Redirecting DNS requests can harm the internet, says ICANN

ICANN (Internet Corporation for Assigned Names and Numbers) on Tuesday condemned the practice of redirecting Internet users to a third-party web site or portal when they misspell a web address and type a domain name that does not exist.

Rather than return an error message for DNS (Domain Name System) requests for nonexistent domains, some DNS operators send back the IP (Internet Protocol) address of another domain, a process known as NXDOMAIN substitution. The target address is often a web portal or information site.

Handling DNS requests this way has a number drawbacks that could lead to the internet not working properly, according to ICANN.

For example, users sending email to a domain that does not exist should get an immediate error message. However, if the message is redirected to a site set up to handle web traffic, it's likely to get queued and an error message won't arrive for days, ICANN said.

Also, users will get longer response times if the site to which they're supposed to be redirected goes down.

Redirection sites are prime targets for attacks by hackers that want to send users to their own servers.

There are also privacy issues, according to ICANN. If sensitive data is redirected via a country with a different jurisdiction and local law, there could be consequences for both users and registries, it said.

ICANN, which handles assigning domain names and IP addresses, published its opinions and findings in a draft memo before the introduction of new gTLDs (generic top-level domains).

The organisation discourages the practice of redirecting requests for nonexistent domains, and suggested banning it in a draft of the agreement owners of the new gTLDs would have to sign. ICANN wants domain owners wishing to redirect DNS requests to first explain why doing so won't cause any problems.