1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
|
Independent Submission M. Thomas
Request for Comments: 8023
Category: Informational A. Mankin
ISSN: 2070-1721 Salesforce
L. Zhang
UCLA
November 2016
Report from the Workshop and Prize on
Root Causes and Mitigation of Name Collisions
Abstract
This document provides context and a report on the workshop on "Root
Causes and Mitigation of Name Collisions", which took place in
London, United Kingdom, from March 8 to 10, 2014. The main goal of
the workshop was to foster a discussion on the causes and potential
mitigations of domain name collisions. This report provides a small
amount of background and context; then, it provides a summary of the
workshop's discussions.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not a candidate for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8023.
Thomas, et al. Informational [Page 1]
^L
RFC 8023 Name Collisions Workshop November 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction ....................................................2
2. Background and Context ..........................................4
2.1. Brief Update ...............................................6
3. Workshop Structure ..............................................7
3.1. Research Findings ..........................................8
3.2. System Analysis ............................................9
3.3. Frameworks: Modeling, Analysis, and Mitigation ............9
3.4. Conclusions and Next Steps ................................11
4. Security Considerations ........................................11
5. Informative References .........................................12
Appendix A. Program Committee .....................................16
Appendix B. Workshop Material .....................................16
Appendix C. Workshop Participants .................................17
Acknowledgments ...................................................17
Authors' Addresses ................................................17
1. Introduction
It has been well known within the Internet research and engineering
community that many installed systems in the Internet query the
domain name system (DNS) root for names under a wide range of top-
level domains (TLDs). Many of these TLDs are not delegated, which
results in a response indicating that the name queried does not exist
(commonly called an NXDOMAIN response [RFC7719]). In the Internet
Corporation for Assigned Names and Numbers (ICANN) community, it was
observed as early as November 2010 by the Security and Stability
Advisory Committee (SSAC) report [SAC045] that the addition of new
TLDs in the DNS root could result in so-called name collisions for
names used in environments other than the global Internet. Some
installed systems, following established (albeit not vetted)
operational practices, generate queries to the global DNS with name
suffixes that, under seemingly reasonable assumptions at the time the
systems were designed or configured, were not expected to be
delegated as TLDs. Many of these installed systems depend explicitly
Thomas, et al. Informational [Page 2]
^L
RFC 8023 Name Collisions Workshop November 2016
or implicitly on the indication from the global DNS that the domain
name suffix does not exist. After a new TLD is delegated, the global
DNS may give a different response to the query involving the TLD than
it did prior to the TLD's delegation.
A name collision occurs when an attempt to resolve a name used in a
private namespace results in a query to the public DNS, and the
response indicates that the name is in the global DNS [NCRI]. In
other words, the overlap of public and private namespaces may result
in potential unintended (and, therefore, potentially harmful)
resolution results. The impact of the global change on installed
systems will be varied; risks to installed systems introduced by name
collisions may arise due to varied causes.
In a globally distributed system, such as the Internet, it is
difficult, yet critical, to agree on policies for demarking
boundaries of ownership and autonomy. Name space governance is
critical to ensure predictable use of names in the global DNS.
In order to help ensure this uniqueness and interoperability, ICANN,
through its coordination of the IANA functions, is responsible for
administration of certain responsibilities associated with Internet
DNS root zone management, such as generic and country code Top-Level
Domains (gTLDs and ccTLDs). Prior to ICANN's creation in 1998, seven
generic TLDs were defined in the early development of the Internet
[RFC1591]. Since the formation of ICANN, the delegations of generic,
internationalized and country code TLDs have been administered and
delegated by ICANN. During these delegations, it quickly became
apparent within the IETF community that there was a need to reserve
name spaces that can be used for creating limited sets of internal
names without fear of conflicts with current or future TLD name
spaces in the global DNS [RFC2606].
While the reserved TLDs [RFC2606] aimed to enable operators to use
them only as a small set of reserved names internally, with limited
uses, educational awareness and operational best practices did not
achieve the goal of reserving special-use domain names [RFC6761];
other suffixes, not reserved though at the time not in conflict, were
often employed instead. Faulty assumptions, or encouragement in some
cases by vendor documentation, of "we only use this name internally
and there is no possibility of leakage to the global DNS" were made
by numerous operators or administrators. Numerous reports and
findings have clearly disproved these faulty assumptions by showing
substantial "DNS leakage" into the global DNS through mechanisms such
as search lists.
In 2012, ICANN created a new gTLD program to add a potentially
unlimited number of new gTLDs to the root zone as a mechanism to
Thomas, et al. Informational [Page 3]
^L
RFC 8023 Name Collisions Workshop November 2016
enhance competition, innovation, and consumer choice. With the
potential of many new gTLDs becoming delegated in the global DNS,
operators or administrators who elected to use a non-delegated name
space internally may face potential "name collision" problems.
This document is primarily a report on the March 2014 workshop that
set out to examine the causes and mitigation of such name collisions
and their associated risks. It is a companion to the Workshop and
Prize on Root Causes and Mitigation of Name Collisions proceedings
[WPNC], and it also provides some additional background and context.
2. Background and Context
When the workshop was convened, the context and status of the work
around name collisions could be described as follows.
Since early 2008, there had been numerous lengthy discussions within
the ICANN community about the ability of the DNS root to scale to
accommodate new gTLDs and the impact of making those changes on the
DNS ecosystem. In March 2008, the Internet Architecture Board (IAB)
observed that the introduction of suffixes in use in a number of
environments could lead to instability [IAB2008]. In December 2010,
the Security and Stability Advisory Committee (SSAC) issued their
report on root scaling in which the committee formalized several
recommendations based on "actual measurement, monitoring, and data-
sharing capabilities of root zone performance" to help determine the
feasibility of root scaling [SAC046]. Separately, the Root Server
System Advisory Committee [RSSAC] agreed in late 2010 on the need to
establish standard metrics to be collected and reported by all
operators. This effort would provide the community with a baseline
measure of the entire root server system's performance. With such an
established baseline, any possible negative effect from additional
TLDs within the root could potentially be identified. In late 2012,
the ICANN Board affirmed the need to work with the root server
operators via RSSAC to complete the documentation of the interactions
between ICANN and the root server operators with respect to root zone
scaling [IR2012].
In March 2013, SSAC published an advisory titled "SSAC Advisory on
Internal Name Certificates," which identified a Certificate Authority
(CA) practice that, if widely exploited, "could pose a significant
risk to the privacy and integrity of secure Internet communications"
[SAC057]. The ICANN Board acknowledged the issues identified in the
advisory report on internal name certificates [SAC057] as part of a
more general category of issues. These issues included installed
systems utilizing a namespace in a private network that includes a
non-delegated TLD that is later delegated into the root. In May
2013, the ICANN Board commissioned a study on the use within private
Thomas, et al. Informational [Page 4]
^L
RFC 8023 Name Collisions Workshop November 2016
name spaces of TLDs that are not currently delegated at the root
level of the global DNS [ISTUDY]. This study was focused on
potential name collision events between applied-for new gTLDs and
non-delegated TLDs potentially used in private namespaces. The study
also examined the potential possibility of name collisions arising
from the use of digital certificates referenced in the SSAC report on
internal name certificates [SAC057].
Between the RSSAC's and SSAC's advisory statements ([RSSAC] [SAC046])
and the ICANN commissioning of a study in May 2013, there was
significant progress on establishing formalized, coordinated
monitoring and measurement of the root. RSSAC approached its
finalization of the specific metrics that each root operator will
collect and initiated discussions about where the operators will send
their data for analysis once collected. To properly gauge the risks
of new gTLD delegations to the root, an established baseline of
normal performance of the system would be required to start
sufficiently ahead of the new delegations. The execution of these
RSSAC and SSAC recommendations was timed poorly with the commissioned
study, resulting in a limited pool of data repositories from which
any baseline and risk measurements could be established.
