Internet Corporation for Assigned Names and Numbers

SSAC Report on Dotless Domains

Comment/Reply Periods (*) Important Information Links
Comment Open: 24 August 2012
Comment Close: 23 September 2012
Close Time (UTC): 23:59 UTC Public Comment Announcement
Reply Open: 24 September 2012 To Submit Your Comments (Forum Closed)
Reply Close: 14 October 2012 Extended to 5 November 2012 View Comments Submitted
Close Time (UTC): 23:59 UTC Report of Public Comments
Brief Overview
Originating Organization: ICANN
Categories/Tags:
  • Top-level Domains
  • Security / Stability
Purpose (Brief): This purpose of this public comment period is to bring to your attention of the SSAC's report on dotless domain [PDF, 183 KB] and to solicit your input on ICANN's implementation of the recommendations in this report.
Current Status: Open for public comment
Next Steps: Comments will be collected and incorporated into a briefing paper for the ICANN board.
Staff Contact: Kurt Pritz Email: kurt.pritz@icann.org
Detailed Information
Section I: Description, Explanation, and Purpose

Dotless domains are domains that consist of a single label (e.g. http://example as opposed to example.tld or mail@example as opposed to mail@example.tld) and there is an A/AAAA or MX records in the APEX of a TLD zone.

On 23 February 2012, the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]. In this report, the SSAC stated that dotless domains would not be universally reachable and the SSAC recommended strongly against their use. As a result, the SSAC recommended that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) should be contractually prohibited where appropriate, and strongly discouraged in all cases.

On 23 June 2012, the ICANN Board adopted a resolution tasking ICANN to consult with the relevant communities regarding implementation of the recommendations in SAC053.

Section 2.2.3.3 of the Applicant Guidebook essentially prohibits the use of dotless domains, stating that the only permissible DNS Resource Records for the apex in a TLD zone (i.e., the TLD-string itself) are: SOA, NS, and related DNSSEC records. The same section also states, "An applicant wishing to place any other record types into its TLD zone should describe in detail its proposal in the registry services section of the application. This will be evaluated and could result in an extended evaluation to determine whether the service would create a risk of a meaningful adverse impact on security or stability of the DNS."

One option under consideration to implement the SSAC's recommendation could be to amend the base new gTLD agreement to prohibit A, AAAA and MX records in the apex of the TLD.

Do you have any input for ICANN to consider in relation to ICANN's implementation of SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]?

Section II: Background
On 23 February 2012, the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]. In this report, the SSAC stated that dotless domains would not be universally reachable and the SSAC recommended strongly against their use. As a result, the SSAC recommended that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) should contractually prohibited where appropriate, and strongly discouraged in all cases.
Section III: Document and Resource Links
SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]
Section IV: Additional Information
None

(*) Comments submitted after the posted Close Date/Time are not guaranteed to be considered in any final summary, analysis, reporting, or decision-making that takes place once this period lapses.

Stay Connected

  • News Alerts:
  • Newsletter:
  • Compliance Newsletter:
  • Policy Update: