Slashdot Mirror
ICANN Registers Improper Domain Names
wetmondo writes "When ICANN was started in order to open up domain registration to competition, some people worried that this might create some problems. Well, here is proof that they were right. Yahoo! is reporting that they screwed up and registered domain names with dashes at the end such as e-.com. Domain names with dashes at the end causes ftp and telnet to fail."
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Actually it was NetSol's incompetence that it let domain names be registered without making sure those names complied to specifications. I read this story on news.com 2 days ago regarding this..
Network Solutions' (NSI) registry accepted about 800 domain names containing a hyphen at the end or the beginning of an address. But such names have long been prohibited and therefore should be recaptured, said Michael Roberts, president of the Internet Corp. for Assigned Names and Numbers (ICANN).
"It was a mistake," Roberts said today. "The software was not rejecting the names, but that was fixed earlier this week."
The first such name was registered Nov. 4, leaving some consumers wondering why it took so long to discover the problem.
Roberts explained that the system is automated and does not involve people who would have been able to detect the problem sooner.
In an agreement with ICANN, NSI, which operates the single registry system, and about 23 other approved registrars that feed into that system prohibit the trailing hyphens. The agreement also gives power to the companies to revoke domains that have been mistakenly sold, Roberts said.
Only a few of the approved registrars failed to put a filtering device in their systems, which allowed the unauthorized domains to sneak through, said Don Telage, NSI's registry policy spokesman.
San Francisco-based Internet Domain Registrars was one of the companies that failed to implement the filter, and as a result, it unknowingly registered about 400 bad addresses, said Paul Lum, the company's general manager.
Lum said he was relying on NSI's security system to catch any characters not allowed in a domain, such as an exclamation point, dollar sign and a trailing or leading hyphen.
Early Monday, he learned it was Internet Domain's responsibility to program its own filter. Now the company is left with the unpleasant task of reimbursing a total of $25,000 to those who registered the new domains.
The fiasco will not likely cause a customer-relations problem for Internet Domain, Lum said. Instead he views the situation as evidence that clever Net addresses are highly sought after.
"There is too much pent-up demand for good domain names," he said. "Even though the hyphen isn't very attractive, short names are still preferred."
A lawyer for one unhappy consumer who registered more than 100 of these new domains said the governing bodies could have a difficult time proving the recent glitch was a mistake, as it took them three months to discover the error.
The rest of this story could be read here. Please don't jump to conclusion without getting the full story.
--
This seems like a classic case of techies missing the point: "Oh, running out of domains? Let's add more." But it isn't domainspace that's crowded, it's the trademark namespace...
On the other hand, some new TLDs would:
Because it violates the RFC defining what a domain name should look like, and many pieces of software are written intelligently enough that they know "hey, that's not valid!" and reject it -- exactly as they should. D
Darn, no SlashDotDash.
The reference is RFC1035 (``Domain Names — Implementation and Specification'') by Mockapetris. But read it carefully: the section 2.3.1 is entitled ``Preferred name syntax'' (emphasis is mine). There is nothing illegal about names not following this convention; in fact, RFC1035 domain names can contain arbitrary characters, even binary (including the dot character, the null character, and mixed case!). The RFC essentially restates the golden rule: be liberal in what you accept and conservative in what you send (i.e. use the suggested conventions if possible when creating domain names, but be prepared to accept any kind of data when you receive a domain name). The RFC suggests the conventions you name precisely for compatibility with mail and TELNET (see the notes at the beginning of section 2.3.1), so you are putting the cart before the horses (``illegal'' names are ``illegal'' because they break TELNET, not the other way around).
A domain name is not supposed to start with a digit, but this rule is violated in the very RFC for the IN-ADDR.ARPA domain. Arguably, this is not a problem because you can't TELNET directly to an IN-ADDR.ARPA domain host (I find it rather unfortunate that I can't type telnet t.z.y.x.in-addr-arpa as a substitute for telnet x.y.z.t, I've never understood why that is disallowed).
I wonder, with all the fad on Unicode, whether Unicode characters will end up being allowed in domain names. Then every trademark-owning company would rush to register their name in every possible script. Or, worse even, get their logo added to the Unicode tables and register the <logo>.com domain. Fortunately, the Unicode Consortium has decided never to include logos in the official Unicode tables (but they might get added in the user-reserved areas if some vendor (i.e. Micro$oft) is influential enough to provide a kind of standard in this domain). Imagine people not knowing how to write any more, just choosing the company's logo in a huge table, and pasting it in the location bar of their browser...
When creating a standard or a specification, it's important to make rules and stick to them -- the perils of changing them later are many. However, it's just as important to make rules that don't suck in the first place, because they will get broken.
The mail servers for the ISP I used to work for have dozens of functioning "illegal" usernames that are either longer than eight characters or begin with a numeral. There are even a few with the ampersand character (&) that also work, though they do behave strangely in finger queries. Despite the fact they knew it was technically invalid, being a fledgling company eager to please (times sure have changed there), they let it happen. Future upgrades of Slackware prevented any more invalid accounts from being created, however. I'm of the opinion that it was USERADD acting as the enforcer -- if the kernel does it, wouldn't that mean that it plays with a different set of rules internally than it does externally?
