ICANN opens up Pandora's Box of new TLDs
regnauld at catpipe.net
Mon Jun 30 08:53:38 UTC 2008
Matthew Petach (mpetach) writes:
> If they simply use "smtp" as the hostname, most of the
> current resolver libraries will append the local domain
> name, so that instead of reaching my A record for smtp,
> they'll end up trying to reach smtp.their.domain.
Actually, that's a good point -- although it will try first with
the domains specified in the search list first.
So I wouldn't worry too much about this kind of thing.
But considering the amount of flag waving and "Caution: Wet
Floor" signs ICANN placed when it rolled out something has
harmless as the IDN tests in the root, I'm surprised that they
haven't thought about all the non-FQDNs that will suddenly
resolve, including all the private TLDs that people use
internally. It's bad practice, and isn't recommended anyway,
but I do expect it will cause many more fun (read: annoying)
calls to helpdesks of the sort "where did my mail go ?".
And mail won't be the only thing.
> Will operating system manufacturers release updated
> resolver libraries that no longer assume that single
> token names should have the local domain attached?
I know a lot of mail clients that won't accept to send
mail to user at tld, but they certainly will accept user at smtp
as the outgoing mail name. Luckily, that will match the
search list as well first.
> Or should I always ensure that resolvers reach my
> domain explicitly by including the trailing "dot" in
> all uses, so that my email would be given out as
> "myname at smtp." in the hopes that everyone would
> correctly remember to add the "." at the end when
> entering my email address into their mail clients?
A fair number will barf on this (for now).
> Or does the current resolver logic already handle
> these cases (check root, work your way down
> stopping at the first match found; if you run out
> of tokens in the string being resolved, append the
> local domain name to the string and start the process
The other way around. And if I ping 'dk', my resolver
stops after "catpipe.net" and my other private domain.
It doesn't try "dk.", even though dk. has an A record
associated with it. I get NXDOMAIN.
> Simply looking to solidify my understanding of how
> these new names would resolve.
Not too many problems, I think, except for resolver
libraries that fail to find the name in the domains
listed in the search list, and continue to '.'.
It's not standard practice though.
More information about the NANOG