back to article Dot-brand explosion will shell-shock lazy coders - ICANN

Millions of internet users face being locked out of popular websites unless software developers pay attention to the forthcoming explosion in new top-level domain names. Domain name overseer ICANN told El Reg this week that developers and webmasters need to track the progress of its new gTLD programme, which is expected to …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    I have an alternative proposal: screw ICANN

    Let's all just agree to ignore ICANN and it's pathetic attempts to screw up the whole DNS system in order to make some easy money for itself.

    We don't "need" to do a damn thing about the new gTLD programme.

    1. Anonymous Coward

      Better still - screw DNS

      Rather than "Screw ICANN", what about we screw DNS? - or rather, create an alternative that can be used in parallel.

      Consider all the "OMFG We must block <domain> FER DER CHILDRENZ!" and "We must block <domain> to protect this business". DNS is a single point of failure.

      What if we take the distributed hash table idea, as used in the newer versions of the Bittorrent protocol, and use that to locate resources - in other words, isn't it about time we move to Tim Berners-Lee's idea of Uniform Resource Identifiers (URI) rather than Uniform Resource Locators (URL) - why not specify WHAT we want, not WHERE we want?

      Now, I am not saying "punt DNS and go DHT" - DHT is chatty, can be slower than DNS, etc. But what if we established a standard for using DHT to resolve URIs, and modified the resolver libraries to look for domain names in DHT *in parallel with* DNS? Also, what if we move up the stack, and let clients look for URI's as well as URLs in DHT, again in parallel with DNS?

  2. Patrick O'Reilly


    It's been months and my system still can't whois the .xxx domain. This'll happen all over the place with dotBrand

  3. Anonymous Coward
    Anonymous Coward

    Lazy coders would have to be filtering/regexing the hundreds of existing TLDs in their code for this to occur, which wouldn't be very lazy at all thus making this a non-story...

    What is the tld prefix in a URL even useful for? It's only attribute is supposed to be indicating locality, which it fails to do thanks to all the domain hacks out there. Or does everyone really associate with Libya?

    "Millions of internet users face being locked out".

    HOW? Are you honestly telling me that web browsers couldn't possibly comprehend a new TLD? That's odd because I just add smelly.farts to my hosts file for a local server and - lo' and behold - Chrome and Firefox both navigate there successfully!

    1. Anonymous Coward
      Anonymous Coward


      I think the author is talking about email address & domain validation, both very common in commenting systems, online registrations, etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: HOW?

        Even if your validating, checking the TLD won't prove anything. You'll still have to perform some sort of web request to work out if the address is valid, and both and me@thisisnotadomain.farts will fail to validate.

        1. J.G.Harston Silver badge

          Re: Re: HOW?

          The only validating you should do is "exactly one @" and "at least one . after the @". Absolutely NOTHING else.

          1. Redbaron

            Re: Re: Re: HOW?

            Exactly! My email address is (for non-x values of x, obviously), and it seems half the website contact forms out there won't accept it.

            They do, of course, accept invalid@email.address, and I put my real address in the comment. Or just boycott them for reasons of technical ineptitude.

      2. Ken Hagan Gold badge

        Re: HOW?

        The author, or the ICANN rentagob, is still implying that whoever wrote that email validation system is explicitly parsing out the TLD and comparing it with the well-over-a-hundred currently existing TLDs. Either that, or we are dealing with something that was broken the day it was written, which is rather more likely.

        So ... we have loads of code out there that *never* worked properly but people were prepared to put it on production systems anyway. And ICANN think that by raising awareness of gTLDs, these same people are suddenly going to think "Gosh, I must *now* fix my code so that I don't exclude the 6 billion people I've been ignoring all these years.".

        Unlikely, IMHO.

    2. Anonymous Coward
      Anonymous Coward

      Actually coders do need to look at the tld

      The various web browser security models (and some other protocols) rely on being able to distinguish the "public" bit of a host name from the registered bit. For example, browsers have to know that "a" is the registered domain in,,,, etc., etc.

