Network Working GroupIndependent Submission J. LevineInternet-DraftRequest for Comments: 7085 Taughannock NetworksIntended status:Category: Informational P. HoffmanExpires: April 14, 2014ISSN: 2070-1721 Cybersecurity AssociationOctober 11,December 2013 Top-Level DomainsthatThat Are Already Dotlessdraft-hoffine-already-dotless-05Abstract Recent statements from the Internet Architecture Board (IAB) andICANN'sthe Internet Corporation of Assigned Names and Numbers (ICANN) Security and Stability Advisory Committee havediscussedfocused on the problems that the DNS is likely to experience with top-level domains (TLDs) thathavecontain address recordsin them(so-called "dotless domains"). In order to help researchers determine the extent of the issues with dotless domains, this document lists the current dotlessTLDs,TLDs and gives a script for finding them. This document lists data about dotlessTLDs,TLDs but does not address the policy and technology issues other than to point to the statements of others. Status of This Memo ThisInternet-Draftdocument issubmitted in full conformance withnot an Internet Standards Track specification; it is published for informational purposes. This is a contribution to theprovisionsRFC Series, independently ofBCP 78any other RFC stream. The RFC Editor has chosen to publish this document at its discretion andBCP 79. Internet-Draftsmakes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor areworking documentsnot a candidate for any level oftheInternetEngineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The listStandard; see Section 2 of RFC 5741. Information about the currentInternet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximumstatus ofsix monthsthis document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 14, 2014.http://www.rfc-editor.org/info/rfc7085. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Current Dotless Domains . . . . . . . . . . . . . . . . . . . 3 2.1. TLDs with A Records . . . . . . . . . . . . . . . . . . . 3 2.2. TLDs with AAAA Records . . . . . . . . . . . . . . . . . 3 2.3. TLDs with MX Records . . . . . . . . . . . . . . . . . .34 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . .45 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . .45 6. Informative References . . . . . . . . . . . . . . . . . . . 5 Appendix A. Script for Finding Dotless Domains . . . . . . . . .5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . .6 1. Introduction In the past few years, well-respected groups have issued documents about top-level domains in the DNS thathavecontain address recordsin them(so-called "dotless domains"). The Security and Stability Advisory Committee (SSAC) of the Internet Corporation for Assigned Names and Numbers (ICANN) issued a report called "Report on Dotless Domains" [SAC053] inFebruary, 2012 [SAC053].February 2012. The Internet Architecture Board (IAB) issued a statement called "Dotless Domains Considered Harmful" [IAB-DOTLESS] inJuly,July 2013. The New gTLD Program Committee of the ICANN Board of Directors (NGPC) approved a resolution on dotless domains [NGPC-DOTLESS] inAugust,August 2013. (The authors of this document note that they are not onnone ofthe SSAC, the IAB,noror the ICANN Board.) All of these documents consider the effects of dotless domains without describing the extent of their current deployment. In order to help researchers determine the extent of the problems with dotless domains, this document lists the known dotless domains at the time ofpublication,publication and shows how researchers can find them in the future. In this document, we consider any TLD with an A, AAAA, and/or MX record at the apex to be dotless. This document is meant to provide current data to the Internetcommunity,community but does not give advice. Many people have expressed a belief that ICANN prohibits all TLDs from being dotless. That belief is not true; ICANN's policies apply only to their contracted TLDs. This document shows the extent to which dotless domains exist today. 2. Current Dotless DomainsThe followingThis section shows thedatadotless domains we found on September 3,2013. The authors note that2013, using the script in Appendix A. The data wasfairlynearly constant for many months, with very few additions or deletionsorof records. We checked every TLD in the root zone to see which ones had A, AAAA, or MX records. We found that about 5% of the TLDs did, and all of the TLDs that do aretwo lettertwo-letter TLDs or country code TLDs (which are also known as ccTLDs). 