It is common practice for each root operator to monitor its own root
server, and some operators report the status and performance of their
services publicly. As of ICANN's study commissioned in May 2013
[ISTUDY], there was no mechanism in place to allow a detailed view of
the entire root system, short of the annual "Day in the Life"
([DITL]) data repository, which contains root DNS data over a short
coordinated time period from a varying subset of root operators and
was intended to be used for research purposes, not to provide overall
monitoring and an operational view of system health. Due to the lack
of a more comprehensive and desirable data repository for baseline
and collision analysis DITL has become the de facto referential
dataset for root traffic analysis.
The commissioned study, conducted by the Interisle Consulting Group,
was published in August of 2013. Their report "Name Collisions in
the DNS" [INTERISLE], based on [DITL] measurements, addressed name
collisions in the DNS and also recommended options to mitigate the
various name collision risks. The study identified categories of
strings according to the risk they represent: low risk (80 percent of
applied-for strings), uncalculated risk (20 percent of applied-for
strings), and high risk (2 applied-for strings).
At the same time as the [INTERISLE] study, ICANN published a
proposal, titled "New gTLD Collision Occurrence Management Plan"
[NGCOMP], to manage the risk of name collisions within the applied-
for gTLDs. Based on measurements, ICANN deemed two strings, .home
Thomas, et al. Informational [Page 5]
^L
RFC 8023 Name Collisions Workshop November 2016
and .corp, to be high risk because of their widespread use within
internal networks and would indefinitely delay their delegation
[INTERISLE]. Those strings within the uncalculated-risk
classification would be delayed 2 to 3 months in their application
process while ICANN conducted more research into whether the string
is of high- or low-risk classification. Those in the low-risk
classification would face a delay in activating domains until 120
days after contracting with ICANN to allow for the change in
certificate authority practices recommended in the SSAC report on
internal name certificates [SAC057].
Within the ICANN proposal [NGCOMP], an approach termed the
"alternative path to delegation" was outlined, in which a registry
operator could elect to proceed with delegation, provided it
initially blocked all second-level domains (SLDs) that appeared in
the certain DITL datasets pending the completion of the assessment.
The majority of new gTLD applicants that were eligible elected this
alternative path once otherwise approved for delegation. The plan
also outlined an outreach campaign to educate system administrators,
software developers, and other engineers about the name collision
issue and possible mitigation measures.
As a further provision, the "New gTLD Collision Occurrence Management
Plan" called for a follow-up study that would develop a "Name
Collision Occurrence Management Framework" [NCOMF]. In February
2014, the document, "Mitigating the Risk of DNS Namespace Collisions:
Phase One Report," was published by the ICANN-contracted group JAS
Global Advisors [MRDNC]. The report provides a number of
recommendations for addressing the name collision issue focusing on a
technique termed "controlled interruption," in which a registry would
temporarily resolve all SLDs (or all SLDs present in the block list)
to a specific IP: 127.0.53.53. The report also makes provisions to
implement an emergency plan and strategy in case name collisions had
a "clear danger to human life."
2.1. Brief Update
In the time frame after the workshop, a final version of the Phase
One Report was released in June 2014 [MRDNC].
In July 2014, after a community review phase, a final recommendation
was issued by ICANN [NCOMFINAL]; this has been followed by the
publication of management documents for the implementation of a
controlled interrupt for new gTLD delegations [NOCA] [NCSLDCIV]
[ADDNOCA].
Thomas, et al. Informational [Page 6]
^L
RFC 8023 Name Collisions Workshop November 2016
Much of the framework called for in the Name Collision Occurrence
Management Framework [NCOMF] was not released by the time of writing
this document, and the Phase One Report [MRDNC] indicated that its
publication was delayed due to a security vulnerability [JASBUG]
identified during the course of the work.
Broad community efforts to measure the impact of name collisions were
not included in the final recommendation issued by ICANN [NCOMFINAL].
At the time of this writing, RSSAC has just published its
specification of common measurements to be collected by root
operators, meeting one part of the needs for measurements of the root
server system [RSSAC002].