      The only way to do this is to code a big long list of top-level domains and other oddities (like This is retarded, but we're stuck with it, and a DNS query (as suggested in the article) does not solve the problem.

      Adding even more top level domains with arbitrary sub-domain policies is making the problem even worse.

      1. Ken Hagan Gold badge

        Re: Actually coders do need to look at the tld

        I'll bite. I can well imagine that an end-user might tell the system to trust "*" or distrust "*.mil", but those don't require any understanding of who the DN belongs to.

        You seem to be implying that the browser comes built-in with its own ideas about who is trustworthy and that this idea is based on a distinction in trustworthiness between governments, registrars and everyone else. That sounds pretty retarded to me. Care to name names about the browsers in question?

        1. Anonymous Coward
          Anonymous Coward

          @Ken Hagan

          You are completely missing the point. The browser is not choosing to trust different tlds differently; the browser needs to know which bit of the tld belongs to the registrar and which bit belongs to the registrant.

          For example, cookies can be shared between "" and "" but can't be shared between "" and "". The browser has to know the difference.

  4. Ian Ferguson

    These problems are exactly why the TLD explosion is a stupid idea. It was ICANN's responsibility to manage addresses, and they've failed.

  5. David Given

    Given that this extra TLDs will turn into instant internet slums in exactly the same way that .info and .biz did, I can't imagine anyone really *caring*.

  6. Anonymous Coward
    Anonymous Coward

    To really cause some fun

    Register the .local or .root gTLDs :-)

    1. Tom Chiverton 1

      Re: To really cause some fun

      They've though of that ya know...

  7. Tom Chiverton 1

    About 30% of retail sites I come across wont even believe you can have a + in the left hand side, so there is much work to do.

    1. Nuno

      The bigger fail is

      allowing non latin characters on the domain.

      You see a domain printed on some magazine, you want to visit that domain, but you don't have a clue on how to do it.

      Of course you can argue that, for example, people living in Russia already had to use latin characters to use the web. But they already do it! And they can reach ALL the internet using them. They can even reach chinese and japanese web sites...

  8. Dom 3

    Lazy coders...

    Lazy coders copy and paste someone else's regex without having a Scooby what it's actually doing. And there's lots of regex examples kicking about the web that assume a maximum of three characters for the TLD.

  9. The FunkeyGibbon

    If ICANN are so concerned...

    ....why not hire a bunch of coders to write a few code libraries for parsing their new gTLDs and then release it under a GUN licence? That'd be the non-lazy way of dealing with the issue, rather than blaming everybody else for not instantly responding to your money making scheme.

    Besides as David Given points out, when was the last time you typed .biz in ANYWHERE? I can imagine that the only people who are going to buy the vast majority of these domains are cyber-squatters who think they can make a buck and companies trying to protect their brand.

    1. VinceH

      Re: If ICANN are so concerned...

      A GUN licence? "You will use our libraries or we will shoot you in the head." :p

      1. Anonymous Coward

        GUN license

        I think that's Eric Smith Raymond's favorite license....

        The NRA life member one, please

    2. Anonymous Coward
      Anonymous Coward

      Re: If ICANN are so concerned...

      .biz always makes me think of baby poo... :-o

  10. Storage_Person

    Millions of Internet Users?

    These millions of internet users, they'll be the ones who don't have an email address under the current TLDs but will immediately use the new TLDs when they become available?

    And with the costs involved in picking up a new TLD I can't imagine that these .coke and whatever addresses will be used for anything more than microsites and similar web-based marketing attempts for massive companies that already have very well-established internet presences.

    I'm not seeing this as being anywhere near the issue that people are talking about...

  11. Anonymous Coward
    Anonymous Coward

    I must insist...

    "you must enter a 'valid' domain name".

    After all, aren't those domain name validators supposed to keep the crap away? they do!

  12. Gannon (J.) Dick

    When all hope is lost ...

    ... read the directions.

This topic is closed for new posts.

Other stories you might like