- Category: gTLDs, ccTLDs
- Topic: Redirection and synthesized DNS responses
- Board meeting date: 26 June 2009
- Resolution number: 2009.06.26.19, 2009.06.26.20, 2009.06.26.21, 2009.06.26.22
- URL for Board minutes/resolution: http://www.icann.org/en/minutes/resolutions-26jun09.htm
- Status: Ongoing
Summary
Board prohibited redirection and synthesizing of DNS responses by TLDs, directed staff to implement order, requested the ccNSO to report on this matter, and asked the GAC to consider it.
Text
Whereas, on 10 June 2009, the Security and Stability Advisory Committee (SSAC) has forwarded an advisory which determines that the redirection and synthesizing of DNS responses by TLDs poses a clear and significant danger to the security and stability of the domain name system.
Whereas, the topic of redirection and synthesizing of DNS responses by TLDs and TLD operators has been studied by members of the community with knowledge and expertise in this area. See:
- SAC032 "Preliminary Report on DNS Response Modification" (20 June 2008) <http://www.icann.org/committees/security/sac032.pdf>;
- RSTEP "Search.Travel RSTEP Report" (2 November 2006) <http://www.icann.org/registries/rsep/tralliance_report.pdf>;
- SAC015 "Why Top Level Domains Should Not Use Wildcard Resource Records" (10 November 2006) <http://www.icann.org/committees/security/sac015.htm>;
- SAC006 "Redirection in the COM and NET domains" (9 July 2004) <http://www.icann.org/committees/security/ssac-report-09jul04.pdf>.
Whereas, the Board recognizes that resolution of these issues would be beneficial to the security and stability of the Domain Name System.
Resolved (2009.06.26.19), that new TLDs, including ASCII and IDN gTLDs and IDN ccTLDs, should not use DNS redirection and synthesized DNS responses. Staff is directed to revise the relevant portions of the draft Applicant Guidebook to prohibit such redirection and synthesis at the top-level for new gTLDs, and to take all available steps with existing gTLDs to prohibit such use.
Resolved (2009.06.26.20), the Board further directs staff to communicate and disseminate in July 2009 the concerns regarding harm caused by the redirection and synthesizing of DNS responses with appropriate parties, including the ccNSO, ccTLD operators and the GAC, who might be able to ensure measures are taken to assure the integrity of error responses as well as name resolution for ccTLDs.
Resolved (2009.06.26.21), the Board requests that the ccNSO provide a report on mechanisms that could be employed to ensure that redirection and synthesis at the top level is effectively prohibited.
Resolved (2009.06.26.22), the Board invites the GAC to consider what measures could be taken to alleviate harm that can be caused by redirection and synthesis of DNS responses at the top level.
Implementation Actions
- Execute prohibition
- Responsible entity: Several ICANN staff departments
- Due date: None specified
- Completion date: Ongoing (Included in Final Implementation Plan for IDN ccTLD Fast Track in October 2009; implemented for gTLD registries, 4 October 2009)
- Communicate and disseminate concerns
- Responsible entity: Several ICANN staff departments
- Due date: None specified
- Completion date: Ongoing
- Provide report on mechanisms that could be employed to ensure effective prohibition
- Responsible entity: ccNSO
- Due date: None specified
- Completion date: TBD
- Consider measures to alleviate harm caused by redirection and synthesis
- Responsible entity: GAC
- Due date: None specified
- Completion date: TBD
Other Related Resolutions
- TBD
Additional Information
- No additional funding provided.
- A prohibition on wildcards has been added to the 4 November 2009 Registry Agreement, Proposed Draft (v.3) (Specification 6 of version 3 of the Registry Agreement.
- A prohibition was also added to the Final Implementation Plan for the IDN ccTLD Fast Track Process, approved 30 October 2009.
Explanatory text does not modify or override Resolutions. See Board Resolutions Page for more information.
