[DNSOP] Mitigation of name collisions

"Paul Hoffman" <paul.hoffman@vpnc.org> Sun, 18 September 2016 22:03 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D7A2812B007 for <dnsop@ietfa.amsl.com>; Sun, 18 Sep 2016 15:03:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pkBQ7GTWUyBc for <dnsop@ietfa.amsl.com>; Sun, 18 Sep 2016 15:03:51 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0053F127078 for <dnsop@ietf.org>; Sun, 18 Sep 2016 15:03:50 -0700 (PDT)
Received: from [] (50-1-99-230.dsl.dynamic.fusionbroadband.com []) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id u8IM3lpN042180 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 18 Sep 2016 15:03:49 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-99-230.dsl.dynamic.fusionbroadband.com [] claimed to be []
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: John Levine <johnl@taugh.com>
Date: Sun, 18 Sep 2016 15:03:46 -0700
Message-ID: <90CF5269-0443-45AB-83BA-BE9F9D03831A@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/f8DKSAYs_TC6enl-x8w-w4smmHg>
Cc: dnsop@ietf.org
Subject: [DNSOP] Mitigation of name collisions
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Sep 2016 22:03:52 -0000

On 18 Sep 2016, at 14:10, John Levine wrote:

>>> 4.2.4. Name Collision in the DNS ...
>> This study is from before the new gTLD program.  The assumption in 
>> the
>> report need to be tested against what actually happened in the round 
>> of
>> new gTLDs before it can be included as part of the fact basis for 
>> this
>> work.  We also need information on the degree of success that the
>> various mitigation strategies had in overcoming possible problems to
>> have a full picture of the problem as it has been shown in practice.
> At a meeting a couple of weeks ago, I believe that someone said that
> the junk traffic at the roots for each of .corp, .home and .mail still
> greatly exceeds all of the traffic for the new gTLDs.  So I think it's
> safe to say none of the mitigation strategies have worked.

There is a difference between "mitigation" with "prevention". Few of use 
thought that publicity about upcoming collisions would have cause more 
than a few folks to fix the problem before it hit them.

> The wildcard and such are clever, but none of the domains
> that have been delegated had significant collision issues to start
> with so it's hard to argue they've been effective.

It is impossible to measure the effectiveness without knowing how many 
collision queries are just noise (queries that will cause no noticeable 
damage if they started coming back with results). In the case of 
mitigation through wildcard-to-localhost, it is safe to assume that many 
organizations did in fact mitigate; we simply can't tell how many or 

--Paul Hoffman

(Disclaimer: I'm now on ICANN staff, but well before I was, I wrote 
"Guide to Name Collision Identification and Mitigation for IT 
Professionals" for ICANN.)