Skip to main content

Welcome to the new ICANN.org! Learn more, and send us your feedback. Dismiss

Resources

SSAC Report on Dotless Domains

Comment/Reply Periods (*) Important Information Links
Comment Open: 24 August 2012
Comment Close: 23 September 2012
Close Time (UTC): 23:59 UTC Public Comment Announcement
Reply Open: 24 September 2012 To Submit Your Comments (Forum Closed)
Reply Close: 14 October 2012 Extended to 5 November 2012 View Comments Submitted
Close Time (UTC): 23:59 UTC Report of Public Comments
Brief Overview
Originating Organization: ICANN
Categories/Tags:
  • Top-level Domains
  • Security / Stability
Purpose (Brief): This purpose of this public comment period is to bring to your attention of the SSAC's report on dotless domain [PDF, 183 KB] and to solicit your input on ICANN's implementation of the recommendations in this report.
Current Status: Open for public comment
Next Steps: Comments will be collected and incorporated into a briefing paper for the ICANN board.
Staff Contact: Kurt Pritz Email: kurt.pritz@icann.org
Detailed Information
Section I: Description, Explanation, and Purpose

Dotless domains are domains that consist of a single label (e.g. http://example as opposed to example.tld or mail@example as opposed to mail@example.tld) and there is an A/AAAA or MX records in the APEX of a TLD zone.

On 23 February 2012, the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]. In this report, the SSAC stated that dotless domains would not be universally reachable and the SSAC recommended strongly against their use. As a result, the SSAC recommended that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) should be contractually prohibited where appropriate, and strongly discouraged in all cases.

On 23 June 2012, the ICANN Board adopted a resolution tasking ICANN to consult with the relevant communities regarding implementation of the recommendations in SAC053.

Section 2.2.3.3 of the Applicant Guidebook essentially prohibits the use of dotless domains, stating that the only permissible DNS Resource Records for the apex in a TLD zone (i.e., the TLD-string itself) are: SOA, NS, and related DNSSEC records. The same section also states, "An applicant wishing to place any other record types into its TLD zone should describe in detail its proposal in the registry services section of the application. This will be evaluated and could result in an extended evaluation to determine whether the service would create a risk of a meaningful adverse impact on security or stability of the DNS."

One option under consideration to implement the SSAC's recommendation could be to amend the base new gTLD agreement to prohibit A, AAAA and MX records in the apex of the TLD.

Do you have any input for ICANN to consider in relation to ICANN's implementation of SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]?

Section II: Background
On 23 February 2012, the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]. In this report, the SSAC stated that dotless domains would not be universally reachable and the SSAC recommended strongly against their use. As a result, the SSAC recommended that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) should contractually prohibited where appropriate, and strongly discouraged in all cases.
Section III: Document and Resource Links
SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]
Section IV: Additional Information
None

(*) Comments submitted after the posted Close Date/Time are not guaranteed to be considered in any final summary, analysis, reporting, or decision-making that takes place once this period lapses.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."