Up to 9.8 million new gTLD domain names are to get a get-out-of-jail card, with the publication yesterday of ICANN’s plan to mitigate the risk of damaging name collisions.
As a loyal DI reader, the details of the plan will not come as a great surprise. It was developed by JAS Global Advisors and previewed in a guest post by CEO Jeff Schmidt in January
Name collisions are scenarios where a TLD delegated by ICANN to the public DNS matches a TLD that one or more organizations already uses on their internal networks.
Verisign, in what many view as protectionist propaganda, has been arguing that name collisions could cause widespread technical and economic damage and even a risk to life.
Things might stop working and secret data might leak out of corporate networks, Verisign warns.
JAS’ proposed solution, which ICANN has opened for public comment, is quite clever, I think.
Called “controlled interruption”, it will see new gTLD registries being asked to wildcard their entire second level of their TLDs to point to the IP address 127.0.53.53.
If there’s a name collision on example.corp the company using that TLD on its network will notice unusual behavior and will have an opportunity to fix the problem.
Importantly, no data apart from the DNS look-up will leak out of their networks — the 127/8 IP address block is reserved by various standards for local uses only.
The registry will essentially bounce the DNS request back to the network making the request. If that behavior causes problems, the network administrator will presumably check her logs, notice the odd IP address, and Google it for further information.
Today, she’ll find a Slashdot article about the name collisions plan, which should put the admin on the road to figuring out the problem and fixing her network. In future, maybe ICANN will rank for the term.
Registries would be able to choose whether to wildcard their whole TLD or to only point to 127.0.53.53 those second-level names currently on their collisions block lists.
In either case, the redirection would only last for the first 120 days after delegation.
That’s the same duration as the quiet period ICANN already imposes on new delegations, during which only “nic.” may resolve.
After the 120 days are up, the name collisions issue would be considered permanently closed for that TLD.
If this goes ahead, the plan will allow registries to unblock as many as 9.8 million domain names representing 6.8 million unique second-level labels, according to DI PRO collisions database.
It could also put an end to the argument about whether name collisions really were a significant problem (160,000 new gTLD names are already live and we haven’t heard any reports of collisions yet).
Pointing to the fact that new TLDs, some of which showed evidence of collisions, were getting delegated rather regularly before the current new gTLD round, JAS said in its report:
We do not find that the addition of new Top Level Domains (TLDs) fundamentally or significantly increases or changes the risks associated with DNS namespace collisions. The modalities, risks, and etiologies of the inevitable DNS namespace collisions in new TLD namespaces will resemble the collisions that already occur routinely in the other parts of the DNS.
Collisions in all TLDs and at all levels within the global Internet DNS namespace have the ability to expose potentially serious security and availability problems and deserve serious attention.
JAS calls its plan “a conservative buffer between potential legacy usage of a TLD and the new usage”.
As wildcarding is currently prohibited by ICANN’s standard Registry Agreement (ironically, to prevent a repeat of Verisign’s Site Finder) an amendment is going to be needed, as the JAS plan acknowledges.
The drawback of the plan is that if an organization is relying on a colliding internal TLD, whatever systems use that TLD could break under the plan. The 127/8 redirection is a way to help them resolve the breakage, not always to prevent it happening at all.
For new gTLD registries it’s pretty good news, however. There are many thousands of potentially valuable premium names blocked under the current regime that would be made available for sale.
If you’re an applicant for .mail, however, it’s a different story. The JAS report says .mail should be reserved forever, putting it in the same category as .home and .corp:
the use of .corp and .home for internal namespaces/networks is so overwhelming that the inertia created by such a large “installed base” and prevalent use is not likely reversible. We also note that RFC 6762 suggests that .corp and .home are safe for use on internal networks.
Like .corp and .home, the TLD .mail also exhibits prevalent, widespread use at a level materially greater than all other applied-for TLDs. Our research found that .mail has been hardcoded into a number of installations, provided in a number of example configuration scripts/defaults, and has a large global “installed base” that is likely to have significant inertia comparable to .corp and .home. As such, we believe .mail’s prevalent internal use is also likely irreversible and recommend reservation similar to .corp and .home.
In other words, .mail is dead and the five remaining applicants for the string are probably going to be forced to withdraw through no fault of their own. Should these companies get a full refund from ICANN?
It seems the new gTLD .voting will not be restricted to Germans after all.
