ICANN Issues Advice to IT Professionals on Name Collision Identification and Mitigation
ICANN today issued comprehensive advice to IT professionals worldwide on how to proactively identify and manage private name space leakage into the public Domain Name System (DNS) and thus, eliminate the causes of name collisions as new Top Level Domains (TLDs) are added to the DNS. In a report titled Name Collision Identification and Mitigation for IT Professionals [PDF 228 KB], ICANN explains the nature and causes of name collision and proposes a range of possible solutions.
Domain name collisions are not new. However the report addresses some concerns that a number of applied-for new TLDs may be identical to names used in private name spaces.
The report explains how DNS queries leak into the global DNS from private name spaces and how these leaks can have unintended consequences. The report shows that private networks will consistently, stably, and reliably perform name resolution when they use Fully Qualified Domain Names (FQDNs) and resolve them from the global DNS, and proposes methods to migrate to FQDNs.
"While it appears that name collisions won't affect significant numbers of corporate network operators or Internet users, ICANN considers it essential that it does everything possible to minimize potential impact and to offer clear advice on dealing with the issue," said Paul Mockapetris, Global Domains Division Security Advisor.
The report recommends that every organization that is not already using FQDNs from the public DNS should consider the following strategy:
- Monitor name services, compile a list of private TLDs or short unqualified names you use internally, and compare the list you create against the list of new TLD strings.
- Formulate a plan to mitigate causes of leakage.
- Prepare users for the impending change in name usage by notifying them in advance or providing training.
- Implement your plan to mitigate the potential collision.
The release of today's advice to IT professionals is the result of several months of diligent work by ICANN's staff, subject matter experts, the ICANN Executive Team and the Board of Directors.
"The report we've issued today offers IT professionals, whether they work in large organizations or small companies, comprehensive advice and suggested remedies that can be simple to implement," said Dave Piscitello, Vice President of Security and ICT Coordination. "While other interim or makeshift solutions may exist, migration using FQDNs has lasting value – once you've done this, you are good to go for now and future new TLD delegations."
The report, along with additional useful information and resources, can be found at: