[dns-operations] TLD(s) for private use

James Stevens James.Stevens at jrcs.co.uk
Thu Sep 7 14:09:27 UTC 2017

>> It would be interesting to hear from a ROOT server operator (or two), or
>> somebody who has looked at the OARC DITL data, to know what proportion
>> of ROOT query traffic might be the result of TLD squatting.
> ICANN commissioned a report (and followup studies) on that very topic in 2013:
> 	https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf

Thanks - very useful.

A quick skim suggests this was aimed very much at looking for a specific 
range of collisions, although that did include some Vendor defaults - as 
opposed to looking at the issue in a more general sense - which I 
understand is very difficult for all sorts of reasons.

Not least because, now the internet has such a large mobile contingent, 
the simple typo of "." instead of SPACE is starting to be quite a big issue.

"Using “Private” Top-Level Domains

In Windows 200x, you can create your own top-level domains for your
internal networks. It’s a very good idea, when applicable, to create 
top-level internal domains that do not exist outside your internal 
network. Using a top-level domain such as .home or .work
makes it difficult for users outside your network to resolve IP
addresses for computers inside your private network, since these 
top-level domains do not exist in the public DNS system."

Well, there you have it - And that's in a training manual for MSCE - 
admittedly for Server 2003! At least they put "private" in inverted commas.


... and, from the report itself ...

"Widely adopted industry practices for the development of enterprise 
network naming schemes have long promoted the use of labels that are not 
delegated in the public DNS as top-level domain names."

Given that statement, its hard not to say there is an issue.

I would suggest, that wide spread rfc1918 use shows that *if* there had 
been an "official" way to have undelegated domains it would have been used.

I suppose another solution would be to use a domain name that would be 
invalid in the public space, but OK for private use - like a "zz__" 
prefix? Would that be a viable alternative?

I can't help feeling that NOTHING is truly "safe" to use, until there is 
something that is "officially" endorsed as safe to use.


More information about the dns-operations mailing list