MARINA DEL REY, Calif.—The Internet Corporation for Assigned Names and Numbers (ICANN) released an "explanatory memorandum" Tuesday that outlines its opposition to a practice called NXDOMAIN substitution, or DNS redirection, which involves redirecting internet users to a third-party website or portal when they accidentally misspell a web address or enter an invalid domain name.
"ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in new and existing gTLDs and ccTLDs and any other level in the DNS tree for registry-class domain names," the report concludes. "Synthesized DNS responses at the TLD level (and subordinate levels) is a destabilizing practice."
Prepared by ICANN staff at the direction of the Board, the paper, titled "Harms Caused by NXDOMAIN Substitution in Toplevel and Other Registry-class Domain Names," identifies the "harms and concerns posed by the use (at registry level) of redirection and synthesizing of DNS responses, and ultimately the need to ensure the integrity of error responses as well as name resolution; collectively, NXDOMAIN substitution."
The harms and concerns identified by ICANN include:
1. Architectural implications
2. Impact on Internet protocols
3. Single point of failure
4. Reserved and blocked domains appearing alive
5. Fragmentation of the DNS ecosystem
6. Privacy concerns
7. Lack of choice for Internet users
8. Poor user experience
9. Use of privileged position
The report includes the following conclusions:
1. ICANN included a default prohibition for DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in the draft Registry Agreement & Specifications for new gTLDs.
2. ICANN notes that if an applicant for a new gTLD believes there is a legitimate use of these technologies that will not have security or stability issues as described in Module 2 of the draft Applicant Guidebook, the applicant has the option to include the registry service in its application justifying its reasoning why security or stability issues will not arise.
3. ICANN included a commitment to not implement DNS redirection and synthesized DNS responses as part of the request for new IDN ccTLDs in the proposed Terms and Conditions, and in the three proposed relationship options between ICANN and the IDN ccTLD manager: Documentation of Responsibility, Exchange of Letters, and Standard Agreement.
4. ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in existing gTLDs, ccTLDs and any other level in the DNS tree for registry-class domain names. If an existing gTLD operator intends to offer a service that depends on NXDOMAIN substitution, it must submit that request through the Registry Services Evaluation Process.
5. ICANN further recommends that if ccTLD or registry-class domain managers intend to offer a service that depends on NXDOMAIN substitution, they should consult with technical experts (e.g., IAB/IETF, SSAC) on the possible effects of such implementation, and submit the proposal for global public scrutiny before implementing such a services.
The report will be of obvious interest to internet service providers, many of which have implemented DNS redirection. Verizon defended its practice of redirecting typo traffic earlier this month, and in July, Comcast launched a trial DNS Redirection effort—called a "Domain Helper service"—in Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington.