Name Collision Occurrence Mitigation for New ccTLDs
ICANN's mission and core values call for ICANN to preserve and enhance the operational stability, reliability, security, and global interoperability of the Internet's system of unique identifiers (names, IP numbers and protocol parameters)1. In pursuing this mission and values and following the direction of its Board of Directors as well as taking into consideration the advice of the Security and Stability Advisory Committee, ICANN has been working on understanding and mitigating issues related to "name collisions" in the DNS.
A name collision occurs when a user unknowingly attempts to resolve a name that has been delegated in the public DNS when the user's intent is to lookup a resource identified by the same name in a private network. Circumstances in which the administrative boundaries of private and public namespaces overlap and name resolution yields unintended results present concerns and should be avoided if possible.
In accordance with ICANN's "New gTLD Collision Occurrence Management" plan <https://www.icann.org/en/system/files/files/resolutions-new-gtld-annex-1-07oct13-en.pdf> [PDF, 840 KB] and "Name Collision Occurrence Management Framework" <https://www.icann.org/en/system/files/files/name-collision-framework-30jul14-en.pdf> [PDF, 635 KB], ICANN has requested certain measures be implemented by new gTLD operators from the 2012 round in order to help mitigate name collision risks.
The risks of name collision are not exclusive of new gTLDs and may present in both ASCII and IDN new ccTLDs. In order to help mitigate name collision risks under your future new ccTLD, ICANN strongly recommends the following measures:
For a period of at least 90 days, the new-ccTLD manager should implement continuous Controlled Interruption inserting the following records into the ccTLD zone (substituting "TLD" with the your new ccTLD string):
TLD. 3600 IN MX 10 your-dns-needs-immediate-attention.TLD.
* 3600 IN MX 10 your-dns-needs-immediate-attention.TLD.
TLD. 3600 IN SRV 10 10 0 your-dns-needs-immediate-attention.TLD.
* 3600 IN SRV 10 10 0 your-dns-needs-immediate-attention.TLD.
TLD. 3600 IN A 127.0.53.53
* 3600 IN A 127.0.53.53
TLD. 3600 IN TXT "Your DNS configuration needs immediate attention see https://icann.org/namecollision"
* 3600 IN TXT "Your DNS configuration needs immediate attention see https://icann.org/namecollision"
As discussed in SAC0152, the use of wildcard records in DNS is not recommended by ICANN for domain names that offer registration to third parties. Therefore, no names should be registered or, at least, not activated under the TLD until after the 90-day controlled interruption period has been completed. For more information regarding the use of wildcard records, please see <https://archive.icann.org/en/topics/new-gtlds/nxdomain-substitution-harms-24nov09-en.pdf> [PDF, 227 KB]
Managers of new ccTLDs are recommended to have a name collision reporting mechanism to act upon cases of severe harm (e.g., clear and present danger to human life) caused by name collision for, at least, the early days of the life of the new ccTLD's operation (please see for example <https://forms.icann.org/en/help/name-collision/report-problems>). Examples of measures that may be taken would include: removal of wildcard records from DNS during the controlled interruption period; removal of a second-level domain name from the DNS; and in extreme cases, removal of the TLD itself from the root zone (e.g., in case of harm caused by the TLD itself – dotless name – during the controlled interruption period). Note that these measures are only intended to be temporary while the affected party effects changes in their network configuration to avoid future harm.
ICANN is fully committed to the delegation of new TLDs in accordance with its mission and core values. ICANN appreciates your consideration of this issue and stands ready for further collaboration if requested.
For additional information regarding name collision please visit ICANN's web page dedicated to name collision mitigation, available at <https://icann.org/namecollision> or contact us at GlobalSupport@icann.org.