ICANN on collision path for ccTLDs


The board of the Internet Corporation for Assigned Names and Numbers (ICANN) has signalled its intent to recommend that the same Name Collision provisions that were put in place for new generic top-level domains (gTLDs) are also applied to newly launching country-code top-level domains (ccTLDs).

By ICANN's own definition:

"a name collision occurs when users unknowingly access a name that has been delegated in the public DNS when the user’s intent was to access a resource identified by the same name in a private network. Circumstances like these, where the administrative boundaries of private and public name spaces overlap and name resolution yields unintended results, present concerns and should be avoided if possible. However, the collision occurrences themselves are not the concern, but whether such collisions cause unexpected behaviour or harm, the nature of the unexpected behaviour or harm and the severity of consequence."

The crucial part of the above definition is ‘private network’. This is where the issues of Name Collision have their roots. ‘Private networks’ is a catch-all term to describe, amongst other things, company intranets, email systems, document management systems and servers that host applications and content that is only available to users of the network.

Private networks operate on similar principles to those of the public Internet. That is to say, IP addresses are used to direct users of the network to the correct resource on the network, be that the company intranet or an application hosted within the network. Just like on the public Internet, private networks make use of "domain names" which are mapped over IP addresses when building a private network, writing software and applications and deploying these to the network.

However, the key difference between private networks and the public Internet is that, when domain names are used within the private network, they are often not actual registered domain names or Fully Qualified Domain Names (FQDNs). Often developers and those constructing a network would use fictional domain names to direct resources. This was not problematic as the fictional domain names would use extensions that did not exist in the global Domain Name System (DNS).

As domain names with these extensions could not exist in the global DNS, developers and network administrators knew that it would not be possible for their systems to leak out data to the public Internet, as such queries would be unable to resolve and thus all of the private traffic on their networks would stay within their private networks.

However, as new domain name extensions are delegated to the global DNS, the possibility for FQDNs to be registered that correspond with fictional domain names used in private networks significantly increased and thus ICANN's Name Collision provisions came into being.

As a result of this, all new gTLD registries had to either block a pre-determined list of problematic domain names from registration or wildcard their TLD for a period of 90 days in order to capture any private network traffic that was leaking into the global DNS as a result of the delegation of that gTLD.

ICANN is now proposing to make a recommendation that newly launching ccTLD registries also implement the same Name Collision measures. As a result of this, ICANN has instructed the Country-Code Names Supporting Organisation to start a study to determine the impact of Name Collisions associated with the launch of new ccTLD extensions.

David Taylor and Daniel Madden, Hogan Lovells LLP, Paris

Get unlimited access to all WTR content