Have ICANN Lost The Plot
ICANN are considering the introduction of Dotless Domains, basically, this means, instead of, for example entering in http://blog.ausics.net, I could buy ausics and you only enter in http://blog.ausics or http://ausics
Now, some of you might think that's a cool idea, but NO, it's not! What about host names on LAN, I have a box called fox (no pun intended, well, ok, maybe
) so, if I http://fox, I want my local fox, not someones domain, http://fox the use of hostname in local lookups (search lists) in place of FQDN, has been used for near eternity on PC's.
It could not be one of the more crazy and stupidest moves by the hierarchy yet, for reasons I explained in my submission (below)
I really recommend those in a system or network administrative position to have a read of ICANNS RFC, and submit their opinion on it, one of the more vocal voices against this, is more or less Mr DNS himself, Paul Vixie who wrote about it last year.
Regrettably, you have only a couple of days, submissions close Sept 24 2012....
Now, some of you might think that's a cool idea, but NO, it's not! What about host names on LAN, I have a box called fox (no pun intended, well, ok, maybe
) so, if I http://fox, I want my local fox, not someones domain, http://fox the use of hostname in local lookups (search lists) in place of FQDN, has been used for near eternity on PC's.It could not be one of the more crazy and stupidest moves by the hierarchy yet, for reasons I explained in my submission (below)
I really recommend those in a system or network administrative position to have a read of ICANNS RFC, and submit their opinion on it, one of the more vocal voices against this, is more or less Mr DNS himself, Paul Vixie who wrote about it last year.
Regrettably, you have only a couple of days, submissions close Sept 24 2012....
The following is a copy of my submission.
Dear SSAC Members,
As an Email administrator, this is a horrible idea, much of the anti-spam measures in use today use this as one of the most basic of tests, given a lot of machines, mostly malware infected, connect using helo somemachinebriefname , they can be rejected outright there and then.
If dotless domains become a fact of life, MTA's, and anti spam software will become much less effective, or, and the more likely scenario, is that the legitimate dotless domain messages will be blocked, through fault of the MTA server, the anti spam measures, or the "if it aint broke don't fix it" attitude many admins and businesses alike have. Even if this was to be so, there are rightly or wrongly, many ancient unsupported mail transport agents out there that, as unsupported, will never be modified to allow dotless domains. Even those that are, may take years to do anything about it, just have a look at how many servers out there that are running such old software that barf at looking up an SPF resource record, and sadly, many of them are on large busy networks.
The affect of this will be like ISP's blocking all inbound port 25 to residential customers so they can not run a mail server, but allowing business customers to do so, whilst putting those business class customers in the residential (blocked) pool.
Another detrimental fact is with internal sites, and those who use aliasing in their hosts file, take "foo" as an example, lets assume foo may now be a new legitimate domain, foo, may also be an internal hostname of a network, as in foo.example.net, aliased in a search/domain entry in *nix, or a windows equivalent, in this case, foo is treated as local, and the external domain wont be as easily accessible , if I ssh foo, I not only want, but expect it to be that local host (foo.example.net), and not someone else's domain, where I may start setting off alarms for "why is this person trying to gain access to our machine, are they trying to hack us" etc etc etc.
The cons outweigh any possible pro's, and the only pro I see, is for a domain to grandstand, really, I mean, people do not care if its address is http://icann or http://icann.org , to use as an example.
I consider this a terrible, even ridiculous idea to consider, and ask that you keep the status quo which works very well and will not cause problems or dramas that will be felt for many years if this is approved.
Dear SSAC Members,
As an Email administrator, this is a horrible idea, much of the anti-spam measures in use today use this as one of the most basic of tests, given a lot of machines, mostly malware infected, connect using helo somemachinebriefname , they can be rejected outright there and then.
If dotless domains become a fact of life, MTA's, and anti spam software will become much less effective, or, and the more likely scenario, is that the legitimate dotless domain messages will be blocked, through fault of the MTA server, the anti spam measures, or the "if it aint broke don't fix it" attitude many admins and businesses alike have. Even if this was to be so, there are rightly or wrongly, many ancient unsupported mail transport agents out there that, as unsupported, will never be modified to allow dotless domains. Even those that are, may take years to do anything about it, just have a look at how many servers out there that are running such old software that barf at looking up an SPF resource record, and sadly, many of them are on large busy networks.
The affect of this will be like ISP's blocking all inbound port 25 to residential customers so they can not run a mail server, but allowing business customers to do so, whilst putting those business class customers in the residential (blocked) pool.
Another detrimental fact is with internal sites, and those who use aliasing in their hosts file, take "foo" as an example, lets assume foo may now be a new legitimate domain, foo, may also be an internal hostname of a network, as in foo.example.net, aliased in a search/domain entry in *nix, or a windows equivalent, in this case, foo is treated as local, and the external domain wont be as easily accessible , if I ssh foo, I not only want, but expect it to be that local host (foo.example.net), and not someone else's domain, where I may start setting off alarms for "why is this person trying to gain access to our machine, are they trying to hack us" etc etc etc.
The cons outweigh any possible pro's, and the only pro I see, is for a domain to grandstand, really, I mean, people do not care if its address is http://icann or http://icann.org , to use as an example.
I consider this a terrible, even ridiculous idea to consider, and ask that you keep the status quo which works very well and will not cause problems or dramas that will be felt for many years if this is approved.
Trackbacks
No Trackbacks
Comments
Display comments as Linear | Threaded