Much of the coverage on new gTLDs in the hosting industry has focused on the scope of opportunity it presents for web hosting providers looking to grow their business. From extensive marketing campaigns to new tools and platforms to help customers reserve their top choices, web hosts have been busy over the past few years preparing for this growth phase of the Internet.
But one issue that perhaps hasn’t seen as much coverage when it comes to new gTLDs is the concern around name collisions. According to an ICANN report released at the beginning of December, called Name Collision Identification and Mitigation for IT Professionals, “a name collision occurs when users unknowingly access a name that has been delegated in the public DNS when the user’s intent was to access a resource identified by the same name in a private network.”
In the document, ICANN explains that the “collision occurrences themselves are not the concern, but whether collisions cause unexpected behavior or harm, the nature of the unexpected behavior or harm and the severity of the consequence.”
Christian Dawson, COO of web hosting company ServInt and co-chair of the Internet Infrastructure Coalition, said that the collisions have the potential to not only break internal systems, but also create security issues since internal information could unexpectedly be external.
“Let’s say you were a mid-nineties systems designer and you decided you were going to build a system where on your internal network you were going to call something, let’s say your company was a folders company, you would call something folders.mail. Well, now there is a .mail. You may have had a system that for 10 years went to your internal system, but now it’s going to go out into the world with somebody else’s folders.mail,” Dawson said. “There are implications there. It’s breaking internal systems, but also, what are you sending there? Is it something that should remain private? There are security issues. There could be financial institutions or medical institutions that are doing things with internal name designation that are now going to be out in the public. Those things are going to stop resolving to the internal places and start resolving to external places, and all of the sudden some guy who owns that domain is getting everybody’s mail.”
ICANN released the report to offer recommendations on how to mitigate name collisions, but it is a complex issue that doesn’t have a quick fix.
“There’s not an easy solution because the standard practice has been, when you’re coding a system, that either you use a domain you own or use local host,” Dawson said.
“We know things are still being written that could break,” he said. “ICANN is trying to fight that but it’s going to take a lot of visibility. It’s great that ICANN is working on it but there is a significant part of our industry that doesn’t even know who ICANN is. I would say about 70 percent of the industry, and we’re in this space, doesn’t have any idea that the new gTLD process is happening much less that there could be ramifications of gTLD issuing that needs to be learned how to be resolved.”
While ICANN has released information on how to deal with the potential issues of name collisions, the document is dense and uses acronyms and jargon that may not be familiar to a less technical audience.
Dawson said that the big deal for hosting providers is that clients are going to call their web host when things break, and if hosts don’t know what is happening, they won’t have the ability to troubleshoot.
“The successful hosting providers out there, they focus on being two-steps ahead of any issues with their clients so they can build trusting relationships with them. I feel as though this particular issue is one that has flown too far under the radar and that in order to focus on awareness,” Dawson said. “What I want to do is get the word out that this could be a potential problem, not to say new gTLDs are a bad thing.”
Michele Neylon, CEO of Blacknight Solutions, a web host and domain registrar in Ireland, has been vocal on the issue of name collisions, and in a press release last month he urged IT professionals to correct potential name collision issues sooner rather than later.
“It’s that kind of weird scenario where it’s not really clear what could happen,” Neylon said. “What ICANN has been trying to do is trying to get the word out and get people to think about it, look at it, and check how things are set up. From our perspective it’s the right thing to do.”
For larger web hosts, name collisions likely won’t pose a problem because they have the resources and in-house knowledge to be aware of what is going on and impact of new gTLDs, he said.
“The reality is if you look at all of the smaller web hosts out there, they’re one or two man bands, and probably have enough clients to pay their bills but wouldn’t have the technical know-how,” he said.
According to Blacknight’s suggestions, IT professionals should monitor name services and compile a list of private TLDs used internally, and compare the list against the list of new TLD strings. From there they should create a plan to mitigate causes of leakage and prepare users for the impending change in name usage by notifying them in advance.
“The thing is that the new gTLDs are going ahead, that’s happening, but you could end up with the kind of situation where somebody’s office could just stop working,” Neylon said. “We don’t really know what could happen and that’s part of the issue.”