RealTime IT News

ICANN Decries DNS Redirect Practices

ICANN, the Internet Corporation for Assigned Names and Numbers) this week warned that the current practice of redirecting Internet users to either a third-party Web site or portal when users accidentally misspell a Web address or enter an invalid domain name could "destabilize" the Internet.

The organization documented its disdain for so-called synthesized DNS responses in a draft memo (available here in PDF format) before the introduction of new gTLDs (generic top-level domains) during a board meeting in Sydney in June.

ICANN said that some DNS (domain name systems) operators typically send back the IP address of another name -- a process known as NXDOMAIN substitution -- rather than simply send back an error message for nonexistent (and typically erroneous) domains.

"ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in new and existing gTLDs and ccTLDs and any other level in the DNS tree for registry-class domain names," the organization wrote in its memo.

"Synthesized DNS responses at the TLD level (and subordinate levels) is a destabilizing practice," it added.

ICANN officials also point out that redirection sites are often targeted by hackers looking to channel traffic to their malicious servers -- a problem that's only exacerbated by current DNS redirect procedures.

Users sending an e-mail to a domain that no longer exists—or never did—should immediately receive an error message, ICANN said. But when the message is redirected to a site set up to handle Web traffic, it usually gets queued up and the error message often won't arrive for several hours or even several days.

Worse, if personal or sensitive data is redirected via a country with a different jurisdiction and local law, there could be consequences for both users and registries, it added.

Last month, ICANN followed through on its plan to open up the Internet to languages and characters beyond English and the Latin alphabet by approving International Domain Names (IDN) for use as country-code top level domains (ccTLDs).

ICANN is suggesting that owners of the new gTLDs agree to ban the practice of redirecting requests to nonexistent domains and require those who still want to redirect DNS requests to prove the practice won't cause security and performance issues on the Web.