On topic of dotless domains
Doug Barton
dougb at dougbarton.us
Thu Jul 11 23:27:58 UTC 2013
On 07/11/2013 03:57 PM, Geoffrey Keating wrote:
> Mark Andrews <marka at isc.org> writes:
>
>> In message <krmkg2$flc$1 at ger.gmane.org>, Chris Hills writes:
>>> Whilst I am not a fan of dotless domains, as long as one uses the fully
>>> qualified domain name (e.g. http://ac./), there should not be any
>>> trouble using it in any sane software. It seems that most people aren't
>>> aware these days that a fqdn includes the trailing period (by definition).
>>
>> No it does not. Period at the end is a local convention to stop
>> searching on some platforms. It is not syntactically legal. Note
>> the words 'a sequence of domain labels separated by "."'. Periods
>> at the end are NOT legal.
>>
>> RFC 1738
>>
>> host
>> The fully qualified domain name of a network host, or its IP
>> address as a set of four decimal digit groups separated by
>> ".". Fully qualified domain names take the form as described
>> in Section 3.5 of RFC 1034 [13] and Section 2.1 of RFC 1123
>> [5]: a sequence of domain labels separated by ".", each domain
>> label starting and ending with an alphanumerical character and
>> possibly also containing "-" characters. The rightmost domain
>> label will never start with a digit, though, which
>> syntactically distinguishes all domain names from the IP
>> addresses.
>
> That was fixed in RFC 2396:
... which has the title, "Uniform Resource Identifiers (URI): Generic
Syntax," so not necessarily a treatise on host name syntax. :)
> host = hostname | IPv4address
> hostname = *( domainlabel "." ) toplabel [ "." ]
>
> ... The rightmost
> domain label of a fully qualified domain name will never start with a
> digit, thus syntactically distinguishing domain names from IPv4
> addresses, and may be followed by a single "." if it is necessary to
> distinguish between the complete domain name and any local domain.
>
> However, I think it's safe to say this is an edge case and chances are
> you'll have trouble using dotless domains with some software and
> processes.
Right-o. And even if 2396 was authoritative, the "may" in "may be
followed" highlights the point Mark made earlier: Such syntax is not
universally recognized over all operating systems, or even all
applications. And that's totally aside from the difficulty in user
education.
> For example, you'll probably have trouble getting a SSL
> certificate.
Given that some CAs have already issued certs for host names that are
not valid in the public DNS now, and have been doing so for years,
dotless domains may have a higher barrier to entry for SSL, but the
barrier is not infinitely high.
All that said, I am a proponent of the slightly heretical view that
ICANN should not prohibit this for gTLDs, however I do think they should
provide good user education as to why it will likely be a bad idea. The
key factor for me is that the ccTLDs are already doing it, and there is
nothing ICANN can do to stop them from doing so. Thus it would be
"unfair" in a philosophical sense for ICANN to restrict the gTLDs in
this manner. (I think one could even make an argument that for ICANN to
attempt to do so would be restraint of trade, but IANAL.)
While I recognize that widespread use of dotless domains would
undoubtedly break stuff in the short term, I also think that both
application and OS developers would adapt to the changing landscape over
time. It's also worth mentioning that at least some of the things that
would "break" in the short term are things we've been telling people for
many years not to do in the first place ...
Doug
More information about the NANOG
mailing list