3. Workshop Structure
The Workshop and Prize on Root Causes and Mitigation of Name
Collisions [WPNC], sponsored by Verisign, took place March 8-10, 2014
in London, United Kingdom. The WPNC was open to the public, and it
gathered subject-area specialists, researchers, and practitioners to
discuss and present their views, concerns, and ideas surrounding the
name collision issue. Proceedings are published at the workshop's
website [WPNC].
The workshop focused on studies of name collision risks and
mitigations with the expectation to advance the global community's
insight into operational uses of name suffixes that can result in
name collisions and to gain a stronger understanding of the potential
risks for the users of the installed systems. Additional emphasis
and attention was given to discussions that might advance the state
of knowledge about the architecture and impacts of DNS namespaces
with multiple scopes or resolution contexts and the utilization of
new methods of monitoring and understanding the needs and methods for
mitigating emerging Internet risks around name collisions. A
technical program committee, whose members spanned a variety of
organizations and universities, was assembled. The committee issued
a call for papers and evaluated all submissions to ensure the highest
level of quality.
A synthesis of the accepted papers and conference proceedings is
captured in the subsections below. Another informal synopsis of the
workshop combined with individual statements and observations is
available online [COMMENTARY].
Thomas, et al. Informational [Page 7]
^L
RFC 8023 Name Collisions Workshop November 2016
3.1. Research Findings
Many of the research papers focused on the analysis of DITL data to
better understand various aspects of the root NXDOMAIN traffic
([TECHNIQUES], [RARDBITS], [BLOCKLISTS], [MODELING], and
[SEARCHLISTS]). Note: all workshop contributions are listed in
Appendix B; full papers and slides are available at the website
[WPNC].
While the DITL data has become the de facto referential dataset for
root traffic analysis, some presenters echoed concerns that the
dataset may have become biased or polluted with "artificial" queries
after the ICANN "Reveal Day," in which the list of applied-for gTLD
strings was publicly disclosed. No conclusive or empirical evidence
of tampering was presented; however, concerns about the integrity and
reliability of future DITL collections and analysis for purposes
related to new gTLDs were echoed by some panelists [IESCPANEL].
Furthermore, the statistical accuracy and completeness of DITL data
-- used to draw inferential conclusions or more specifically create
SLD block lists -- was examined. The efficacy of blocking domains
based on sampled DNS data, e.g., DITL, was investigated by comparing
measurements of SLDs within DITL and that of a multi-month root
NXDOMAIN collection at the A and J roots [BLOCKLISTS]. The findings
provided insights into SLD-root affinities, SLD temporal query
patterns and occurrence frequencies that demonstrated the
ineffectiveness of block listing domains based on sampled DNS data
such as [DITL].
Measurements of queries specifying the recursion desired (RD) bit to
the roots in DITL were quantified to identify the level and nature of
naive DNS clients and to determine and assess potential impacts that
could arise from the proposed SLD blocking technique to these naive
clients [RARDBITS]. A substantial proportion of the root server
request traffic contained queries with the RD bit specified. Both in
absolute and relative terms, requests specifying the RD bit for
applied-for gTLDs were found to be significantly lower when compared
to existing TLDs. The root cause determination of what system or
mechanism is responsible for generating the queries was inconclusive
and only speculative explanations of faulty implementations of a DNS
resolving server were hypothesized. However, the analysis was also
not able to identify instances of actual or potential harm resulting
from these naive clients, suggesting if SLD blocking techniques were
to be utilized, it is unlikely there would be any negative impact to
these naive clients.
Thomas, et al. Informational [Page 8]
^L
RFC 8023 Name Collisions Workshop November 2016
3.2. System Analysis
Comparison of elements can often help us to understand a system as a
whole. A passive study of the DNS traffic in a provisioned domain
such as "corp.com" may elucidate certain name collision parallels
[CORPCOM]. Such measurements were presented as a proxy for the
".corp" potential new gTLD. According to the study, significant DNS
traffic volume was directed at a variety of third-level domains under
"corp.com". This prompted a series of questions surrounding how name
collisions can be identified, as most end-users won't recognize that
problems may be due to a name collision. How will users know that
the problem they are experiencing is a result of a new, colliding
gTLD? Will support groups be able to diagnose a name collision event
from reported symptom(s)? Will a collision-based security hole be
detectable?
