Independent Submission                                         J. Levine
Request for Comments: 7085                          Taughannock Networks
Category: Informational                                       P. Hoffman
ISSN: 2070-1721                                Cybersecurity Association
                                                           December 2013

               Top-Level Domains That Are Already Dotless

Abstract

   Recent statements from the Internet Architecture Board (IAB) and the
   Internet Corporation of Assigned Names and Numbers (ICANN) Security
   and Stability Advisory Committee have focused on the problems that
   the DNS is likely to experience with top-level domains (TLDs) that
   contain address records (so-called "dotless domains").  In order to
   help researchers determine the extent of the issues with dotless
   domains, this document lists the current dotless TLDs and gives a
   script for finding them.  This document lists data about dotless TLDs
   but does not address the policy and technology issues other than to
   point to the statements of others.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7085.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Current Dotless Domains . . . . . . . . . . . . . . . . . . .   3
     2.1.  TLDs with A Records . . . . . . . . . . . . . . . . . . .   3
     2.2.  TLDs with AAAA Records  . . . . . . . . . . . . . . . . .   3
     2.3.  TLDs with MX Records  . . . . . . . . . . . . . . . . . .   3   4
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4   5
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4   5
   6.  Informative References  . . . . . . . . . . . . . . . . . . .   5
   Appendix A.  Script for Finding Dotless Domains . . . . . . . . .   5   6

1.  Introduction

   In the past few years, well-respected groups have issued documents
   about top-level domains in the DNS that contain address records
   (so-called "dotless domains").  The Security and Stability Advisory
   Committee (SSAC) of the Internet Corporation for Assigned Names and
   Numbers (ICANN) issued a report called "Report on Dotless Domains"
   [SAC053] in February 2012.  The Internet Architecture Board (IAB)
   issued a statement called "Dotless Domains Considered Harmful"
   [IAB-DOTLESS] in July 2013.  The New gTLD Program Committee of the
   ICANN Board of Directors (NGPC) approved a resolution on dotless
   domains [NGPC-DOTLESS] in August 2013.  (The authors of this document
   note that they are not on the SSAC, the IAB, or the ICANN Board.)

   All of these documents consider the effects of dotless domains
   without describing the extent of their current deployment.  In order
   to help researchers determine the extent of the problems with dotless
   domains, this document lists the known dotless domains at the time of
   publication and shows how researchers can find them in the future.
   In this document, we consider any TLD with an A, AAAA, and/or MX
   record at the apex to be dotless.  This document is meant to provide
   current data to the Internet community but does not give advice.

   Many people have expressed a belief that ICANN prohibits all TLDs
   from being dotless.  That belief is not true; ICANN's policies apply
   only to their contracted TLDs.  This document shows the extent to
   which dotless domains exist today.

2.  Current Dotless Domains

   The following

   This section shows the data dotless domains we found on September 3, 2013.  The authors
   note that 2013,
   using the script in Appendix A.  The data was fairly nearly constant for
   many months, with very few additions or deletions of records.

   We checked every TLD in the root zone to see which ones had A, AAAA,
   or MX records.  We found that about 5% of the TLDs did, and all of
   the TLDs that do are two-letter TLDs or country code TLDs (which are
   also known as ccTLDs).

2.1.  TLDs with A Records

   At the time this document is published, the following TLDs have A
   records.

   AC has address 193.223.78.210
   AI has address 209.59.119.34
   CM has address 195.24.205.60
   DK has address 193.163.102.24
   GG has address 87.117.196.80
   IO has address 193.223.78.212
   je has address 87.117.196.80
   KH has address 203.223.32.21
   PN has address 80.68.93.100
   SH has address 193.223.78.211
   TK has address 217.119.57.22
   TM has address 193.223.78.213
   TO has address 216.74.32.107
   UZ has address 91.212.89.8
   VI has address 193.0.0.198
   WS has address 64.70.19.33

2.2.  TLDs with AAAA Records

   At the time this document is published, the following TLD has an AAAA
   record.

   DK has IPv6 address 2a01:630:0:40:b1a:b1a:2011:1

2.3.  TLDs with MX Records

   At the time this document is published, the following TLDs have MX
   records.  The SSAC report implies, but does not explicitly say, that
   MX records would cause a TLD to be considered dotless; the IAB report
   does not mention MX records at all.

   AI mail is handled by 10 mail.offshore.AI.
   AX mail is handled by 5 mail.aland.net.
   CF mail is handled by 0 mail.intnet.CF.
   DM mail is handled by 10 mail.nic.DM.
   GP mail is handled by 10 ns1.worldsatelliteservices.com.
   GP mail is handled by 5 ns1.nic.GP.
   GT mail is handled by 10 ASPMX.L.GOOGLE.COM.
   GT mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
   GT mail is handled by 20 ALT2.ASPMX.L.GOOGLE.COM.
   GT mail is handled by 30 ASPMX2.GOOGLEMAIL.COM.
   GT mail is handled by 30 ASPMX3.GOOGLEMAIL.COM.
   GT mail is handled by 30 ASPMX4.GOOGLEMAIL.COM.
   GT mail is handled by 30 ASPMX5.GOOGLEMAIL.COM.
   HR mail is handled by 5 alpha.carnet.HR.
   IO mail is handled by 10 mailer2.IO.
   KH mail is handled by 10 ns1.dns.net.KH.
   KM mail is handled by 100 mail1.comorestelecom.KM.
   LK mail is handled by 10 malithi-slt.nic.LK.
   LK mail is handled by 20 malithi-lc.nic.LK.
   MQ mail is handled by 10 mx1-mq.mediaserv.net.
   PA mail is handled by 5 ns.PA.
   TT mail is handled by 10 ALT1.ASPMX.L.GOOGLE.COM.
   TT mail is handled by 1 ASPMX.L.GOOGLE.COM.
   UA mail is handled by 10 mr.kolo.net.
   VA mail is handled by 100 raphaelmx3.posta.VA.
   VA mail is handled by 10 raphaelmx1.posta.VA.
   VA mail is handled by 10 raphaelmx2.posta.VA.
   WS mail is handled by 10 mail.worldsite.WS.
   YE mail is handled by 10 mail.yemen.net.YE.

3.  IANA Considerations

   The script in Appendix A relies on IANA continuing to publish a copy
   of the TLDs in the root zone at
   <http://data.iana.org/TLD/tlds-alpha-by-domain.txt>.

4.  Security Considerations

   This document lists the known dotless domains; it does not express an
   opinion whether or not there are security considerations with the
   existence of dotless domains.  The referenced IAB and SSAC reports
   discuss the opinions of the respective bodies on the security and
   stability considerations of dotless domains.

5.  Acknowledgements

   Andrew Sullivan and Marc Blanchet gave helpful comments on this
   document.

6.  Informative References

   [IAB-DOTLESS]
              Internet Architecture Board, "Dotless Domains Considered
              Harmful", July 2013, <https://www.iab.org/2013/07/10/iab-
              statement-dotless-domains-considered-harmful/>. <https://www.iab.org/2013/07/10/
              iab-statement-dotless-domains-considered-harmful/>.

   [NGPC-DOTLESS]
              New gTLD Program Committee of the ICANN Board, "Approved
              Resolution on Dotless Domains", September 2013, <http://
              www.icann.org/en/groups/board/documents/resolutions-new-
              gtld-13aug13-en.htm>.
              <http://www.icann.org/en/groups/board/documents/
              resolutions-new-gtld-13aug13-en.htm>.

   [SAC053]   ICANN Security and Stability Advisory Committee, "SSAC
              Report on Dotless Domains", February 2012, <http://
              www.icann.org/en/groups/ssac/documents/sac-053-en.pdf>.
              <http://www.icann.org/en/groups/ssac/documents/
              sac-053-en.pdf>.

Appendix A.  Script for Finding Dotless Domains

   The following Bourne shell script was used for finding the data in
   this document.  The authors believe that this script will work
   correctly on a wide variety of operating systems and will continue to
   do so in the foreseeable future.  As is customary in the current
   legal environment, the authors make no assurance that the script is
   correct or that the script will not cause damage on a system where it
   is run.

   The script checks each nameserver for each TLD instead of just doing
   a simple query because the nameservers for some of the TLDs have
   inconsistent data in them with respect to the records shown here.

   #! /bin/sh
   # Get the current list of TLDs from IANA
   wget -O orig.txt http://data.iana.org/TLD/tlds-alpha-by-domain.txt
   # Remove the comment at the top of the file
   grep -v '^#' orig.txt > TLDs.txt
   # Get all the nameservers
   while read tld; do host -t NS $tld; done < TLDs.txt > TLD-servers.txt
   # Do queries for each record type, and do them on each nameserver
   for rec in A AAAA MX; do
     while read tld ignorea ignoreb ns; do
       host -t $rec $tld. $ns;
     done < TLD-servers.txt;
   done > all-out.txt
   # Print the results
   grep "has address" all-out.txt | sort -uf
   grep "has IPv6" all-out.txt | sort -uf
   grep "mail is handled" all-out.txt | sort -uf

Authors' Addresses

   John Levine
   Taughannock Networks

   EMail: standards@taugh.com

   Paul Hoffman
   Cybersecurity Association

   EMail: paul.hoffman@cybersecurity.org