The Internet Architecture Board (IAB), which is a committee of the Internet Engineering Task Force (IETF) issued a statement today that it considers Dotless domains, such as the proposed “SEARCH” by Google harmful and will not work together with currently used procedures. As the statement explains:
Unfortunately, dotless domains will not work as intended by TLD operators in the vast majority of cases. As recommended by IETF standards track RFCs, existing deployed systems apply a search list to single-label names prior to attempting to resolve them. As a result, the resolution of dotless domains depends on local configuration such as the search list. For example, in a location where “example.com” is included within the search list, the URL http://printer1/ will generate a query for “printer1.example.com”, whereas in a location where “example.net” is in the search list, it will generate a query for “printer1.example.net”.
Aside from the Google proposal for its application for ‘SEARCH’, apparently this practice currently is already used by some existing Top Level Domains according to the statement.
With this background the IAB issues the following recommendations:
- The IAB strongly recommends against considering, implementing, or deploying dotless domains.
- The IAB believes that dotless domains are inherently harmful to Internet security.
- Applications and platforms that apply a suffix search list to a single-label name are in conformance with IETF standards track RFCs. Furthermore, applications and platforms that do not query DNS for a TLD are in conformance with IETF standards track recommendations intended to minimize security vulnerabilities and reduce load on the root servers.
[Hat tip to Michele Neylon of Blacknight, IAB Statement]
Related posts: