Skip to main content

Publication of the Dotless Domain Name Study

ICANN is pleased to announce the publication of the Dotless Domain Name Security and Stability Study Report [PDF, 1.02 MB] by IT Security firm, Carve Systems LLC (Carve Systems).

Dotless domain names are those that consist of a single label (e.g., http://example, or mail@example). Dotless names would require the inclusion of, for example, an A, AAAA, or MX, record in the apex of a TLD zone in the DNS (i.e., the record relates to the TLD-string itself).


On 23 February 2012, the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless Domains [PDF, 182 KB]. In this report, the SSAC stated that dotless domains would not be universally reachable and recommended strongly against their use. As a result, the SSAC recommended that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) should be contractually prohibited where appropriate, and strongly discouraged in all cases.

On 23 June 2012, the ICANN Board adopted resolution 2012.06.23.09 tasking ICANN to consult with the relevant communities regarding implementation of the recommendations in SAC053.

On 24 August 2012, ICANN staff published the SAC053 Report for public comment requesting input to consider in relation to implementing the recommendations of the SSAC report. Public Comment period was closed on 5 November 2012.

On 27 November 2012 the staff posted a report of the public comments [PDF, 137 KB] that showed a substantial number of comments both in favor of adopting the SSAC recommendations as well in opposition to the recommendations.

In May of 2013 ICANN commissioned a study [PDF, 85 KB] on the stability and security implications of dotless domain name functionality to help ICANN prepare an Implementation plan for the SAC053 recommendations.

On 10 July 2013 the Internet Architecture Board (IAB) released a statement on dotless domain names, recommending against the use of dotless domain names for TLDs.

On 29 July 2013 Carve Systems delivered their report to ICANN. Consistent with the SSAC report, the Carve Systems report identifies security and stability issues that require mitigation before gTLDs can safely implement dotless domain names. The Carve Systems report identifies several risks, ten (10) of which are considered key risks that dotless domain names pose.

Current Status

Consistent with SSAC’s SAC 053 recommendation, a contracted gTLD wishing to operate as dotless domain name must submit a proposal to be evaluated as part of the standard Registry Services Evaluation Process (RSEP).

Similarly, section of the Applicant Guidebook (AGB) prohibits the use of dotless domain names prior to approval by ICANN, stating that the only permissible DNS Resource Records for the apex in a TLD zone are: Start of Authority (SOA), Name Server (NS), and related DNSSEC records. The same section also states: "An applicant wishing to place any other record types into its TLD zone should describe in detail its proposal in the registry services section of the application. This will be evaluated and could result in an extended evaluation to determine whether the service would create a risk of a meaningful adverse impact on security or stability of the DNS."

The ICANN Board New gTLD Program Committee (NGPC) will consider dotless domain names and an appropriate risk mitigation approach at its upcoming meeting in August.


ICANN wishes to thank the SSAC for their efforts in identifying and explaining the issues, and the community for their participation in the public comment process.

More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."