1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
|
<pre>Independent Submission J. Levine
Request for Comments: 7085 Taughannock Networks
Category: Informational P. Hoffman
ISSN: 2070-1721 Cybersecurity Association
December 2013
<span class="h1">Top-Level Domains That Are Already Dotless</span>
Abstract
Recent statements from the Internet Architecture Board (IAB) and the
Internet Corporation of Assigned Names and Numbers (ICANN) Security
and Stability Advisory Committee have focused on the problems that
the DNS is likely to experience with top-level domains (TLDs) that
contain address records (so-called "dotless domains"). In order to
help researchers determine the extent of the issues with dotless
domains, this document lists the current dotless TLDs and gives a
script for finding them. This document lists data about dotless TLDs
but does not address the policy and technology issues other than to
point to the statements of others.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not a candidate for any level of Internet
Standard; see <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc7085">http://www.rfc-editor.org/info/rfc7085</a>.
<span class="grey">Levine & Hoffman Informational [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc7085">RFC 7085</a> Already Dotless TLDs December 2013</span>
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
<a href="#section-1">1</a>. Introduction . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-2">2</a>
<a href="#section-2">2</a>. Current Dotless Domains . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-2.1">2.1</a>. TLDs with A Records . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-2.2">2.2</a>. TLDs with AAAA Records . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-2.3">2.3</a>. TLDs with MX Records . . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-3">3</a>. IANA Considerations . . . . . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-4">4</a>. Security Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-5">5</a>. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-6">6</a>. Informative References . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#appendix-A">Appendix A</a>. Script for Finding Dotless Domains . . . . . . . . . <a href="#page-6">6</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
In the past few years, well-respected groups have issued documents
about top-level domains in the DNS that contain address records
(so-called "dotless domains"). The Security and Stability Advisory
Committee (SSAC) of the Internet Corporation for Assigned Names and
Numbers (ICANN) issued a report called "Report on Dotless Domains"
[<a href="#ref-SAC053" title=""SSAC Report on Dotless Domains"">SAC053</a>] in February 2012. The Internet Architecture Board (IAB)
issued a statement called "Dotless Domains Considered Harmful"
[<a href="#ref-IAB-DOTLESS">IAB-DOTLESS</a>] in July 2013. The New gTLD Program Committee of the
ICANN Board of Directors (NGPC) approved a resolution on dotless
domains [<a href="#ref-NGPC-DOTLESS">NGPC-DOTLESS</a>] in August 2013. (The authors of this document
note that they are not on the SSAC, the IAB, or the ICANN Board.)
All of these documents consider the effects of dotless domains
without describing the extent of their current deployment. In order
to help researchers determine the extent of the problems with dotless
domains, this document lists the known dotless domains at the time of
publication and shows how researchers can find them in the future.
In this document, we consider any TLD with an A, AAAA, and/or MX
record at the apex to be dotless. This document is meant to provide
current data to the Internet community but does not give advice.
<span class="grey">Levine & Hoffman Informational [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc7085">RFC 7085</a> Already Dotless TLDs December 2013</span>
Many people have expressed a belief that ICANN prohibits all TLDs
from being dotless. That belief is not true; ICANN's policies apply
only to their contracted TLDs. This document shows the extent to
which dotless domains exist today.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Current Dotless Domains</span>
This section shows the dotless domains we found on September 3, 2013,
using the script in <a href="#appendix-A">Appendix A</a>. The data was nearly constant for
many months, with very few additions or deletions of records.
We checked every TLD in the root zone to see which ones had A, AAAA,
or MX records. We found that about 5% of the TLDs did, and all of
the TLDs that do are two-letter TLDs or country code TLDs (which are
also known as ccTLDs).
<span class="h3"><a class="selflink" id="section-2.1" href="#section-2.1">2.1</a>. TLDs with A Records</span>
At the time this document is published, the following TLDs have A
records.
AC has address 193.223.78.210
AI has address 209.59.119.34
CM has address 195.24.205.60
DK has address 193.163.102.24
GG has address 87.117.196.80
IO has address 193.223.78.212
je has address 87.117.196.80
KH has address 203.223.32.21
PN has address 80.68.93.100
SH has address 193.223.78.211
TK has address 217.119.57.22
TM has address 193.223.78.213
TO has address 216.74.32.107
UZ has address 91.212.89.8
VI has address 193.0.0.198
WS has address 64.70.19.33
<span class="h3"><a class="selflink" id="section-2.2" href="#section-2.2">2.2</a>. TLDs with AAAA Records</span>
At the time this document is published, the following TLD has an AAAA
record.
DK has IPv6 address 2a01:630:0:40:b1a:b1a:2011:1
<span class="grey">Levine & Hoffman Informational [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc7085">RFC 7085</a> Already Dotless TLDs December 2013</span>
<span class="h3"><a class="selflink" id="section-2.3" href="#section-2.3">2.3</a>. TLDs with MX Records</span>
At the time this document is published, the following TLDs have MX
records. The SSAC report implies, but does not explicitly say, that
MX records would cause a TLD to be considered dotless; the IAB report
does not mention MX records at all.
AI mail is handled by 10 mail.offshore.AI.
AX mail is handled by 5 mail.aland.net.
CF mail is handled by 0 mail.intnet.CF.
DM mail is handled by 10 mail.nic.DM.
GP mail is handled by 10 ns1.worldsatelliteservices.com.
GP mail is handled by 5 ns1.nic.GP.
