Late last week ICANN released a report, Name Collision Identification and Mitigation for IT Professionals, to help decrease the new domain collision potential. The report addresses the way IT professionals can proactively counter name collision problems by learning to identify the possibilities of collision early and develop an internal network that functions in a manner that is less likely to produce collisions.
What does that all mean, how does it affect you, and what are the guidelines? Here’s the breakdown:
What is a name collision?
For a really thorough background on name collisions, and an awesome example using Nic Cage, John Travolta, and Vanilla Ice (word to your motha!), read our previous explanation.
For something a little more concise:
Basically, a name collision is when a private network domain collides with a domain in the global domain name server (DNS). Private network namespaces include namespaces that branch off of the DNS, namespaces that use their own roots for private TLDs, and namespaces that are created through search lists.For example, if I were to set up a local domain, group.HOME, that every person in my network can use to access our group homepage, that domain will now have a global DNS equivalent with www.group.home, since .HOME will soon be an actual top-level domain option.
What’s the problem?
Of course, what experts are worried about here is the possibility of networks not being able to tell the difference between the two names, of private name spaces leaking into the global DNS, or vice versa, of information getting sent to the wrong places, or the possibility of black-hat users being able to more easily set up doppleganger sites that can pose as network sites to trick users.
Name collisions have been in the periphery for quite a while—.XXX had a high risk of name collision possibilities, for example. But with the addition of so many new TLDs to the root zone, ICANN decided to take a closer look.
Although the effects of name collisions are expected to be very minimal and probably not ever affect the majority of users and corporate networks, If you use “fake” top-level domains in your private network, or if you’re an IT professional, the guidelines are worth a closer look.
The proposed IT guidelines
ICANN studied the problem of name collision for over three years, and came up with this list that IT professionals can use to protect their networks from the possibility of name collisions. Because name collisions are better prevented than fixed after the fact, many of the guidelines are proactive.
- The first step is of course to collect a list of all the private TLDs your network uses and compare that list to the list of new TLDs. If you find matches, you’ll know where to focus your efforts for collision avoidance.
- Create an in-house plan to decrease the causes of name collisions, including the possibility of private namespace name changes or the elimination of private TLDs altogether. If your network uses a TLD that is in the list of new TLDs, the best prevention of collision is not better firewalls or more thorough employee training, but removing the possibility all together.
- Monitor the requests coming into the authoritative nameservers through logging, firewall detection software or a capture program, create an inventory of each system, determine where your global DNS nameservers are administered, and watch the activity of old nameservers, if you switch to new methods to avoid collision. The act of simply watching a network and the way it interacts with the DNS helps prevent collision and stop collisions quickly when they occur.
- Train users in your network if there is a possibility of name collision and you choose to change internal name spaces so they’ll be active in using the new name spaces and avoiding duplication.
Chances are these are the straightforward and simple actions you would already follow as an IT professional or network administrator, but there’s a chance to build on this knowledge as the steps are explained in more detail. ICANN has offered support for IT professionals on the ICANN name collision webpage.
To view the complete list of new domains, and to follow new domains that interest you, sign up for our free watcher service.