Mozilla Response to Dotless Domains Consultation
This submission is sent on behalf of Mozilla, a non-profit organization whose mission is to "promote openness, innovation and opportunity on the web". We are particularly concerned with the continued smooth functioning of the Web in particular and the Internet in general. Therefore, although we suspect that, for technical reasons, dotless domains will not work very well for their owners, it is the effect on users, even those with no relationship with any sites under the TLD in question, which concerns us. The DNS' enormous value to humanity is that it is a global namespace - in other words, in most cases, every name has a single owner. This is something users are able to understand. However, just as there are areas of the IP address range reserved for private use (RFC 1918), there are also areas of the DNS namespace reserved for private use - either by RFC (RFC 2606) or convention (e.g. .local, used by Zeroconf). It is our contention that the dotless part of the DNS namespace is /de facto/, and should be /de jure/, reserved for private use in similar manner. Countless companies use dotless names for their internal servers. Dotless names already have a meaning in a local context, and no-one can tell from the outside what names have meaning where. This is very similar to the use of the private use IP address ranges. And, just as creating a routable host on the Internet with IP address 192.168.0.1 would lead to all sorts of undesired effects, so would creating a host with the global DNS name "home" or "search". We are particularly concerned about the security implications of dotless domains. For example, 7 companies have applied for the new TLD "mail". There must be many thousands of companies running an internal server called "mail". A poorly-configured DNS server could lead to the sending of private company email to the servers of the winning applicant. Mozilla therefore joins the SSAC in being opposed to the idea of "dotless domains", and we strongly recommend that new gTLD operators be contractually prohibited from attempting to create them. Mozilla does not rule out taking steps to ignore such records if their existence is leading to security or stability problems for users. |