GT mail is handled by 10 ASPMX.L.GOOGLE.COM.
GT mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
GT mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM.
GT mail is handled by 30 ASPMX2.GOOGLEMAIL.COM.
GT mail is handled by 30 ASPMX3.GOOGLEMAIL.COM.
GT mail is handled by 30 ASPMX4.GOOGLEMAIL.COM.
GT mail is handled by 30 ASPMX5.GOOGLEMAIL.COM.
HR mail is handled by 5 alpha.carnet.HR.
IO mail is handled by 10 mailer2.IO.
KH mail is handled by 10 ns1.dns.net.KH.
KM mail is handled by 100 mail1.comorestelecom.KM.
LK mail is handled by 10 malithi-slt.nic.LK.
LK mail is handled by 20 malithi-lc.nic.LK.
MQ mail is handled by 10 mx1-mq.mediaserv.net.
PA mail is handled by 5 ns.PA.
TT mail is handled by 10 ALT1.ASPMX.L.GOOGLE.COM.
TT mail is handled by 1 ASPMX.L.GOOGLE.COM.
UA mail is handled by 10 mr.kolo.net.
VA mail is handled by 100 raphaelmx3.posta.VA.
VA mail is handled by 10 raphaelmx1.posta.VA.
VA mail is handled by 10 raphaelmx2.posta.VA.
WS mail is handled by 10 mail.worldsite.WS.
YE mail is handled by 10 mail.yemen.net.YE.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. IANA Considerations</span>
The script in <a href="#appendix-A">Appendix A</a> relies on IANA continuing to publish a copy
of the TLDs in the root zone at
<<a href="http://data.iana.org/TLD/tlds-alpha-by-domain.txt">http://data.iana.org/TLD/tlds-alpha-by-domain.txt</a>>.
<span class="grey">Levine & Hoffman Informational [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc7085">RFC 7085</a> Already Dotless TLDs December 2013</span>
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Security Considerations</span>
This document lists the known dotless domains; it does not express an
opinion whether or not there are security considerations with the
existence of dotless domains. The referenced IAB and SSAC reports
discuss the opinions of the respective bodies on the security and
stability considerations of dotless domains.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Acknowledgements</span>
Andrew Sullivan and Marc Blanchet gave helpful comments on this
document.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Informative References</span>
[<a id="ref-IAB-DOTLESS">IAB-DOTLESS</a>]
Internet Architecture Board, "Dotless Domains Considered
Harmful", July 2013, <<a href="https://www.iab.org/2013/07/10/iab-statement-dotless-domains-considered-harmful/">https://www.iab.org/2013/07/10/</a>
<a href="https://www.iab.org/2013/07/10/iab-statement-dotless-domains-considered-harmful/">iab-statement-dotless-domains-considered-harmful/</a>>.
[<a id="ref-NGPC-DOTLESS">NGPC-DOTLESS</a>]
New gTLD Program Committee of the ICANN Board, "Approved
Resolution on Dotless Domains", September 2013,
<<a href="http://www.icann.org/en/groups/board/documents/resolutions-new-gtld-13aug13-en.htm">http://www.icann.org/en/groups/board/documents/</a>
<a href="http://www.icann.org/en/groups/board/documents/resolutions-new-gtld-13aug13-en.htm">resolutions-new-gtld-13aug13-en.htm</a>>.
[<a id="ref-SAC053">SAC053</a>] ICANN Security and Stability Advisory Committee, "SSAC
Report on Dotless Domains", February 2012,
<<a href="http://www.icann.org/en/groups/ssac/documents/sac-053-en.pdf">http://www.icann.org/en/groups/ssac/documents/</a>
<a href="http://www.icann.org/en/groups/ssac/documents/sac-053-en.pdf">sac-053-en.pdf</a>>.
<span class="grey">Levine & Hoffman Informational [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc7085">RFC 7085</a> Already Dotless TLDs December 2013</span>
<span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. Script for Finding Dotless Domains</span>
The following Bourne shell script was used for finding the data in
this document. The authors believe that this script will work
correctly on a wide variety of operating systems and will continue to
do so in the foreseeable future. As is customary in the current
legal environment, the authors make no assurance that the script is
correct or that the script will not cause damage on a system where it
is run.
The script checks each nameserver for each TLD instead of just doing
a simple query because the nameservers for some of the TLDs have
inconsistent data in them with respect to the records shown here.
#! /bin/sh
# Get the current list of TLDs from IANA
wget -O orig.txt <a href="http://data.iana.org/TLD/tlds-alpha-by-domain.txt">http://data.iana.org/TLD/tlds-alpha-by-domain.txt</a>
# Remove the comment at the top of the file
grep -v '^#' orig.txt > TLDs.txt
# Get all the nameservers
while read tld; do host -t NS $tld; done < TLDs.txt > TLD-servers.txt
# Do queries for each record type, and do them on each nameserver
for rec in A AAAA MX; do
while read tld ignorea ignoreb ns; do
host -t $rec $tld. $ns;
done < TLD-servers.txt;
done > all-out.txt
# Print the results
grep "has address" all-out.txt | sort -uf
grep "has IPv6" all-out.txt | sort -uf
grep "mail is handled" all-out.txt | sort -uf
Authors' Addresses
John Levine
Taughannock Networks
EMail: standards@taugh.com
Paul Hoffman
Cybersecurity Association
EMail: paul.hoffman@cybersecurity.org
Levine & Hoffman Informational [Page 6]
</pre>
|