These questions, upon which underpinnings rely on communication and
educational awareness, may find recommendations or parallels from
other system references during the workshop [JASFRAMEWORK] -- such as
the postal and telephone system. Most telephone and postal systems
have evolved over time, requiring individuals to alter the way they
address their parcels or place their calls. Both systems implemented
their changes in such a way that prior to the change, educational
material is distributed and communicated and for a period of time and
after the change, compliance of the previous standard is temporarily
accepted. While the telephone and postal system operate in a very
different way than the DNS, these parallels of "advanced
notification, education and communication, and a grace period" were
insightful for how other similar systems transitioned.
3.3. Frameworks: Modeling, Analysis, and Mitigation
Statements from several TLD operators during the conference
reverberated a theme for the need of improved tooling, education, and
communication surrounding name collisions. The delegation of new
gTLDs is an ongoing event, and there is a clear and immediate need
for these operators to have visibility to monitor and measure the
effects of these new gTLD delegations. A lack of tools, shared data,
communication, and education surrounding name collisions has
handicapped operators in their ability to quantitatively measure and
proactively provide any steps for mitigation of risks. To this end,
numerous techniques, frameworks, and models that focused on the
concepts of analyzing, detecting, and measuring various name
collision risk factors were presented and reviewed with the hope of
understanding these underlying concerns and issues ([TECHNIQUES]
[MODELING] [SEARCHLISTS] [DNSENDUSER] [ENTNETWORK]).
Thomas, et al. Informational [Page 9]
^L
RFC 8023 Name Collisions Workshop November 2016
Data-driven analysis and mitigation require operators to be versed
and skilled with data analysis techniques to better understand the
contextual intent and ownership of DNS queries. An overview of
various DNS analysis techniques in which ways of decomposing names,
measuring temporal distributions between queries, and detecting
organizational/geographical affinities was presented [TECHNIQUES].
More-specific techniques were also showcased, such as a systematic
way of observing and characterizing the impact of search lists within
root DNS traffic allowing operators to quantify the number of unique
entities that may be reliant on a particular name space
[SEARCHLISTS]. While not exhaustive, the techniques presented have
been proven to elucidate patterns within root DNS traffic data and
could serve as the potential building blocks of a DNS analysis
framework.
Most of the previously published work focused on name collisions has
produced various quantitative analyses based on observations of
Internet traffic and data, including DNS queries and web content, in
which behavior and associated risks have been inferred. An
understanding of the inverse of the process by starting with a
fundamental model of name resolution at the client was proposed as an
alternative means to define risk [MODELING]. This model
deconstructed the process of name resolution at the resolver library
of a client system and formalized a model from which derived metrics
could be used to define and quantify associated risks. While the
model presented is only a piece of the greater name collision puzzle,
it provides potentially new insights into what may otherwise be
considered a missing piece.
Just as important as understanding the root causes of name
collisions, providing effective mitigation strategies is a critical
piece of the name collision puzzle. Mitigation can be achieved from
both higher levels, such as ICANN, as well as the enterprise level.
Proposed strategies for mitigating name collisions at both of these
levels were presented. While the technical details for each proposed
strategy varies, underlying dependencies in both strategies require
operators to monitor and educate/train their users.
Thomas, et al. Informational [Page 10]
^L
RFC 8023 Name Collisions Workshop November 2016
3.4. Conclusions and Next Steps
In their concluding statement [NEXTSTEPS], the workshop committee
stated:
It occurs to the program committee that the analysis of the
interactions between the different uses of domain names within
local or global context is almost a nonexistent topic of research.
