    - IPv6 is enforced and IPv4 is shutdown...

    - IANA Black-hole servers won't be necessary because everybody's DNS set-up is working accordingly...

    - Everybody on the planet adopts the "don't be evil' motto from Google.

    - All the 419 scammers are cornered and jailed.

    - All the virii stop working spoof or DNS hack methods in any mean, shape, or form.

  41. Anonymous Coward
    Anonymous Coward

    Handle the search domain on the local network's DNS server

    All single-word lookups to return a CNAME into the search domain, except for a defined list of TLDs approved by the local administrator.

    1. Richard 12 Silver badge
      FAIL

      Only works *inside* the local network

      The concern here is very simply worded:

      What happens when that corporate PC is outside the corporate network?

      Inside, your sysadmin probably does all kinds of cool tricks to keep your 'internal' connections safely internalised, and that's great.

      However, when your salesman goes out to sell stuff, he'll be connecting his laptop to the internet from the airport/hotel/coffeehouse, and so all those nice corporate network protections vanish.

      I can guarantee that if you do put clever restrictions in that laptop, they'll get removed pretty rapidly because they'll interfere with the high-flying salesmen's vital work.

      It is actually very difficult for an application to tell whether a given machine is currently running inside the 'safe' corporate network, or out in the scary world. So pretty much no application does so, it just tries to resolve it's corporate-network URL, and if that fails, it either tries to resolve the not-corporate network URL or shuts down if it's not supposed to run in the scary world.

  42. Anonymous Coward
    Boffin

    How about a reality check...

    As part of your $185,000, Icann sets up your new TLD for itself and monitors for 1 month what traffic accidentially comes its way.

    If the traffic is from less than N software applications or M organisations, notify them and give them 3 months to fix. If more than these thresholds, refuse the TLD.

    This will mitigate any unintended consequences.

  43. Turgut Kalfaoglu
    FAIL

    Top Level TLD's

    This explosion of Top level TLD's are the greediest thing that ICANN has ever done.

    1. Havin_it
      Headmaster

      You do realise

      that you are referring to Top Level Top Level Domains, don't you? Also: Greengrocer's apostrophe.

  44. Anonymous Coward
    Alert

    Surely the point is missed here

    I would've thought that domains like natwest.bank or citi.bank and stuff like that would have been a severe problem. Whitehouse.gov and whitehouse.com are two completely different things, but how many folk confuse them? (Check them if you dont believe me!) I received an email purporting to be from Lloyds TSB, but examining it further (a few basic HTML lines) would have sent me to lloydstsV.co.uk. This makes me wonder if they let co.uk domains like that out already... Obviously the law will need to catch up.

    1. Oninoshiko
      Thumb Down

      actually

      whitehouse.com is now a generic-cyber-squatter. A shame too, it used to be a great way to point out that the TLD is important.

      1. Anonymous Coward
        Facepalm

        Oops...

        I apologise for my lack of professionalism by not checking. It still stands though, even if I am a few years out of date. Oh well, can't have everything. I still don't like the idea as I think it's bad enough already, unless they want to fill up IPv6.

  45. Russ Williams
    Pirate

    Sign me up for .CORN

    Like sex.corn, paypal.corn, amazon.corn...

  46. unitron
    Headmaster

    Wouldn't it have been nice...

    ...if in the beginning when they were making rules about what kind of names could be paired with those fancy 12 digit, 4 periods telephone numbers, they had done it the other way round, so that the TLD came first?

    We wouldn't have had ads whinily singing "dot com-m-m-m", and the public might have been made even more aware that there were more than one TLDs, and could tell that com.whitehouse wasn't gov.whitehouse or us.gov.whitehouse or gov.us.whitehouse, and been on their guard.

  47. Gareth Davies 2

    .invalid is reserved

    .invalid is already a reserved TLD as per RFC 2606, along with .test, .example, and .localhost.

  48. Anonymous Coward
    Anonymous Coward

    @unitron

    I believe JANET were doing that before DNS was introduced.

This topic is closed for new posts.

Other stories you might like