Wildcarding is a type of non-existent domain substitution (NXDOMAIN substitution) or DNS redirection that can be utilized at the registry level to redirect users when a site does not exist instead of taking the user to an error page. Wildcard functions are often denoted by a special character such as an asterisk. ICANN and the Security and Stability Advisory Committee (SSAC) view wildcarding as a "destabilizing practice."
Previously attempted wildcarding services, such as Verisign's Sitefinder, were harshly censured by both ICANN and users. Public perception is not in favor of any kind of registry level wildcarding or NXdomain substitution service. However, wildcarding or redirecting on individual site levels is not viewed with such vehement opposition, although it is not encouraged.
The outcome of DNS wildcarding on a registry level is confusion and a failure to return the appropriate error messages, which can cause problems for incorrectly addressed emails. At an individual site level, it is less problematic.
- A notable example of wildcarding was Verisign's Sitefinder, which generated an immediate response from the Internet community and brought the issue into the public eye in 2003. Essentially, Sitefinder was the website that all non-valid, typed-in URLs in the .com and .net domains were redirected to. This wildcarding service allowed Verisign to potentially profit from domains that were not registered and did not return any error messages as each URL that could not be found was redirected to Sitefinder. The service was quickly shut down. A report by ICANN's SSAC found that as a result of Verisign's Sitefinder: "certain e-mail systems, spam filters and other services failed resulting in direct and indirect costs to third parties."
- ICANN and SSAC have made recommendations against the practice of DNS wildcarding at the registry level.
- An ICANN document released in 2009 stated that "ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in new and existing gTLDs and ccTLDs and any other level in the DNS tree for registry-class domain names."
- Additionally, if a registry operator wishes to provide a wildcarding service or a service that involves NXdomain substitution at the registry level, a comprehensive plan for the service must be submitted for "global public scrutiny" before execution.
- DNS wildcarding is prohibited in the 2013 Registry Agreements (RAs) signed by all new gTLD applicants:
"DNS Resources Records or using redirection within the DNS by the Registry is prohibited. When queried for such domain names the authoritative name servers must return a “Name Error” response (also known as NXDOMAIN)."
Name Collision Mitigation Report
- A report released by JAS Global Advisors in February 2014 regarding the new gTLD program and the risk of name collision recommended that ICANN temporarily relax its prohibition on TLD-level wildcarding. Wildcarding at the registry level could in theory help registries and IT professionals identify and address name collision risks before the TLDs are launched and available to the public.
There is no legislation that addresses wildcarding at this time.
- For more information on Verisign's Sitefinder Program, read the SSAC's Report on Redirections in the Com and Net Domains
- In reference to wildcarding and the new gTLD program, see ICANN's New gTLD Program Explanatory Memorandum: Harms Caused by NXDOMAIN Substitution in Top-level and Other Registry-class Domain Names
- 2013 Registry Agreement
- SAC 015 | Why Top Level Domains Should Not Use Wildcard Resource Records, Internet Corporation for Assigned Names and Numbers (ICANN)
- Will ICANN Ban Top Level DNS Wildcarding? by M. Edwards, Windows IT Pro
- ICANN Slams DNS Redirection: Calls such efforts a 'destabilizing practice' by Karl Bode (November 25, 2009), DSLreports.com
- Wildcard DNS, What is it and How Do I Use it?, HostGator
- SSAC Report: Redirections in the Com and Net Domains (PDF), ICANN
- ICANN condemns registry DNS redirection by Dan Goodin (November 25, 2009), The Register
- Icann security group calls for end to 'wildcarding' by Phil Muncaster (June 23, 2009), v3.co.uk
- ICANN's New gTLD Program Explanatory Memorandum: Harms Caused by NXDOMAIN Substitution in Top-level and Other Registry-class Domain Names (PDF), ICANN
- New gTLD Applicant Guidebook, ICANN
- Mitigating the Risk of DNS Namespace Collisions (PDF), ICANN
- Delays still dog many new gTLD applicants by Kevin Murphy (March 3, 2014), Domain Incite