Latest news of the domain name industry

Recent Posts

Pirates set up domain seizure workaround

Kevin Murphy, October 6, 2011, Domain Tech

Movie and music pirates are setting up alternative DNS services to help users work around the government seizure of domain names.

A new service, BlockAid.me, launched an open beta at the end of September. It’s currently being promoted prominently on at least one major movie/music/games-sharing site.

The site encourages internet users to reconfigure their computers to use BlockAid’s DNS servers. That way, if a domain name used by a piracy web site is seized by law enforcement, BlockAid will be able to direct surfers to the original owner’s IP address more or less transparently.

This is exactly what the experts predicted would happen.

Ever since the US Immigration and Customs Enforcement agency started seizing domain names associated with pirated content and US politicians have been discussing legislation to streamline the process, workarounds have been expected.

In May, DNS experts including Paul Vixie, Dan Kaminsky and now-ICANN chair Steve Crocker said that the Protect-IP Act in the US would persuade many users to switch to offshore DNS servers.

They warned that this would lead to a rise in cybercrime against consumers, as disreputable or insecure DNS providers send surfers to spoofs of banks and other sensitive sites.

While there’s no reason to believe the BlockAid project has this kind of nefarious activity in mind, if the idea catches on it’s probably inevitable that a similar service operated by crooks will emerge eventually.

Amusingly, BlockAid’s web site says that it may financially support itself in future by showing ad-laden web pages instead of returning NXDOMAIN errors, a much-criticized money-making tactic many ISPs already use.

Note also that the .me registry is managed by Afilias, a heavily US-based company, which likely makes BlockAid.me just as vulnerable to seizure as any .com address.

Google ranks new .xxx site higher than its .com

Kevin Murphy, August 31, 2011, Domain Tech

Is Google experimenting with swapping out .com domains when an equivalent .xxx exists?

Last week, ICM Registry announced it had granted ifriends.xxx to iFriends, a popular network of adults-only webcams, as part of its pre-launch Founders Program.

Today, a Google search for iFriends sometimes returns ifriends.xxx right at the top, with ifriends.com nowhere to be seen on the first page.

Other times, ifriends.com or ifriends.net gets top billing.

The iFriends network has been around since 1998, according to an ICM press release, so its .com and .net domains will presumably already have significant juice.

Obviously, Google has been useless for returning easily predictable results ever since it started “personalizing” SERPs a couple years back.

Running a few non-scientific experiments, it seems that the choice of browser, toolbar, Google site and location may play a factor in which results you see.

The significant thing seems to me to be the fact that when your results do include the .xxx domain first, it appears to completely replace the .com.

What do you see when you search? What do you think is going on?

.xxx reveals new gTLD support problems

Kevin Murphy, August 5, 2011, Domain Tech

It’s late 2012. You’ve spent your $185,000, fought your way through objections, won your contention set, and proved to ICANN that you’re technically and financially capable of running a new generic top-level domain.

The registry contracts have been signed. But will your gTLD actually work?

The experiences of .xxx manager ICM Registry lately suggest that a certain amount of outreach will be needed before new gTLDs receive universal support in applications.

I’ve encountered three examples over the last few days of .xxx domain names not functioning as expected in certain apps. I expect there will be many more.

Skype. Type http://casting.com into a chat window and Skype will automatically make the link clickable. Do the same for the .xxx equivalent, and it does not.

Android, the Google mobile platform. I haven’t tested this, but according to Francesco Cetaro on Twitter, unless you manually type the http:// the domain doesn’t resolve.

TweetDeck, now owned by Twitter. It doesn’t auto-link or auto-shorten .xxx domains either, not even if you include the http:// prefix.

This problem is well known from previous new gTLD rounds. ICANN even warns applicants about it in the Applicant Guidebook, stating:

All applicants should be aware that approval of an application and entry into a registry agreement with ICANN do not guarantee that a new gTLD will immediately function throughout the Internet. Past experience indicates that network operators may not immediately fully support new top-level domains, even when these domains have been delegated in the DNS root zone, since third-party software modification may be required and may not happen immediately.

Similarly, software applications sometimes attempt to validate domain names and may not recognize new or unknown top-level domains.

As a 10-year .info registrant, I can confirm that some web sites will still sometimes reject email addresses at .info domains.

Sometimes this is due to outdated validation scripts assuming no TLD is longer than three characters. Sometimes, it’s because the webmaster sees so much spam from .info he bans the whole TLD.

This is far less of an issue that it was five or six years ago, due in part to Afilias’s outreach, but just this week I found myself unable to sign up at a certain phpBB forum using my .info address.

