summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc7085.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc7085.txt')
-rw-r--r--doc/rfc/rfc7085.txt339
1 files changed, 339 insertions, 0 deletions
diff --git a/doc/rfc/rfc7085.txt b/doc/rfc/rfc7085.txt
new file mode 100644
index 0000000..7e106bf
--- /dev/null
+++ b/doc/rfc/rfc7085.txt
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+Independent Submission J. Levine
+Request for Comments: 7085 Taughannock Networks
+Category: Informational P. Hoffman
+ISSN: 2070-1721 Cybersecurity Association
+ December 2013
+
+
+ Top-Level Domains That Are Already Dotless
+
+Abstract
+
+ Recent statements from the Internet Architecture Board (IAB) and the
+ Internet Corporation of Assigned Names and Numbers (ICANN) Security
+ and Stability Advisory Committee have focused on the problems that
+ the DNS is likely to experience with top-level domains (TLDs) that
+ contain address records (so-called "dotless domains"). In order to
+ help researchers determine the extent of the issues with dotless
+ domains, this document lists the current dotless TLDs and gives a
+ script for finding them. This document lists data about dotless TLDs
+ but does not address the policy and technology issues other than to
+ point to the statements of others.
+
+Status of This Memo
+
+ This document is not an Internet Standards Track specification; it is
+ published for informational purposes.
+
+ This is a contribution to the RFC Series, independently of any other
+ RFC stream. The RFC Editor has chosen to publish this document at
+ its discretion and makes no statement about its value for
+ implementation or deployment. Documents approved for publication by
+ the RFC Editor are not a candidate for any level of Internet
+ Standard; see Section 2 of RFC 5741.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc7085.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Levine & Hoffman Informational [Page 1]
+
+RFC 7085 Already Dotless TLDs December 2013
+
+
+Copyright Notice
+
+ Copyright (c) 2013 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document.
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
+ 2. Current Dotless Domains . . . . . . . . . . . . . . . . . . . 3
+ 2.1. TLDs with A Records . . . . . . . . . . . . . . . . . . . 3
+ 2.2. TLDs with AAAA Records . . . . . . . . . . . . . . . . . 3
+ 2.3. TLDs with MX Records . . . . . . . . . . . . . . . . . . 4
+ 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
+ 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
+ 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
+ 6. Informative References . . . . . . . . . . . . . . . . . . . 5
+ Appendix A. Script for Finding Dotless Domains . . . . . . . . . 6
+
+1. Introduction
+
+ In the past few years, well-respected groups have issued documents
+ about top-level domains in the DNS that contain address records
+ (so-called "dotless domains"). The Security and Stability Advisory
+ Committee (SSAC) of the Internet Corporation for Assigned Names and
+ Numbers (ICANN) issued a report called "Report on Dotless Domains"
+ [SAC053] in February 2012. The Internet Architecture Board (IAB)
+ issued a statement called "Dotless Domains Considered Harmful"
+ [IAB-DOTLESS] in July 2013. The New gTLD Program Committee of the
+ ICANN Board of Directors (NGPC) approved a resolution on dotless
+ domains [NGPC-DOTLESS] in August 2013. (The authors of this document
+ note that they are not on the SSAC, the IAB, or the ICANN Board.)
+
+ All of these documents consider the effects of dotless domains
+ without describing the extent of their current deployment. In order
+ to help researchers determine the extent of the problems with dotless
+ domains, this document lists the known dotless domains at the time of
+ publication and shows how researchers can find them in the future.
+ In this document, we consider any TLD with an A, AAAA, and/or MX
+ record at the apex to be dotless. This document is meant to provide
+ current data to the Internet community but does not give advice.
+
+
+
+
+Levine & Hoffman Informational [Page 2]
+
+RFC 7085 Already Dotless TLDs December 2013
+
+
+ Many people have expressed a belief that ICANN prohibits all TLDs
+ from being dotless. That belief is not true; ICANN's policies apply
+ only to their contracted TLDs. This document shows the extent to
+ which dotless domains exist today.
+
+2. Current Dotless Domains
+
+ This section shows the dotless domains we found on September 3, 2013,
+ using the script in Appendix A. The data was nearly constant for
+ many months, with very few additions or deletions of records.
+
+ We checked every TLD in the root zone to see which ones had A, AAAA,
+ or MX records. We found that about 5% of the TLDs did, and all of
+ the TLDs that do are two-letter TLDs or country code TLDs (which are
+ also known as ccTLDs).
+
+2.1. TLDs with A Records
+
+ At the time this document is published, the following TLDs have A
+ records.
+
+ AC has address 193.223.78.210
+ AI has address 209.59.119.34
+ CM has address 195.24.205.60
+ DK has address 193.163.102.24
+ GG has address 87.117.196.80
+ IO has address 193.223.78.212
+ je has address 87.117.196.80
+ KH has address 203.223.32.21
+ PN has address 80.68.93.100
+ SH has address 193.223.78.211
+ TK has address 217.119.57.22
+ TM has address 193.223.78.213
+ TO has address 216.74.32.107
+ UZ has address 91.212.89.8
+ VI has address 193.0.0.198
+ WS has address 64.70.19.33
+
+2.2. TLDs with AAAA Records
+
+ At the time this document is published, the following TLD has an AAAA
+ record.
+
+ DK has IPv6 address 2a01:630:0:40:b1a:b1a:2011:1
+
+
+
+
+
+
+
+Levine & Hoffman Informational [Page 3]
+
+RFC 7085 Already Dotless TLDs December 2013
+
+
+2.3. TLDs with MX Records
+
+ At the time this document is published, the following TLDs have MX
+ records. The SSAC report implies, but does not explicitly say, that
+ MX records would cause a TLD to be considered dotless; the IAB report
+ does not mention MX records at all.