This may have to do with the lack of accessible data, lack of
theory of root causes, a lack of interest, or a bias in the
participation of the workshop. We think that this is evidence
that this study of the global centrally important technical system
needs to be ramped up.
Follow-on commentary [NEXTSTEPS] from the attendees reaffirmed this
opinion with recurring messages of a need to understand the root
causes of name collision and the need to overcome shortcomings within
our shared data collection, monitoring, and analysis of the DNS.
Many name collision unknowns still exist. What are the root causes
of these queries? What is going on within a recursive name server?
What vulnerabilities or subtle attack vectors do these new gTLD
delegations enable? The limited datasets available to researchers
and operators are not sufficient to draw baseline measurements for
these questions, forcing the community to make inferences and rank
guesses as to what is going on within the DNS. Using these
suboptimal data repositories to create solutions such as block lists
is only dealing with the symptoms of the problem and not addressing
the root cause. To properly answer these questions, the community
needs to address the issue of a shortage of funding and data
collection/analysis. Communication and educational outreach programs
need to be improved in order raise the awareness of impacted parties
and broaden participation and sharing.
4. Security Considerations
Workshop participants discussed security aspects related to root
cause analysis and mitigation techniques of potential name collision
events. As noted in several papers and presentations, security
concerns may both arise and be addressed with name collision
mitigation techniques. Follow-on measurement-based research is
important to security considerations for name collisions.
Thomas, et al. Informational [Page 11]
^L
RFC 8023 Name Collisions Workshop November 2016
5. Informative References
[ADDNOCA] ICANN, "Addendum To Name Collision Occurrence
Assessment", November 2014,
<http://newgtlds.icann.org/sites/default/files/
agreements/name-collision-assessment-
addendum-14nov14-en.htm>.
[BLOCKLISTS] Thomas, M., Labrou, Y., and A. Simpson, "The
Effectiveness of Block Lists in Preventing
Collisions", March 2014,
<http://namecollisions.net/program/index.html>.
[COMMENTARY] Kaliski, B., "Proceedings of Name Collisions
Workshop Available", March 2014,
<http://www.circleid.com/posts/20140326_proceedings_
of_name_collisions_workshop_available/>.
[CORPCOM] Strutt, C., "Looking at corp.com as a proxy for
.corp", March 2014,
<http://namecollisions.net/program/index.html>.
[DITL] Center for Applied Internet Data Analysis, "A Day in
the Life of the Internet (DITL)", July 2011,
<http://www.caida.org/projects/ditl/>.
[DNS-OARC] Mitchell, K., "DNS-OARC", March 2014,
<http://namecollisions.net/program/index.html>.
[DNSENDUSER] Huston, G., "Measuring DNS Behaviors from the End
User Perspective", March 2014,
<http://namecollisions.net/program/index.html>.
[ENTNETWORK] Hoffman, P., "Name Collision Mitigation for
Enterprise Networks", March 2014,
<http://namecollisions.net/program/index.html>.
[IAB2008] IAB, "The IAB's response to ICANN's solicitation on
DNS stability", March 2008,
<https://www.iab.org/documents/correspondence-
reports-documents/docs2008/2008-03-07-icann-new-
gtlds/>.
[IESCPANEL] Woolf, S., Koch, P., Kolkman, O., Kumari, W., and J.
Levine, "Internet Engineering and Standards
Considerations", March 2014,
<http://namecollisions.net/program/index.html>.
Thomas, et al. Informational [Page 12]
^L
RFC 8023 Name Collisions Workshop November 2016
[INTERISLE] ICANN, "Name Collision in the DNS", Version 1.5,
August 2013,
<https://www.icann.org/en/about/staff/security/
ssr/name-collision-02aug13-en.pdf>.
[IR2012] ICANN, "Preliminary Report | Regular Meeting of the
ICANN Board", September 2012,
<http://www.icann.org/en/groups/
board/documents/prelim-report-13sep12-en.htm>.
[ISTUDY] ICANN, "Security Studies on the Use of Non-Delegated
TLDs, and Dotless Names", May 2013,
<https://www.icann.org/en/news/announcements/
announcement-28may13-en.htm>.
