Re: ICANN opens up Pandora's Box of new TLDs

[Phil Regnauld <regnauld () catpipe net>]

Matthew Petach (mpetach) writes:
> If they simply use "smtp" as the hostname, most of the
> current resolver libraries will append the local domain
> name, so that instead of reaching my A record for smtp,
> they'll end up trying to reach smtp.their.domain.

        Actually, that's a good point -- although it will try first with
        the domains specified in the search list first.
        
        So I wouldn't worry too much about this kind of thing.

        But considering the amount of flag waving and "Caution: Wet
        Floor" signs ICANN placed when it rolled out something has
        harmless as the IDN tests in the root, I'm surprised that they
        haven't thought about all the non-FQDNs that will suddenly
        resolve, including all the private TLDs that people use
        internally.  It's bad practice, and isn't recommended anyway,
        but I do expect it will cause many more fun (read: annoying)
        calls to helpdesks of the sort "where did my mail go ?".
        And mail won't be the only thing.

> Will operating system manufacturers release updated
> resolver libraries that no longer assume that single
> token names should have the local domain attached?

        I know a lot of mail clients that won't accept to send
        mail to user@tld, but they certainly will accept user@smtp
        as the outgoing mail name.  Luckily, that will match the
        search list as well first.

> Or should I always ensure that resolvers reach my
> domain explicitly by including the trailing "dot" in
> all uses, so that my email would be given out as
> "myname@smtp." in the hopes that everyone would
> correctly remember to add the "." at the end when
> entering my email address into their mail clients?

        A fair number will barf on this (for now).

> Or does the current resolver logic already handle
> these cases (check root, work your way down
> stopping at the first match found; if you run out
> of tokens in the string being resolved, append the
> local domain name to the string and start the process
> over)?

        The other way around.  And if I ping 'dk', my resolver
        stops after "catpipe.net" and my other private domain.
        It doesn't try "dk.", even though dk. has an A record
        associated with it.  I get NXDOMAIN.

> Simply looking to solidify my understanding of how
> these new names would resolve.

        Not too many problems, I think, except for resolver
        libraries that fail to find the name in the domains
        listed in the search list, and continue to '.'.
        
        It's not standard practice though.

        Phil