idnits 2.17.1 draft-hoffine-already-dotless-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 12 instances of lines with non-RFC2606-compliant FQDNs in the document. == There are 16 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 29, 2013) is 3922 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Levine 3 Internet-Draft Taughannock Networks 4 Intended status: Informational P. Hoffman 5 Expires: January 30, 2014 Cybersecurity Association 6 July 29, 2013 8 Top-Level Domains that Are Already Dotless 9 draft-hoffine-already-dotless-00 11 Abstract 13 Recent statements from the Internet Architecture Board and ICANN's 14 Security and Stability Advisory Committee have discussed the problems 15 that the DNS is likely to experience with top-level domains that have 16 address records in them (so-called "dotless domains"). However, 17 these statements spoke of the problem mostly as theoretical, when in 18 fact there are such TLDs today. This document lists the current 19 dotless TLDs, and gives a script for finding them. This document 20 lists data about dotless TLDs, but does not address the policy and 21 technology issues other than to point to the statements of others. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on January 30, 2014. 40 Copyright Notice 42 Copyright (c) 2013 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. Current Dotless Domains . . . . . . . . . . . . . . . . . . . 3 59 2.1. TLDs with A Records . . . . . . . . . . . . . . . . . . . 3 60 2.2. TLDs with AAAA Records . . . . . . . . . . . . . . . . . 3 61 2.3. TLDs with MX Records . . . . . . . . . . . . . . . . . . 3 62 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 63 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 64 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 65 6. Informative References . . . . . . . . . . . . . . . . . . . 5 66 Appendix A. Script for Finding Dotless Domains . . . . . . . . . 5 67 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 69 1. Introduction 71 In the past few years, well-respected groups have issued reports 72 about top-level domains in the DNS that have address records in them 73 (so-called "dotless domains"). The Security and Stability Advisory 74 Committee (SSAC) of the Internet Corporation for Assigned Names and 75 Numbers (ICANN) issued a report called "Report on Dotless Domains" in 76 February, 2012 [SAC053]. The Internet Architecture Board (IAB) 77 issued a report called "Dotless Domains Considered Harmful" 78 [IAB-DOTLESS] in July, 2013. 80 Both of these documents consider the effects of dotless domains 81 without describing the extent of their current deployment. In order 82 to help researchers determine the extent of the problems with dotless 83 domains, this document lists the known dotless domains at the time of 84 publication, and shows how researchers can find them in the future. 86 At the time of this writing, many people have expressed a belief that 87 ICANN prohibits all TLDs from being dotless. That belief is not 88 true. ICANN has contracts or agreements with fewer than half of the 89 TLDs: for example, only about 80 country-code TLDs have agreements 90 with ICANN at the time this document is published [ICANN-CCTLDs]. 92 2. Current Dotless Domains 94 The following shows the data found at the time of publication of this 95 document. 97 2.1. TLDs with A Records 99 At the time this document is published, the following TLDs have A 100 records. 102 AC has address 193.223.78.210 103 AI has address 209.59.119.34 104 CM has address 195.24.205.60 105 DK has address 193.163.102.24 106 GG has address 87.117.196.80 107 IO has address 193.223.78.212 108 JE has address 87.117.196.80 109 KH has address 203.223.32.21 110 PN has address 80.68.93.100 111 SH has address 193.223.78.211 112 TK has address 217.119.57.22 113 TM has address 193.223.78.213 114 TO has address 216.74.32.107 115 UZ has address 91.212.89.8 116 VI has address 193.0.0.198 117 WS has address 64.70.19.33 119 2.2. TLDs with AAAA Records 121 At the time this document is published, the following TLD has an AAAA 122 record. 