Internet Corporation for Assigned Names and Numbers

Harms and Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar Technologies) at Registry Level

24 November 2009

This explanatory memorandum [PDF, 227K] describes the harms and concerns posed by NXDOMAIN substitution (commonly implemented by the use of DNS wildcard) at the registry level. The paper is a collection of the findings published by experts on the subject.

On 10 June 2009, the Security and Stability Advisory Committee (SSAC) published an advisory stating that the redirection and synthesizing of DNS responses (e.g., DNS wildcard) by TLDs poses a clear and significant danger to the security and stability of the Domain Name System.

At its public meeting in Sydney in June 2009, the ICANN Board of Directors resolved that new top-level domains should not use DNS redirection and synthesizing of DNS responses.

In response to the Board resolution, ICANN staff included a prohibition against redirection and synthesizing of DNS responses in the draft Registry Agreement for new gTLDs. ICANN also included a similar commitment as part of the request for new IDN ccTLDs in the proposed Terms and Conditions and in the three proposed relationship options between ICANN and the IDN ccTLD manager.

The Board also directed ICANN staff to report on the harms and concerns posed by the use of redirection and synthesizing of DNS responses; collectively, NXDOMAIN substitution.

Stay Connected

  • News Alerts:
  • Newsletter:
  • Compliance Newsletter:
  • Policy Update: