Redirecting DNS requests can harm the Internet, says ICANN

Privacy and performance issues could arise when DNS operators substitute results for nonexistent domain requests

ICANN (Internet Corporation for Assigned Names and Numbers) on Tuesday condemned the practice of redirecting Internet users to a third-party Web site or portal when they misspell a Web address and type a domain name that does not exist.

Rather than return an error message for DNS (Domain Name System) requests for nonexistent domains, some DNS operators send back the IP (Internet Protocol) address of another domain, a process known as NXDOMAIN substitution. The target address is often a Web portal or information site.

Handling DNS requests this way has a number drawbacks that could lead to the Internet not working properly, according to ICANN.

For example, users sending e-mail to a domain that does not exist should get an immediate error message. However, if the message is redirected to a site set up to handle Web traffic, it's likely to get queued and an error message won't arrive for days, ICANN said.

Also, users will get longer response times if the site to which they're supposed to be redirected goes down.

Redirection sites are prime targets for attacks by hackers that want to send users to their own servers.

There are also privacy issues, according to ICANN. If sensitive data is redirected via a country with a different jurisdiction and local law, there could be consequences for both users and registries, it said.

ICANN, which handles assigning domain names and IP addresses, published its opinions and findings in a draft memo before the introduction of new gTLDs (generic top-level domains).

The organization discourages the practice of redirecting requests for nonexistent domains, and suggested banning it in a draft of the agreement owners of the new gTLDs would have to sign. ICANN wants domain owners wishing to redirect DNS requests to first explain why doing so won't cause any problems.

More about: ICANN, Internet Corporation for Assigned Names and Numbers, NN
References show all

Comments

1

Anonymous

Thu 26/11/2009 - 13:56

This practice should be illegal, but if that cannot be upheld by law, then ICANN should de-register DNS operators guilty of such behavior after an appropriate warning.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: DNS (Domain Name System), DNS redirecting, icann, NXDOMAIN substitution
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/150/handbrake/

HandBrake

HandBrake is an opensource tool that allows you to backup your DVDs so that you can store and watch them on your computer. Features include: ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia