diff options
Diffstat (limited to 'doc/rfc/rfc7085.txt')
-rw-r--r-- | doc/rfc/rfc7085.txt | 339 |
1 files changed, 339 insertions, 0 deletions
diff --git a/doc/rfc/rfc7085.txt b/doc/rfc/rfc7085.txt new file mode 100644 index 0000000..7e106bf --- /dev/null +++ b/doc/rfc/rfc7085.txt @@ -0,0 +1,339 @@ + + + + + + +Independent Submission J. Levine +Request for Comments: 7085 Taughannock Networks +Category: Informational P. Hoffman +ISSN: 2070-1721 Cybersecurity Association + December 2013 + + + Top-Level Domains That Are Already Dotless + +Abstract + + Recent statements from the Internet Architecture Board (IAB) and the + Internet Corporation of Assigned Names and Numbers (ICANN) Security + and Stability Advisory Committee have focused on the problems that + the DNS is likely to experience with top-level domains (TLDs) that + contain address records (so-called "dotless domains"). In order to + help researchers determine the extent of the issues with dotless + domains, this document lists the current dotless TLDs and gives a + script for finding them. This document lists data about dotless TLDs + but does not address the policy and technology issues other than to + point to the statements of others. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This is a contribution to the RFC Series, independently of any other + RFC stream. The RFC Editor has chosen to publish this document at + its discretion and makes no statement about its value for + implementation or deployment. Documents approved for publication by + the RFC Editor are not a candidate for any level of Internet + Standard; see Section 2 of RFC 5741. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc7085. + + + + + + + + + + + + + + +Levine & Hoffman Informational [Page 1] + +RFC 7085 Already Dotless TLDs December 2013 + + +Copyright Notice + + Copyright (c) 2013 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 2. Current Dotless Domains . . . . . . . . . . . . . . . . . . . 3 + 2.1. TLDs with A Records . . . . . . . . . . . . . . . . . . . 3 + 2.2. TLDs with AAAA Records . . . . . . . . . . . . . . . . . 3 + 2.3. TLDs with MX Records . . . . . . . . . . . . . . . . . . 4 + 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 + 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 + 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 + 6. Informative References . . . . . . . . . . . . . . . . . . . 5 + Appendix A. Script for Finding Dotless Domains . . . . . . . . . 6 + +1. Introduction + + In the past few years, well-respected groups have issued documents + about top-level domains in the DNS that contain address records + (so-called "dotless domains"). The Security and Stability Advisory + Committee (SSAC) of the Internet Corporation for Assigned Names and + Numbers (ICANN) issued a report called "Report on Dotless Domains" + [SAC053] in February 2012. The Internet Architecture Board (IAB) + issued a statement called "Dotless Domains Considered Harmful" + [IAB-DOTLESS] in July 2013. The New gTLD Program Committee of the + ICANN Board of Directors (NGPC) approved a resolution on dotless + domains [NGPC-DOTLESS] in August 2013. (The authors of this document + note that they are not on the SSAC, the IAB, or the ICANN Board.) + + All of these documents consider the effects of dotless domains + without describing the extent of their current deployment. In order + to help researchers determine the extent of the problems with dotless + domains, this document lists the known dotless domains at the time of + publication and shows how researchers can find them in the future. + In this document, we consider any TLD with an A, AAAA, and/or MX + record at the apex to be dotless. This document is meant to provide + current data to the Internet community but does not give advice. + + + + +Levine & Hoffman Informational [Page 2] + +RFC 7085 Already Dotless TLDs December 2013 + + + Many people have expressed a belief that ICANN prohibits all TLDs + from being dotless. That belief is not true; ICANN's policies apply + only to their contracted TLDs. This document shows the extent to + which dotless domains exist today. + +2. Current Dotless Domains + + This section shows the dotless domains we found on September 3, 2013, + using the script in Appendix A. The data was nearly constant for + many months, with very few additions or deletions of records. + + We checked every TLD in the root zone to see which ones had A, AAAA, + or MX records. We found that about 5% of the TLDs did, and all of + the TLDs that do are two-letter TLDs or country code TLDs (which are + also known as ccTLDs). + +2.1. TLDs with A Records + + At the time this document is published, the following TLDs have A + records. + + AC has address 193.223.78.210 + AI has address 209.59.119.34 + CM has address 195.24.205.60 + DK has address 193.163.102.24 + GG has address 87.117.196.80 + IO has address 193.223.78.212 + je has address 87.117.196.80 + KH has address 203.223.32.21 + PN has address 80.68.93.100 + SH has address 193.223.78.211 + TK has address 217.119.57.22 + TM has address 193.223.78.213 + TO has address 