+
+ AI mail is handled by 10 mail.offshore.AI.
+ AX mail is handled by 5 mail.aland.net.
+ CF mail is handled by 0 mail.intnet.CF.
+ DM mail is handled by 10 mail.nic.DM.
+ GP mail is handled by 10 ns1.worldsatelliteservices.com.
+ GP mail is handled by 5 ns1.nic.GP.
+ GT mail is handled by 10 ASPMX.L.GOOGLE.COM.
+ GT mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
+ GT mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM.
+ GT mail is handled by 30 ASPMX2.GOOGLEMAIL.COM.
+ GT mail is handled by 30 ASPMX3.GOOGLEMAIL.COM.
+ GT mail is handled by 30 ASPMX4.GOOGLEMAIL.COM.
+ GT mail is handled by 30 ASPMX5.GOOGLEMAIL.COM.
+ HR mail is handled by 5 alpha.carnet.HR.
+ IO mail is handled by 10 mailer2.IO.
+ KH mail is handled by 10 ns1.dns.net.KH.
+ KM mail is handled by 100 mail1.comorestelecom.KM.
+ LK mail is handled by 10 malithi-slt.nic.LK.
+ LK mail is handled by 20 malithi-lc.nic.LK.
+ MQ mail is handled by 10 mx1-mq.mediaserv.net.
+ PA mail is handled by 5 ns.PA.
+ TT mail is handled by 10 ALT1.ASPMX.L.GOOGLE.COM.
+ TT mail is handled by 1 ASPMX.L.GOOGLE.COM.
+ UA mail is handled by 10 mr.kolo.net.
+ VA mail is handled by 100 raphaelmx3.posta.VA.
+ VA mail is handled by 10 raphaelmx1.posta.VA.
+ VA mail is handled by 10 raphaelmx2.posta.VA.
+ WS mail is handled by 10 mail.worldsite.WS.
+ YE mail is handled by 10 mail.yemen.net.YE.
+
+3. IANA Considerations
+
+ The script in Appendix A relies on IANA continuing to publish a copy
+ of the TLDs in the root zone at
+ <http://data.iana.org/TLD/tlds-alpha-by-domain.txt>.
+
+
+
+
+
+
+
+
+
+Levine & Hoffman Informational [Page 4]
+
+RFC 7085 Already Dotless TLDs December 2013
+
+
+4. Security Considerations
+
+ This document lists the known dotless domains; it does not express an
+ opinion whether or not there are security considerations with the
+ existence of dotless domains. The referenced IAB and SSAC reports
+ discuss the opinions of the respective bodies on the security and
+ stability considerations of dotless domains.
+
+5. Acknowledgements
+
+ Andrew Sullivan and Marc Blanchet gave helpful comments on this
+ document.
+
+6. Informative References
+
+ [IAB-DOTLESS]
+ Internet Architecture Board, "Dotless Domains Considered
+ Harmful", July 2013, <https://www.iab.org/2013/07/10/
+ iab-statement-dotless-domains-considered-harmful/>.
+
+ [NGPC-DOTLESS]
+ New gTLD Program Committee of the ICANN Board, "Approved
+ Resolution on Dotless Domains", September 2013,
+ <http://www.icann.org/en/groups/board/documents/
+ resolutions-new-gtld-13aug13-en.htm>.
+
+ [SAC053] ICANN Security and Stability Advisory Committee, "SSAC
+ Report on Dotless Domains", February 2012,
+ <http://www.icann.org/en/groups/ssac/documents/
+ sac-053-en.pdf>.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Levine & Hoffman Informational [Page 5]
+
+RFC 7085 Already Dotless TLDs December 2013
+
+
+Appendix A. Script for Finding Dotless Domains
+
+ The following Bourne shell script was used for finding the data in
+ this document. The authors believe that this script will work
+ correctly on a wide variety of operating systems and will continue to
+ do so in the foreseeable future. As is customary in the current
+ legal environment, the authors make no assurance that the script is
+ correct or that the script will not cause damage on a system where it
+ is run.
+
+ The script checks each nameserver for each TLD instead of just doing
+ a simple query because the nameservers for some of the TLDs have
+ inconsistent data in them with respect to the records shown here.
+
+ #! /bin/sh
+ # Get the current list of TLDs from IANA
+ wget -O orig.txt http://data.iana.org/TLD/tlds-alpha-by-domain.txt
+ # Remove the comment at the top of the file
+ grep -v '^#' orig.txt > TLDs.txt
+ # Get all the nameservers
+ while read tld; do host -t NS $tld; done < TLDs.txt > TLD-servers.txt
+ # Do queries for each record type, and do them on each nameserver
+ for rec in A AAAA MX; do
+ while read tld ignorea ignoreb ns; do
+ host -t $rec $tld. $ns;
+ done < TLD-servers.txt;
+ done > all-out.txt
+ # Print the results
+ grep "has address" all-out.txt | sort -uf
+ grep "has IPv6" all-out.txt | sort -uf
+ grep "mail is handled" all-out.txt | sort -uf
+
+Authors' Addresses
+
+ John Levine
+ Taughannock Networks
+
+ EMail: standards@taugh.com
+
+
+ Paul Hoffman
+ Cybersecurity Association
+
+ EMail: paul.hoffman@cybersecurity.org
+
+
+
+
+
+
+
+Levine & Hoffman Informational [Page 6]
+