2.1. TLDs with A Records At the time this document is published, the following TLDs have A records. AC has address 193.223.78.210 AI has address 209.59.119.34 CM has address 195.24.205.60 DK has address 193.163.102.24 GG has address 87.117.196.80 IO has address 193.223.78.212 je has address 87.117.196.80 KH has address 203.223.32.21 PN has address 80.68.93.100 SH has address 193.223.78.211 TK has address 217.119.57.22 TM has address 193.223.78.213 TO has address 216.74.32.107 UZ has address 91.212.89.8 VI has address 193.0.0.198 WS has address 64.70.19.33 2.2. TLDs with AAAA Records At the time this document is published, the following TLD has an AAAA record. DK has IPv6 address 2a01:630:0:40:b1a:b1a:2011:1 2.3. TLDs with MX Records At the time this document is published, the following TLDs have MX records. The SSAC report implies, but does not explicitly say, that MX records would cause a TLD to be considered dotless; the IAB report does not mention MX records at all. AI mail is handled by 10 mail.offshore.AI. AX mail is handled by 5 mail.aland.net. CF mail is handled by 0 mail.intnet.CF. DM mail is handled by 10 mail.nic.DM. GP mail is handled by 10 ns1.worldsatelliteservices.com. GP mail is handled by 5 ns1.nic.GP. GT mail is handled by 10 ASPMX.L.GOOGLE.COM. GT mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM. GT mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM. GT mail is handled by 30 ASPMX2.GOOGLEMAIL.COM. GT mail is handled by 30 ASPMX3.GOOGLEMAIL.COM. GT mail is handled by 30 ASPMX4.GOOGLEMAIL.COM. GT mail is handled by 30 ASPMX5.GOOGLEMAIL.COM. HR mail is handled by 5 alpha.carnet.HR. IO mail is handled by 10 mailer2.IO. KH mail is handled by 10 ns1.dns.net.KH. KM mail is handled by 100 mail1.comorestelecom.KM. LK mail is handled by 10 malithi-slt.nic.LK. LK mail is handled by 20 malithi-lc.nic.LK. MQ mail is handled by 10 mx1-mq.mediaserv.net. PA mail is handled by 5 ns.PA. TT mail is handled by 10 ALT1.ASPMX.L.GOOGLE.COM. TT mail is handled by 1 ASPMX.L.GOOGLE.COM. UA mail is handled by 10 mr.kolo.net. VA mail is handled by 100 raphaelmx3.posta.VA. VA mail is handled by 10 raphaelmx1.posta.VA. VA mail is handled by 10 raphaelmx2.posta.VA. WS mail is handled by 10 mail.worldsite.WS. YE mail is handled by 10 mail.yemen.net.YE. 3. IANA Considerations The script in Appendix A relies on IANA continuing to publish a copy of the TLDs in the root zone athttp://data.iana.org/TLD/tlds-alpha- by-domain.txt.<http://data.iana.org/TLD/tlds-alpha-by-domain.txt>. 4. Security Considerations This document lists the known dotless domains; it does not express an opinion whether or not there are security considerations with the existence of dotless domains. The referenced IAB and SSAC reports discuss the opinions of the respective bodies on the security and stability considerations of dotless domains. 5. Acknowledgements Andrew Sullivan and Marc Blanchet gave helpful comments on this document. 6. Informative References [IAB-DOTLESS] Internet Architecture Board, "Dotless Domains Considered Harmful", July 2013,<https://www.iab.org/2013/07/10/iab- statement-dotless-domains-considered-harmful/>.<https://www.iab.org/2013/07/10/ iab-statement-dotless-domains-considered-harmful/>. [NGPC-DOTLESS] New gTLD Program Committee of the ICANNBOard,Board, "Approved Resolution on Dotless Domains", September 2013,<http:// www.icann.org/en/groups/board/documents/resolutions-new- gtld-13aug13-en.htm>.<http://www.icann.org/en/groups/board/documents/ resolutions-new-gtld-13aug13-en.htm>. [SAC053] ICANN Security and Stability Advisory Committee, "SSAC Report on Dotless Domains", February 2012,<http:// www.icann.org/en/groups/ssac/documents/sac-053-en.pdf>.<http://www.icann.org/en/groups/ssac/documents/ sac-053-en.pdf>. Appendix A. Script for Finding Dotless Domains The following Bourne shell script was used for finding the data in this document. The authors believe that this script will work correctly on a wide variety of operatingsystems,systems and will continue to do so in the foreseeable future. As is customary in the current legal environment, the authors make no assurance that the script is correct or that the script will not cause damage on a system where it is run. The script checks each nameserver for each TLD instead of just doing a simple query because the nameservers for some of the TLDs have inconsistent data in them with respect to the records shown here. #! /bin/sh # Get the current list of TLDs from IANA wget -O orig.txt http://data.iana.org/TLD/tlds-alpha-by-domain.txt # Remove the comment at the top of the file grep -v '^#' orig.txt > TLDs.txt # Get all the nameservers while read tld; do host -t NS $tld; done < TLDs.txt > TLD-servers.txt # Do queries for each record type, and do them on each nameserver for rec in A AAAA MX; do while read tld ignorea ignoreb ns; do host -t $rec $tld. $ns; done < TLD-servers.txt; done > all-out.txt # Print the results grep "has address" all-out.txt | sort -uf grep "has IPv6" all-out.txt | sort -uf grep "mail is handled" all-out.txt | sort -uf Authors' Addresses John Levine Taughannock NetworksEmail:EMail: standards@taugh.com Paul Hoffman Cybersecurity AssociationEmail:EMail: paul.hoffman@cybersecurity.org