Feeds

Dot-brand explosion will shell-shock lazy coders - ICANN

Devs urged to swot up on parsing new domain extensions

High performance access to file storage

Millions of internet users face being locked out of popular websites unless software developers pay attention to the forthcoming explosion in new top-level domain names.

Domain name overseer ICANN told El Reg this week that developers and webmasters need to track the progress of its new gTLD programme, which is expected to start pumping out new right-of-the-dot addresses as early as the first quarter next year.

Kim Davies, ICANN's manager of root zone services, said that the organisation is planning a brainstorming session at its public meeting in Costa Rica next month to figure out ways to encourage the "universal acceptance" of gTLDs.

When ICANN approved its first batch of new gTLDs – such as .info and .museum – in 2000, users found that in many cases software would not recognise these new addresses as domain names. Even today, web-based registration forms will sometimes reject email addresses that end in .info and encourage folk to enter a "valid" email address instead.

Newer gTLDs, such as .xxx, which launched in December, have experienced similar teething troubles.

For example, if you type http://example.com during a Skype instant message conversation, the software will automatically render it as a clickable link. If, however, you type http://example.xxx, it will render as plain text. For several months last year some Twitter applications did not recognise .xxx as a domain.

These problems often show up because developers use string length or a hard-coded list of known TLDs to determine whether something is a domain name, according to Davies.

Because gTLDs such as .com and .org and country-codes such as .uk and .au are the most commonly used addresses, sometimes address validation algorithms are designed to reject TLDs longer than three characters. Other applications use outdated lists of TLDs that do not include recent additions.

This lack of acceptance could become even more problematic when ICANN starts approving new gTLDs such as .music, .london and .canon, and people start using them.

"If you're doing a domain check, checking for valid TLD, ask yourself why you are doing it," Davies said. "Most of the time you don't need to be doing that check at all. If you do need to do a check, the best way to do it is to use DNS. You get a response in milliseconds."

For offline applications that cannot access DNS immediately, ICANN publishes a free daily list of which TLDs are live in the internet's domain name root zone. It also has released several free reference implementations at Github.

"The technology is pretty settled, the issue now is awareness," Davies said.

Calling International Rescue

But the new gTLD programme is also going to throw up another wrinkle that could confuse developers and web masters – top-level Internationalised Domain Names (IDNs).

These are domain names that are displayed in anything other than the Latin script used in English. One Russian company, for example, plans to apply to ICANN for .ДЕТИ, which means .children.

"It's not just the .museums or .infos that need support, now it's the .chinas or domains written in Cyrillic," Davies said.

IDNs are designed to be displayed in a variety of scripts using the Unicode standard, but they are stored in the DNS as ASCII strings that begin with the prefix xn--.

Software needs to be able to translate the original-script "U-label" into the DNS-compatible "A-label" using the IDNA 2008 standard, Davies said. There are several open-source IDNA 2008 libraries developers can use, such as this one, he said.

ICANN will use its session in Costa Rica on 14 March to reach out to domain name registries, registrars and other interested parties for ideas about how to encourage acceptance. Those unable to attend in person will be able to remotely participate via the ICANN website.

"There's a notion that maybe we should keep track of notable websites and software and their level of support," Davies said. "Maybe we can find some high-value targets and make sure that key websites or key pieces of software support these TLDs."

However, Davies acknowledged that the market may take care of the problem by itself. While previous new gTLD introductions have been small enough to fly under the radar of many developers, ICANN is expecting over 1,000 applications for new gTLDs this time around.

With many of these expected to be "dot-brand" addresses owned by technology companies, awareness of the need for gTLD acceptance could spread virally quite quickly.

"With the proliferation of many more TLDs I think awareness will naturally increase," Davies said. "I think the rising tide will lift all boats." ®

High performance access to file storage

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month
... but don't worry, charter members, you're still in 'for life'
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.