124 DK has IPv6 address 2a01:630::40:b1a:b1a:2011:1 126 2.3. TLDs with MX Records 128 At the time this document is published, the following TLDs have MX 129 records. The SSAC report implies, but does not say, that MX records 130 would cause a TLD to be considered dotless; the IAB report does not 131 mention MX records at all. 133 AI mail is handled by 10 mail.offshore.AI. 134 AX mail is handled by 5 mail.aland.net. 135 CD mail is handled by 5 mail.nic.CD. 136 CF mail is handled by 0 mail.intnet.CF. 137 DM mail is handled by 10 mail.nic.DM. 139 GP mail is handled by 10 ns1.worldsatelliteservices.com. 140 GP mail is handled by 5 ns1.nic.GP. 141 GT mail is handled by 10 ASPMX.L.GOOGLE.COM. 142 GT mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM. 143 GT mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM. 144 GT mail is handled by 30 ASPMX2.GOOGLEMAIL.COM. 145 GT mail is handled by 30 ASPMX2.GOOGLEMAIL.COM. 146 GT mail is handled by 30 ASPMX3.GOOGLEMAIL.COM. 147 GT mail is handled by 30 ASPMX4.GOOGLEMAIL.COM. 148 GT mail is handled by 30 ASPMX5.GOOGLEMAIL.COM. 149 HR mail is handled by 5 alpha.carnet.HR. 150 IO mail is handled by 10 mailer2.IO. 151 KH mail is handled by 10 ns1.dns.net.KH. 152 KM mail is handled by 100 mail1.comorestelecom.KM. 153 LK mail is handled by 10 malithi-slt.nic.LK. 154 LK mail is handled by 20 malithi-lc.nic.LK. 155 MH mail is handled by 10 imap.pwke.twtelecom.net. 156 MQ mail is handled by 10 mx1-mq.mediaserv.net. 157 PA mail is handled by 5 ns.PA. 158 TT mail is handled by 1 ASPMX.L.GOOGLE.COM. 159 TT mail is handled by 10 ALT1.ASPMX.L.GOOGLE.COM. 160 UA mail is handled by 10 mr.kolo.net. 161 VA mail is handled by 10 raphaelmx1.posta.VA. 162 VA mail is handled by 10 raphaelmx2.posta.VA. 163 VA mail is handled by 100 raphaelmx3.posta.VA. 164 WS mail is handled by 10 mail.worldsite.WS. 165 YE mail is handled by 10 mail.yemen.net.YE. 167 3. IANA Considerations 169 The script in Appendix A relies on IANA continuing to publish a copy 170 of the TLDs in the root zone at http://data.iana.org/TLD/tlds-alpha- 171 by-domain.txt. 173 4. Security Considerations 175 This document lists the known dotless domains; it does not express an 176 opinion on whether or not there are security considerations with the 177 existence of dotless domains. The referenced IAB and SSAC reports 178 discuss the opinions of the respective bodies on the security and 179 stability considerations of dotless domains. 181 5. Acknowledgements 183 Andrew Sullivan gave early comments on this document. 185 6. Informative References 187 [IAB-DOTLESS] 188 Internet Architecture Board, "Dotless Domains Considered 189 Harmful", July 2013, . 192 [ICANN-CCTLDs] 193 ICANN, "ccTLD Agreements", July 2013, 194 . 196 [SAC053] ICANN Security and Stability Advisory Committee, "SSAC 197 Report on Dotless Domains", February 2012, . 200 Appendix A. Script for Finding Dotless Domains 202 The following shell script was used for finding the data in this 203 document. The authors believe that this script will work correctly 204 on a wide variety of operating systems, and will continue to do so in 205 the foreseeable future. As is customary in the current legal 206 environment, the authors make no assurance that the script is correct 207 or that the script will not cause damage on a system where it is run. 209 The script checks each nameserver for each TLD instead of just doing 210 a simple query because the nameservers for some of the TLDs have 211 inconsistent data in them with respect to the records shown here. 213 # Get the current list of TLDs from IANA 214 wget http://data.iana.org/TLD/tlds-alpha-by-domain.txt 215 # Remove the comment at the top of the file 216 grep -v '^#' tlds-alpha-by-domain.txt > TLDs.txt 217 # Get all the nameservers 218 while read tld; do host -t NS $tld; done < TLDs.txt > TLD-servers.txt 219 # Do queries for each record type, and do them on each nameserver 220 for rec in A AAAA MX; do 221 while read tld ignorea ignoreb ns; do 222 host -t $rec $tld. $ns; 223 done < TLD-servers.txt; 224 done > all-out.txt 225 # Print the results 226 grep "has address" all-out.txt | sort -uf 227 grep "has IPv6" all-out.txt | sort -uf 228 grep "mail is handled" all-out.txt | sort -uf 230 Authors' Addresses 232 John Levine 233 Taughannock Networks 235 Email: standards@taugh.com 237 Paul Hoffman 238 Cybersecurity Association 240 Email: paul.hoffman@cybersecurity.org