Skip to main content

Welcome to the new! Learn more, and send us your feedback. Dismiss


ICANN Issues Advice to IT Professionals on Name Collision Identification and Mitigation

Los Angeles, California… ICANN today issued comprehensive advice to IT professionals worldwide on how to proactively identify and manage private name space leakage into the public Domain Name System (DNS) and thus, eliminate the causes of name collisions as new Top Level Domains (TLDs) are added to the DNS. In a report titled Name Collision Identification and Mitigation for IT Professionals [PDF 228 KB], ICANN explains the nature and causes of name collision and proposes a range of possible solutions.

Domain name collisions are not new. However the report addresses some concerns that a number of applied-for new TLDs may be identical to names used in private name spaces.

The report explains how DNS queries leak into the global DNS from private name spaces and how these leaks can have unintended consequences. The report shows that private networks will consistently, stably, and reliably perform name resolution when they use Fully Qualified Domain Names (FQDNs) and resolve them from the global DNS, and proposes methods to migrate to FQDNs.

"While it appears that name collisions won't affect significant numbers of corporate network operators or Internet users, ICANN considers it essential that it does everything possible to minimize potential impact and to offer clear advice on dealing with the issue," said Paul Mockapetris, Global Domains Division Security Advisor.

The report recommends that every organization that is not already using FQDNs from the public DNS should consider the following strategy:

  • Monitor name services, compile a list of private TLDs or short unqualified names you use internally, and compare the list you create against the list of new TLD strings.
  • Formulate a plan to mitigate causes of leakage.
  • Prepare users for the impending change in name usage by notifying them in advance or providing training.
  • Implement your plan to mitigate the potential collision.

The release of today's advice to IT professionals is the result of several months of diligent work by ICANN's staff, subject matter experts, the ICANN Executive Team and the Board of Directors.

"The report we've issued today offers IT professionals, whether they work in large organizations or small companies, comprehensive advice and suggested remedies that can be simple to implement," said Dave Piscitello, Vice President of Security and ICT Coordination. "While other interim or makeshift solutions may exist, migration using FQDNs has lasting value – once you've done this, you are good to go for now and future new TLD delegations."

The report, along with additional useful information and resources, can be found at:



Brad White
Director Global Media Affairs
Washington, D.C.
Tel: +1.202.570.7118

James Cole
ICANN Global Media Coordinator
Washington, D.C.
Tel. +1 202.570.7240

Andrew Robertson
Edelman Public Relations
London, U.K.
Tel. + 44 (7811) 341 945

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."