[JASBUG] Common Vulnerabilities and Exposures, "Group Policy
Remote Code Execution Vulnerability", CVE-2015-0008,
February 2015, <http://www.cve.mitre.org/cgi-bin/
cvename.cgi?name=CVE-2015-0008>.
[JASFRAMEWORK] Schmidt, J., "Name Collisions Management Framework",
March 2014,
<http://namecollisions.net/program/index.html>.
[KEEPEYE] Schneier, B., "Keeping an Eye on Name Collisions",
March 2014,
<http://namecollisions.net/program/index.html>.
[MODELING] Deccio, C. and D. Wessels, "What's in a Name
(Collision): Modeling and Quantifying Collision
Potential", March 2014,
<http://namecollisions.net/program/index.html>.
[MRDNC] ICANN, "Mitigating the Risk of DNS Namespace
Collisions: A Study on Namespace Collisions in the
Global Internet DNS Namespace and a Framework for
Risk Mitigation", February 2014,
<https://www.icann.org/en/about/staff/
security/ssr/name-collision-
mitigation-26feb14-en.pdf>.
[NCOMF] ICANN, "ICANN Selects Lead for Development of Name
Collision Occurrence Management Framework", November
2013, <http://www.icann.org/en/news/announcements/
announcement-2-11nov13-en.htm>.
Thomas, et al. Informational [Page 13]
^L
RFC 8023 Name Collisions Workshop November 2016
[NCOMFINAL] ICANN, "Name Collision Occurrence Management
Framework", July 2014,
<https://www.icann.org/en/system/files/files/
name-collision-framework-30jul14-en.pdf>.
[NCRI] ICANN, "Name Collision Resources & Information",
<http://www.icann.org/en/help/name-collision>.
[NCSLDCIV] ICANN, "Name Collision SLD Controlled Interruption
Variations", September 2014,
<http://newgtlds.icann.org/sites/default/files/
agreements/name-collision-sld-controlled-
interruption-12sep14-en.htm>.
[NEXTSTEPS] Kaliski, B., "Workshop Wrap-Up and Next Steps",
March 2014,
<http://namecollisions.net/program/index.html>.
[NGCOMP] ICANN, "New gTLD Collision Risk Mitigation", August
2013,
<https://www.icann.org/en/about/staff/security/ssr/
new-gtld-collision-mitigation-05aug13-en.pdf>.
[NOCA] ICANN, "Name Collision Occurrence Assessment",
August 2014,
<http://newgtlds.icann.org/sites/default/files/
agreements/name-collision-
assessment-04aug14-en.htm>.
[RARDBITS] Reid, J., "Analysing the Use of the RA and RD bits
in Queries to Root Servers", March 2014,
<http://namecollisions.net/program/index.html>.
[RFC1591] Postel, J., "Domain Name System Structure and
Delegation", RFC 1591, DOI 10.17487/RFC1591, March
1994, <http://www.rfc-editor.org/info/rfc1591>.
[RFC2606] Eastlake 3rd, D. and A. Panitz, "Reserved Top Level
DNS Names", BCP 32, RFC 2606, DOI 10.17487/RFC2606,
June 1999, <http://www.rfc-editor.org/info/rfc2606>.
[RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain
Names", RFC 6761, DOI 10.17487/RFC6761, February
2013, <http://www.rfc-editor.org/info/rfc6761>.
Thomas, et al. Informational [Page 14]
^L
RFC 8023 Name Collisions Workshop November 2016
[RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", RFC 7719, DOI 10.17487/RFC7719,
December 2015,
<http://www.rfc-editor.org/info/rfc7719>.
[RSSAC] Murai, J., "RSSAC response to the root scaling
report", November 2010,
<http://www.icann.org/en/news/
correspondence/murai-to-board-25nov10-en.pdf>.