216.74.32.107 + UZ has address 91.212.89.8 + VI has address 193.0.0.198 + WS has address 64.70.19.33 + +2.2. TLDs with AAAA Records + + At the time this document is published, the following TLD has an AAAA + record. + + DK has IPv6 address 2a01:630:0:40:b1a:b1a:2011:1 + + + + + + + +Levine & Hoffman Informational [Page 3] + +RFC 7085 Already Dotless TLDs December 2013 + + +2.3. TLDs with MX Records + + At the time this document is published, the following TLDs have MX + records. The SSAC report implies, but does not explicitly say, that + MX records would cause a TLD to be considered dotless; the IAB report + does not mention MX records at all. + + AI mail is handled by 10 mail.offshore.AI. + AX mail is handled by 5 mail.aland.net. + CF mail is handled by 0 mail.intnet.CF. + DM mail is handled by 10 mail.nic.DM. + GP mail is handled by 10 ns1.worldsatelliteservices.com. + GP mail is handled by 5 ns1.nic.GP. + GT mail is handled by 10 ASPMX.L.GOOGLE.COM. + GT mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM. + GT mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM. + GT mail is handled by 30 ASPMX2.GOOGLEMAIL.COM. + GT mail is handled by 30 ASPMX3.GOOGLEMAIL.COM. + GT mail is handled by 30 ASPMX4.GOOGLEMAIL.COM. + GT mail is handled by 30 ASPMX5.GOOGLEMAIL.COM. + HR mail is handled by 5 alpha.carnet.HR. + IO mail is handled by 10 mailer2.IO. + KH mail is handled by 10 ns1.dns.net.KH. + KM mail is handled by 100 mail1.comorestelecom.KM. + LK mail is handled by 10 malithi-slt.nic.LK. + LK mail is handled by 20 malithi-lc.nic.LK. + MQ mail is handled by 10 mx1-mq.mediaserv.net. + PA mail is handled by 5 ns.PA. + TT mail is handled by 10 ALT1.ASPMX.L.GOOGLE.COM. + TT mail is handled by 1 ASPMX.L.GOOGLE.COM. + UA mail is handled by 10 mr.kolo.net. + VA mail is handled by 100 raphaelmx3.posta.VA. + VA mail is handled by 10 raphaelmx1.posta.VA. + VA mail is handled by 10 raphaelmx2.posta.VA. + WS mail is handled by 10 mail.worldsite.WS. + YE mail is handled by 10 mail.yemen.net.YE. + +3. IANA Considerations + + The script in Appendix A relies on IANA continuing to publish a copy + of the TLDs in the root zone at + <http://data.iana.org/TLD/tlds-alpha-by-domain.txt>. + + + + + + + + + +Levine & Hoffman Informational [Page 4] + +RFC 7085 Already Dotless TLDs December 2013 + + +4. Security Considerations + + This document lists the known dotless domains; it does not express an + opinion whether or not there are security considerations with the + existence of dotless domains. The referenced IAB and SSAC reports + discuss the opinions of the respective bodies on the security and + stability considerations of dotless domains. + +5. Acknowledgements + + Andrew Sullivan and Marc Blanchet gave helpful comments on this + document. + +6. Informative References + + [IAB-DOTLESS] + Internet Architecture Board, "Dotless Domains Considered + Harmful", July 2013, <https://www.iab.org/2013/07/10/ + iab-statement-dotless-domains-considered-harmful/>. + + [NGPC-DOTLESS] + New gTLD Program Committee of the ICANN Board, "Approved + Resolution on Dotless Domains", September 2013, + <http://www.icann.org/en/groups/board/documents/ + resolutions-new-gtld-13aug13-en.htm>. + + [SAC053] ICANN Security and Stability Advisory Committee, "SSAC + Report on Dotless Domains", February 2012, + <http://www.icann.org/en/groups/ssac/documents/ + sac-053-en.pdf>. + + + + + + + + + + + + + + + + + + + + + +Levine & Hoffman Informational [Page 5] + +RFC 7085 Already Dotless TLDs December 2013 + + +Appendix A. Script for Finding Dotless Domains + + The following Bourne shell script was used for finding the data in + this document. The authors believe that this script will work + correctly on a wide variety of operating systems and will continue to + do so in the foreseeable future. As is customary in the current + legal environment, the authors make no assurance that the script is + correct or that the script will not cause damage on a system where it + is run. + + The script checks each nameserver for each TLD instead of just doing + a simple query because the nameservers for some of the TLDs have + inconsistent data in them with respect to the records shown here. + + #! /bin/sh + # Get the current list of TLDs from IANA + wget -O orig.txt http://data.iana.org/TLD/tlds-alpha-by-domain.txt + # Remove the comment at the top of the file + grep -v '^#' orig.txt > TLDs.txt + # Get all the nameservers + while read tld; do host -t NS $tld; done < TLDs.txt > TLD-servers.txt + # Do queries for each record type, and do them on each nameserver + for rec in A AAAA MX; do + while read tld ignorea ignoreb ns; do + host -t $rec $tld. $ns; + done < TLD-servers.txt; + done > all-out.txt + # Print the results + grep "has address" all-out.txt | sort -uf + grep "has IPv6" all-out.txt | sort -uf + grep "mail is handled" all-out.txt | sort -uf + +Authors' Addresses + + John Levine + Taughannock Networks + + EMail: standards@taugh.com + + + Paul Hoffman + Cybersecurity Association + + EMail: paul.hoffman@cybersecurity.org + + + + + + + +Levine & Hoffman Informational [Page 6] + |