ICANN opens up Pandora's Box of new TLDs

Phil Regnauld regnauld at catpipe.net
Mon Jun 30 08:53:38 UTC 2008

Matthew Petach (mpetach) writes:
> If they simply use "smtp" as the hostname, most of the
> current resolver libraries will append the local domain
> name, so that instead of reaching my A record for smtp,
> they'll end up trying to reach smtp.their.domain.

	Actually, that's a good point -- although it will try first with
	the domains specified in the search list first.
	So I wouldn't worry too much about this kind of thing.

	But considering the amount of flag waving and "Caution: Wet
	Floor" signs ICANN placed when it rolled out something has
	harmless as the IDN tests in the root, I'm surprised that they
	haven't thought about all the non-FQDNs that will suddenly
	resolve, including all the private TLDs that people use
	internally.  It's bad practice, and isn't recommended anyway,
	but I do expect it will cause many more fun (read: annoying)
	calls to helpdesks of the sort "where did my mail go ?".
	And mail won't be the only thing.

> Will operating system manufacturers release updated
> resolver libraries that no longer assume that single
> token names should have the local domain attached?

	I know a lot of mail clients that won't accept to send
	mail to user at tld, but they certainly will accept user at smtp
	as the outgoing mail name.  Luckily, that will match the
	search list as well first.

> Or should I always ensure that resolvers reach my
> domain explicitly by including the trailing "dot" in
> all uses, so that my email would be given out as
> "myname at smtp." in the hopes that everyone would
> correctly remember to add the "." at the end when
> entering my email address into their mail clients?

	A fair number will barf on this (for now).

> Or does the current resolver logic already handle
> these cases (check root, work your way down
> stopping at the first match found; if you run out
> of tokens in the string being resolved, append the
> local domain name to the string and start the process
> over)?

	The other way around.  And if I ping 'dk', my resolver
	stops after "catpipe.net" and my other private domain.
	It doesn't try "dk.", even though dk. has an A record
	associated with it.  I get NXDOMAIN.

> Simply looking to solidify my understanding of how
> these new names would resolve.

	Not too many problems, I think, except for resolver
	libraries that fail to find the name in the domains
	listed in the search list, and continue to '.'.
	It's not standard practice though.


More information about the NANOG mailing list