[RSSAC002] ICANN Root Server System Advisory Committee,
"Advisory on Measurements of the Root Server
System", November 2014,
<https://www.icann.org/en/system/files/files/
rssac-002-measurements-root-20nov14-en.pdf>.
[SAC045] ICANN Security and Stability Advisory Committee,
"Invalid Top Level Domain Queries at the Root Level
of the Domain Name System", SAC 045, November 2010,
<https://www.icann.org/en/groups/ssac/documents/
sac-045-en.pdf>.
[SAC046] ICANN Security and Stability Advisory Committee,
"Report of the Security and Stability Advisory
Committee on Root Scaling", SAC 046, December 2010,
<https://www.icann.org/en/groups/ssac/documents/
sac-046-en.pdf>.
[SAC057] ICANN Security and Stability Advisory Committee,
"SSAC Advisory on Internal Name Certificates",
SAC057, March 2013,
<http://www.icann.org/en/groups/ssac/documents/
sac-057-en.pdf>.
[SEARCHLISTS] Simpson, A., "Detecting Search Lists in
Authoritative DNS", March 2014,
<http://namecollisions.net/program/index.html>.
[TECHNIQUES] Thomas, M. and A. Simpson, "Analysis Techniques for
Determining Cause and Ownership of DNS Queries",
March 2014,
<http://namecollisions.net/program/index.html>.
[WPNC] Verisign, "Workshop and Prize on Root Causes and
Mitigation of Name Collisions (WPNC)", June 2014,
<http://namecollisions.net/>.
Thomas, et al. Informational [Page 15]
^L
RFC 8023 Name Collisions Workshop November 2016
Appendix A. Program Committee
This workshop program committee consisted of Geoff Huston, Burt
Kaliski, Olaf Kolkman, John Levine, Allison Mankin, Lixia Zhang,
Anne-Marie Eklund Loewinder, and Andrew Sullivan.
Appendix B. Workshop Material
Main Workshop Page: <http://namecollisions.net/>
Name Collision Invited and Submitted Papers, Panels, and Videos:
<http://namecollisions.net/program/index.html>
The peer-reviewed papers were:
o "Analysis Techniques for Determining Cause and Ownership of DNS
Queries" [TECHNIQUES],
o "Analysing the Use of the RA and RD bits in Queries to Root
Servers" [RARDBITS],
o "The Effectiveness of Block Lists in Preventing Collisions"
[BLOCKLISTS],
o "What's in a Name (Collision): Modeling and Quantifying Collision
Potential" [MODELING], and
o "Detecting Search Lists in Authoritative DNS" [SEARCHLISTS].
The invited talks were:
o "Keeping an Eye on Name Collisions" [KEEPEYE],
o "Looking at corp.com as a proxy for .corp" [CORPCOM],
o "Measuring DNS Behaviors from the End User Perspective"
[DNSENDUSER],
o "DNS-OARC" [DNS-OARC], and
o "Name Collision Mitigation for Enterprise Networks" [ENTNETWORK].
The panels and discussions were:
o "Internet Engineering and Standards Considerations" [IESCPANEL],
o "Name Collisions Management Framework" [JASFRAMEWORK], and
Thomas, et al. Informational [Page 16]
^L
RFC 8023 Name Collisions Workshop November 2016
o "Workshop Wrap-Up and Next Steps" [NEXTSTEPS].
Appendix C. Workshop Participants
A list of workshop participants is provided at [WPNC].
Acknowledgments
We would like to thank both the program committee (Appendix A) and
the workshop participants (Appendix C), with equal appreciation to
those who spoke formally and those who joined in the lively
discussions.
Additionally, we would like to thank the following people for their
review comments: Burt Kaliski, Olaf Kolkman, Ed Lewis, Nevil
Brownlee, Tim Wicinski, and Danny McPherson.
Authors' Addresses
Matthew Thomas
Email: mthomas@verisign.com
Allison Mankin
Salesforce
Email: allison.mankin@gmail.com
Lixia Zhang
UCLA
Email: lixia@cs.ucla.edu
Thomas, et al. Informational [Page 17]
^L
|