In the case of Linux, no matter what you do, it's a Bad Thing©. You can continue to use the same standard and allow "fudging" without acknowledging that it seems to work "out of spec", which IMO is the Worst Thing©, you can break compatibility for the sake of a standard, or you can drop the archaic, unpopular rules that don't seem to make a bit of difference -- or do they?
Frankly, I don't care for ICANN's crappy, archaic rules that probably don't matter anymore. It's good to have standards, as long as you stick to them, but they don't do it very well. They've already broken a few of them by allowing numerals as the first character in a domain name (the @ host, e.g. "2600.com" is technically invalid, DNS-wise), as well as single character domain names.
Steadily, all of the rules will erode as the greed of registrars pressures the ICANN for more domains to sell. The "unroutable" Class A netblocks at the upper and lower ends will probably fall sometime soon too, but at least it will be out of necessity. Just like everything else drawn up decades ago, the "impossible" becomes well within reach...
If you've actually read all the way through this, I'm sorry you put up with my rambling for so long...
--
--
E2 IN2 IE?
For example, if you read this article, one guy grabbed "e-.com", "e-.org", and "e-.net" for his e-commerce site. Hello, there's something wrong here: .org sites are supposed to be for non-profit organizations, not a commerce site.
We need to education both IT managers and the general public that there is a significant difference between a .com and a .net address. If that understand was in place across the planet, then there should be no confusion between sites such as "whitehouse.gov" and "whitehouse.com", or "apple.com" and "apple.org". But, because we *know* people are stupid, they feel they have to do this.
IF people were intelligent enough to recongize this, then the next step would be to prevent any person or group to own the same name in any more than one TLD, unless sufficient cause is show (and that cause does NOT include trademark infrindgement). With the above in place, anyone would recognize that "apple.org" is not Apple Corp, but some organization that might deal with apples or Apples. Therefore, Apple would not have to grab all the domains in every TLD.
Then, using internationally determined standards, the next step would be to limit the registration of certain TLDs to appropriate people. .com and .biz to registered profit businesses, .net with the network infrastructure, etc.
Finally, and what I think is really important right now is to actively use the country code in domains. Browsers can easily be configured or patched to automatically end .com and the other TLD's in the appropriate country code (.us, etc) Yes, this means that by default, a person in the UK would have to go "www.apple.com.us", but this is necessary to remove the American-ization of the Internet, and would limit domain name disputes to within countries only (no etoys vs etoy problems).
But public education is the most important thing. I watch game shows which will generally have a higher cut of people than the rest, and it amazing me how dense they come to computer terms. They don't try to learn how it understands, they just want it to work. We need to actively promote education; I know that I will be trying to teach my mom the fundamentals of using her new computer rather than running through a simple list of steps just to type a letter. I'll try to apply the same to the internet stuff. But everyone needs to learn this. While we as the john doe internet surfer is still ignorant of how domain names work, IT managers are going to suck up all those domains for no real go reason.
Of course, the other option would be to increase the cost of registering domains, but this would hurt more than help.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
It's egregious to attribute this to ICANN and say that the cynics were right. Of course there will be small problems with any distributed system. The fault here, though, lays with the registrars who improperly registered names that shouldn't have existed. It's ironic that NetSol ends up being the good guy here (from one standpoint only, of course, not the domain owners' by a long shot!).
Hopefully this incident will give ICANN a kick in the pants as far as moving on to the next phase. There need to be more TLDs, and there need to be rules that allow those TLDs to expand the domain name universe, not just give trademark-grabbers more TLDs to register theirs in. The situation right now is getting ridiculous.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
What's even more nuts is what is happening in the toll free number area. Large companies with 800 numbers (like 800-FLOWERS) just *had* to duplicate their numbers in 888, then 877 and you can bet when 866, 855, 844, 833, and 822 toll free "area codes" are eventually open, those will be duplicated too.
Quite a lot of discussion on this topic has been going on in comp.dcom.telecom for a few years now.
The only way that makes sense for trademark issues is to create a TLD for each tradmark field, there are about 40 of them. Then add a country code since envery country does not have the same system of tradmard classification. So, for example ,
www.macdonalds.food.us would sell Big Macs,
www.macdonalds.farm.us would do the EIEIO thing..
and etoys.merchant.us would leave etoy.art.uk alone.
There would be room for apple.comp.us and apple.music.uk and apple.food.* and apple.electronic.uk could be Apple Computer's UK site depending on how the UK/EU does it's Trademark classifications.
Starman97@Gmail.com (bring it on spammers)
It breaks various programs because it is an ILLEGAL name. (I think the standards have changed since the old days and are a bit more flexible). However, it is still recommended that domain names have the following form:
A domain name is a sequence of labels seperated by dots '.'
A label is a sequence of letters 'a..z', digits '0..9', and hyphens '-'. A digit may not be the first character of a label. A hyphen may not be the first or last character of a label. A label must be less than 64 characters in length.
Ryan