Agentless Backup is Not a Myth

Millions of internet users face being locked out of popular websites unless software developers pay attention to the forthcoming explosion in new top-level domain names.

Domain name overseer ICANN told El Reg this week that developers and webmasters need to track the progress of its new gTLD programme, which is expected to start pumping out new right-of-the-dot addresses as early as the first quarter next year.

When ICANN approved its first batch of new gTLDs – such as .info and .museum – in 2000, users found that in many cases software would not recognise these new addresses as domain names. Even today, web-based registration forms will sometimes reject email addresses that end in .info and encourage folk to enter a "valid" email address instead.

Newer gTLDs, such as .xxx, which launched in December, have experienced similar teething troubles.

For example, if you type http://example.com during a Skype instant message conversation, the software will automatically render it as a clickable link. If, however, you type http://example.xxx, it will render as plain text. For several months last year some Twitter applications did not recognise .xxx as a domain.

These problems often show up because developers use string length or a hard-coded list of known TLDs to determine whether something is a domain name, according to Davies.

Because gTLDs such as .com and .org and country-codes such as .uk and .au are the most commonly used addresses, sometimes address validation algorithms are designed to reject TLDs longer than three characters. Other applications use outdated lists of TLDs that do not include recent additions.

This lack of acceptance could become even more problematic when ICANN starts approving new gTLDs such as .music, .london and .canon, and people start using them.

"If you're doing a domain check, checking for valid TLD, ask yourself why you are doing it," Davies said. "Most of the time you don't need to be doing that check at all. If you do need to do a check, the best way to do it is to use DNS. You get a response in milliseconds."

For offline applications that cannot access DNS immediately, ICANN publishes a free daily list of which TLDs are live in the internet's domain name root zone. It also has released several free reference implementations at Github.

"The technology is pretty settled, the issue now is awareness," Davies said.

Calling International Rescue

But the new gTLD programme is also going to throw up another wrinkle that could confuse developers and web masters – top-level Internationalised Domain Names (IDNs).

These are domain names that are displayed in anything other than the Latin script used in English. One Russian company, for example, plans to apply to ICANN for .ДЕТИ, which means .children.

"It's not just the .museums or .infos that need support, now it's the .chinas or domains written in Cyrillic," Davies said.

IDNs are designed to be displayed in a variety of scripts using the Unicode standard, but they are stored in the DNS as ASCII strings that begin with the prefix xn--.

Software needs to be able to translate the original-script "U-label" into the DNS-compatible "A-label" using the IDNA 2008 standard, Davies said. There are several open-source IDNA 2008 libraries developers can use, such as this one, he said.

ICANN will use its session in Costa Rica on 14 March to reach out to domain name registries, registrars and other interested parties for ideas about how to encourage acceptance. Those unable to attend in person will be able to remotely participate via the ICANN website.

"There's a notion that maybe we should keep track of notable websites and software and their level of support," Davies said. "Maybe we can find some high-value targets and make sure that key websites or key pieces of software support these TLDs."

However, Davies acknowledged that the market may take care of the problem by itself. While previous new gTLD introductions have been small enough to fly under the radar of many developers, ICANN is expecting over 1,000 applications for new gTLDs this time around.

With many of these expected to be "dot-brand" addresses owned by technology companies, awareness of the need for gTLD acceptance could spread virally quite quickly.

"With the proliferation of many more TLDs I think awareness will naturally increase," Davies said. "I think the rising tide will lift all boats." ®

Steps to Take Before Choosing a Business Continuity Partner