I understand ICM has also been reaching out to affected app developers recently to make them aware that .xxx now exists in the root and has resolvable domains.

ICANN also has released code in C#, Java, Perl, and Python (though not, annoyingly, PHP) that it says can be easily dropped into source in order to validate TLDs against the live root.

The last beta was released in 2007. I’m not sure whether it’s still under development.

(UPDATE: CentralNic CTO Gavin Brown has knocked up a PHP implementation here.)

Bit-squatting – the latest risk to domain name owners

Kevin Murphy, July 26, 2011, Domain Tech

Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.

This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.

Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.

According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.

Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.

To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.

The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.

The binary for the string “microsoft” is:

011011010110100101100011011100100110111101110011011011110110011001110100

and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):

011011010110100101100011001100100110111101110011011011110110011001110100

Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.

I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.

But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:

To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.

I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.

His conference presentations will also discuss possible hardware and software solutions.

For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.

I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.

The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.

Kaminsky is not discussing DNS this year, judging by the agendas.

The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.

Why we won’t see dotless domain names

Kevin Murphy, July 20, 2011, Domain Tech

Will http://google ever work?

Will any of the hundreds of .brand gTLDs expected to be approved by ICANN in its first round of new top-level domains resolve without dots?

Will users be able to simply type in the name of the brand they’re looking for into their browser’s address bar and have it resolve to the company’s official site?

Probably not, according to the experts.

ICANN’s Applicant Guidebook answers this question, but you need to know where to look, and to know a little about DNS records, to figure it out what it actually says.

Section 2.2.3.3 of the Guidebook (page 75 of the May 30 PDF) provides a list of the permissible contents of a new gTLD zone.

Specifically not allowed are A and AAAA records, which browsers need in order to find web sites using IPv4 and IPv6 respectively.

“To facilitate a dotless domain, you would need to place an A or a AAAA record in the zone, and these are not on the list of permitted record types,” said Kim Davies, root zone manager at IANA. “The net result is a default prohibition on dotless domains.”

Applicants may be able to obtain A/AAAA records if they specifically ask for them, but this is very likely to trigger an Extended Evaluation and a Registry Services Review, according to Davies and the Guidebook.

There’s an additional $50,000 fee for a Registry Services Review, with no guarantee of success. It will also add potentially months to the application’s processing time.

(Incidentally, ICANN has also banned DNS “wildcards”. You cannot have an infinite SiteFinder-style catch-all at the second level, you need to allocate domain names individually.)

Applicants that successfully obtain A/AAAA records, enabling dotless domains, would face a far greater problem than ICANN’s rules – endpoint software probably won’t support them.

“As it stands, most common software does not support the concept,” Davies said. “There is a common assumption that fully qualified domain names will have at least one dot in them.”

You can type IP addresses, host names, domain names or search terms into browser address bars, and dots are one of the ways the software figures out you’re looking for a domain.

You can test this today. There are already a handful of top-level domains, probably fewer than 20 and all ccTLDs, that have implemented an A record at the TLD level.

On some platforms, you may be able to get URLs such as http://io and http://ac to work.

They don’t revolve on any Windows 7 browser I’ve tested (Firefox/IE/Chrome), but I’d be interested in hearing your experiences, if you’d be so good as to leave a comment below.

Given the lack of software support, it may be a poor use of time and resources to fight ICANN for a dotless gTLD that most internet users won’t even be able to resolve.

According to a recent CircleID article by Paul Vixie, chairman of the Internet Systems Consortium, many browsers treat domains without dots as local resources.

Only if the browser’s “DNS search list” cannot find a local resource matching the dotless TLD will it then go out to the internet to look for it.

In some organizations, a local resource may have been configured which matches a new gTLD. There may be a local server called “mail” for example, which could clash with a .mail gTLD.

A recent article in The Register quoted security people fretting about what would happen if a malicious hacker somehow persuaded ICANN to approve a string such as .localhost or .lan.

These worries appear to be largely reliant on an erroneous belief that getting your hands on a gTLD is going to be as simple as registering a domain name.

In reality, there’s going to be months of technical evaluation – conducted in a fish-bowl, subject to public comment, applicant background checks and, in the case of a request for A records, the aforementioned Registry Services Review – before a gTLD is approved.

If everything works according to plan, security problems will be highlighted by this process and any gTLDs that would break the internet will be caught and rejected.

So it seems very unlikely that we’re going to see domains without dots hitting the web any time soon.

Domain names are designed to help people find you. Dotless domains today will not do that, even if ICANN does approve them.