We reported earlier today that .voting registry Valuetainment had submitted a registration policy that required all registrants to have a presence in Germany.
The language used in the policy was identical, we later discovered, to that found in the equivalent policy for .ruhr, a German geographic gTLD operated by a different registry.
But Thomas Rickert of the German law firm Schollmeyer & Rickert, which has both .voting and .ruhr registries as clients, just called to let us know that the policy as submitted to ICANN was a mistake.
It seems there will be no local presence requirement for .voting after all.
Valuetainment will be submitting a revised policy to ICANN without the error. The German-language version of the policy does not contain the error, Rickert said.
Rickert said he’d like it to be known that the registry was blameless in this instance.
New gTLDs may have only been in general availability for a few weeks, but there’s already evidence of substantial abuse.
Go Daddy has suspended at least 305 new gTLD domain names, putting them on its spam-and-abuse.com name servers, standard Go Daddy practice for domains suspected of abuse.
Over 250 of these were put on the naughty step in the last 24 hours.
The suspended names include, notably, thepiratebay.guru, which matches the name of controversial torrent site frequented by people who like downloading copyrighted material for free.
The Pirate Bay has been switching TLDs like crazy recently, as one ccTLD after another shuts down its latest attempt to find a reliable home.
The .guru domain is registered under Go Daddy’s Domains By Proxy privacy service, so it’s not clear if it actually belongs to The Pirate Bay or to an opportunistic third party.
Other suspended names include premium-looking names such as electric.guru, sexualhealth.guru, as well as obvious cybersquatted names such as verizon.guru (not registered to Verizon).
But the majority of the suspended names seem to belong to a single registrant in Washington state, all in .guru and largely “pigeon shit” names such as bestdrinksites.guru and bestfashionsites.guru.
While 305 seems like a large number (albeit only 0.2% of the current new gTLD names sold), it appears that so far a single individual is responsible for most of the “abuse” in new gTLDs.
Danish registrar One.com has won the .one contention set in the first private auction carried out by new gTLD consultancy Right Of The Dot.
One.com beat Radix, the United Arab Emirates-based portfolio applicant, to the string. Radix withdrew its application last week. The price has not been disclosed.
ROTD, Mike Berkens and Monte Cahn-managed company, has been competing with Applicant Auction for contention set resolution services and this is its first win.
The .one auction was carried out using a “single sealed bid second price” methodology, in which all participants privately submit a single bid and the winner pays the second-highest losing bid.
In this case, One.com will have paid Radix whatever bid Radix had put forward, with ROTD and escrow partner Escrow.com taking their fees from the winning bid.
Applicant Auction uses an “ascending clock” method, where bids are set in increments by the auctioneer over the space of several rounds, with bidders choosing to stay in or drop out in each round.
Cahn said in a press release: “Our Single Sealed Bid Second Price auction method protects the participants from ‘auction fever,’ which often causes over-bidding as people get emotionally tied to the process of winning at any cost due to time committed and sometimes throw their budgets out the window.”
Uniregistry and Donuts have settled at least five new gTLD contention sets this week, raising the question of whether Uniregistry has reversed its objection to private auctions.
I think it has.
In five of the six head-to-head contention sets between the two companies, Donuts has won the rights to .furniture, .auction and .gratis, and Uniregistry has won .audio and .juegos.
The losing company has already withdrawn their applications in all five cases.
I gather that a deal was made, but Uniregistry won’t say whether it was via a private auction or not and I’ve not yet had a reply to a request for comment from Donuts.
But Uniregistry, which has previously spoken out against the private auction concept — saying it raises antitrust concerns — declined to confirm or deny whether these five contests were resolved by auction.
“We’re grateful to have found a way through the impasse and resolved the contention,” was all Uniregistry CEO Frank Schilling would say.
Applicant Auction’s project director Sheel Mohnot confirmed that a new gTLD auction took place this week but said he could not disclose the participants or the strings.
To the best of my knowledge, that’s a new line — the auctioneer has always kept quiet about sales prices in the past, but has always revealed which companies were involved.
So has Uniregistry changed its mind about the legality of private new gTLD auctions? My guess is: “Yes.”
The only remaining string where the two companies are competing in a two-horse race is .shopping, according to the DI PRO database, but that’s subject to some weird string similarity nonsense and probably not suitable for a private auction yet.