George.Best walks into a sex.bar, spots a bearded dwarf sysadmin and thinks: Warcraft.cool

And other stories of misconfigured DNS tomfoolery

10 Reg comments Got Tips?

Nearly 10 million locked-away domain names will be set free and go on sale over the next two months.

But before you get excited, take a look at a list of them – beware, it's a huge CSV file.

Among the very occasional gems like sex.bar, george.best or warcraft.cool, there are literally millions of utterly worthless domains like svmcggizie9zo.finance.

What is going on? Well, it's all about sysadmins and sloppy DNS work (not that any Reg readers would ever do something like poorly configure a network.)

Just before internet overlord ICANN finally gave the green light to hundreds of new generic top-level domains – from .london to .book – dot-com registry Verisign got very upset about the idea of "name collisions."

With all these new extensions unexpectedly appearing on the internet, it was all too possible that geeks at home and sysadmins across the globe who had used common words to name their networks would find their internal hostnames suddenly resolving to things on the public internet.

The results could be potentially disastrous, with data intended for internal use suddenly ending up in the wrong hands. Particularly troublesome were thought to be top-level domains like .home, .mail, .corp and so on.

SSHing or FTPing to mediabox.home, for instance, could end up sharing your username and password with a stranger who later buys mediabox.home as a domain name – unless you're absolutely careful with your DNS resolver settings.

And so over the course of a year, ICANN devised a plan to deal with the problem, and it was this:

  • Pull out the logs for hostname lookups that make it to the root servers, and find potential conflicts
  • Make those problematic lookups resolve to an unusual and safe IP address: 127.0.53.53 (the double '53' referring to DNS port 53 and hopefully acting as an eye-catching flag that something was up)
  • Keep it that way for 90 days in the hope that sysadmins find and fix any problems, and then let the domains be registered.

Those logs ended up producing what you would expect from a trawl of misdirected net traffic: a huge pile of utter nonsense, with the occasional useful one. Analysis of it however turned up some interesting things:

  • The gTLDs .corp and .home were "deferred indefinitely" due to the huge number and frequency of name collisions. They'll never be resolved by the public DNS system.
  • There were 25 applied-for generic top-level domains that had very high occurrences of collisions, and they were put in a special list. They include: .cisco, .mail, .network, .free, .comcast, .prod and .site.

Of the huge list of reserved domain names that ICANN eventually compiled, analysis by DomainIncite provided some interesting snippets:

  • The registry with the most collisions (and so most enforced redirections to nowhere) was .wow with just over 200,000. Second was .dell with 120,000. Then .host with 118,000
  • The most frequent word protected from registration was "www". Second was "2010". Third was "com". And then, in order: wpad, net, isatap, org, mail and google.

Under the rules, all these reserved domains have to be released at the same time. And so since there are a number of companies running multiple gTLDs, you can expect to see several huge dumps of domains onto the market as their 90 days end.

So, get hunting and you may get lucky. And yes, that is a sex euphemism. For some reason, a lot of the errant domain data scooped up by ICANN contained sexual references from the blunt "fuck.horse" to the wonderfully precise "massive-black-shemale-cock.best". ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020