Some non-existent top-level domains already receive so much traffic that they would risk being overwhelmed if delegated under ICANN’s new TLD program.
That’s one of the takeaways from a new report from ICANN’s Security and Stability Advisory Committee, published this week (pdf).
Amazingly, the SSAC found that the top 10 non-existent TLDs already account for a whopping 10% of traffic at the DNS root servers, with some strings receiving many millions of lookups every day.
Over a quarter of the TLD resolutions handled by the roots result in errors, it found.
Most of these invalid lookups are the result of configuration errors on networking gear.
The word “local” is responsible for about 5% of all TLD lookups, the report says. The terms “corp”, “lan”, “home” and “belkin” also account for big slices of traffic.
This presents potentially serious security problems, as you might imagine.
Imagine that “.lan” is approved as a TLD. Previously unresolveable domains would start working, and badly configured gear could start sending private LAN data out into the cloud.
It would also put an big load on the .lan TLD operator from day one.
The SSAC said:
The .lan TLD registry operator – and generally, any TLD registry operator that chooses a string that has been queried with meaningful frequency at the root – potentially inherits millions of queries per day. These queries represent data that can be mined or utilized by the registry operator.
The report recommends that ICANN add certain highly trafficked strings from to its list of prohibited TLDs, and also that it warns applicants for TLDs that already have traffic.
We recommend that ICANN inform new TLD applicants of the problems that can arise when a previously seen string is added to the root zone as a TLD label and that ICANN should coordinate with the community to identify principles that can serve as the basis for prohibiting the delegation of strings that may introduce security or stability problems at the root level of the DNS.
If endorsed by ICANN, the recommendation could make TLDs such as .home, .corp and .local verboten. It could also present Belkin with a problem if it planned to apply for a “.brand”.
(UPDATE: .local is actually already on the reserved list)