Editing Top-level domain (section)

==Dotless domains==
[[File:DNS schema.svg|thumb|''[[.org]][.]'' is a node in the DNS tree, just like ''wikipedia.[org.]'' and ''en.[wikipedia.org.]''. As such, it has its own [[DNS record]]s.]]
Due to the structure of [[DNS]], each node in the tree has its own collection of [[DNS record|records]], and since top-level domains are nodes in DNS, they have records of their own. For example, querying ''org'' itself (with a tool such as [[dig (command)|dig]], [[host (Unix)|host]], or [[nslookup]]) returns information on its [[nameserver]]s:

<syntaxhighlight lang="zone" highlight="1,3" style="font-size:85%">
QUESTION
org. IN ANY
ANSWER
org. 21599 IN NS a0.org.afilias-nst.info.
org. 21599 IN NS a2.org.afilias-nst.info.
org. 21599 IN NS b0.org.afilias-nst.org.
org. 21599 IN NS b2.org.afilias-nst.org.
[…]
</syntaxhighlight>

''Dotless domains'' are top-level domains that take advantage of that fact, and implement [[A record|A]], [[AAAA record|AAAA]] or [[MX record|MX]] DNS records to serve webpages or allow incoming email directly on a TLD – for example, a webpage hosted on ''<nowiki>http://example/</nowiki>'', or an email address ''user@example''.<ref name="dotless-icann">{{cite web |title=SSAC Report on Dotless Domains |publisher=[[ICANN]] |date=24 August 2012 |url=https://www.icann.org/en/public-comment/proceeding/ssac-report-on-dotless-domains-24-08-2012 |access-date=14 August 2021}}</ref>

[[ICANN]] and [[Internet Architecture Board|IAB]] have spoken out against the practice, classifying it as a security risk among other concerns.<ref>{{cite web |title=IAB Statement: Dotless Domains Considered Harmful |publisher=[[Internet Architecture Board]] |year=2013 |url=https://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/ |access-date=14 August 2021}}</ref> ICANN's Security and Stability Advisory Committee (SSAC) additionally claims that [[SMTP]] "requires at least two labels in the [[fully qualified domain name|FQDN]] of a mail address" and, as such, mail servers would reject emails to addresses with dotless domains.<ref name="dotless-icann"/>

ICANN has also published a resolution in 2013 that prohibits the creation of dotless domains on [[gTLD]]s.<ref>{{cite web |title=Approved Resolutions {{!}} Meeting of the New gTLD Program Committee |url=https://www.icann.org/en/board-activities-and-meetings/materials/approved-resolutions-meeting-of-the-new-gtld-program-committee-13-08-2013-en}}</ref> [[ccTLD]]s, however, fall largely under their respective country's [[jurisdiction]], and not under ICANN's. Because of this, there have been many examples of dotless domains on ccTLDs in spite of ICANN's vocal opposition.

As of September 2023, that is the case of:

* [[Anguilla]]'s [[.ai]], online at http://ai./ ({{webarchive|url=https://archive.today/20230122060348/http://ai/|date=22 January 2023}})<br>It simply displays a notice that the website is no longer public.
* [[Uzbekistan]]'s [[.uz]], online at https://uz./ ({{webarchive|url=https://archive.today/20230904155401/https://uz/|date=4 September 2023}})<br>It's a mirror of https://cctld.uz/, albeit with an invalid certificate.

Other ccTLDs with A or AAAA records, as of September 2023, include: [[.cm]], [[.tk]] and [[.ws]].

A similar query to ''org''{{'}}s presented above can be made for ''ai'', which shows A and MX records for the TLD:

<syntaxhighlight lang="zone" highlight="1,3" style="font-size:85%">
QUESTION
ai. IN ANY
ANSWER
ai. 21599 IN A  209.59.119.34
ai. 21599 IN MX 10 mail.offshore.ai.
ai. 21599 IN NS anycastdns1-cz.nic.ai.
ai. 21599 IN NS anycastdns2-cz.nic.ai.
ai. 21599 IN NS pch.whois.ai.
[…]
</syntaxhighlight>

Historically, many other ccTLDs have had A or AAAA records. On 3 September 2013, as reported by the [[IETF]], they were the following:<ref>{{cite news |title=Top-Level Domains That Are Already Dotless |first1=John |last1=Levine |first2=Paul |last2=Hoffman |newspaper=Ietf Datatracker |publisher=[[Internet Engineering Task Force]] |date=December 2013 |url=https://datatracker.ietf.org/doc/html/rfc7085 |access-date=14 August 2021}}</ref> [[.ac]], [[.dk]], [[.gg]], [[.io]], [[.je]], [[.kh]], [[.sh]], [[.tm]], [[.to]], and [[.vi]].

===New TLDs===
Following a 2014 resolution by ICANN, newly registered TLDs must implement the following A, MX, TXT, and SRV apex DNS records – where <code><nowiki><TLD></nowiki></code> stands for the registered TLD – for at least 90 days:<ref>{{cite web |title=Name Collision Occurrence Assessment |first=Akram |last=Atallah |publisher=[[ICANN]] |date=4 August 2014 |url=https://newgtlds.icann.org/sites/default/files/agreements/name-collision-assessment-04aug14-en.htm |access-date=17 August 2021}}</ref>

<syntaxhighlight lang="zone" style="font-size:85%">
<TLD>. 3600 IN MX  10      your-dns-needs-immediate-attention.<TLD>.
<TLD>. 3600 IN SRV 10 10 0 your-dns-needs-immediate-attention.<TLD>.
<TLD>. 3600 IN TXT         "Your DNS configuration needs immediate attention see https://icann.org/namecollision"
<TLD>. 3600 IN A           127.0.53.53
</syntaxhighlight>

This requirement is meant to avoid domain name collisions when new TLDs are registered. For example, programmers may have used custom local domains such as ''foo.bar'' or ''test.dev'', which would both collide with the creation of gTLDs [[.bar]] in 2014 and [[.dev]] in 2019.

While this does create apex DNS records of type A and MX, they do not qualify as a dotless domain, as the records should not point to real servers. For instance, the A record contains the IP 127.0.53.53, a loopback address (see [[IPv4#Addressing|IPv4 § Addressing]]), picked as a mnemonic to indicate a DNS-related problem, as [[List of TCP and UDP port numbers|DNS uses port 53]].<ref>{{cite web |title=Name Collision Resources & Information |publisher=[[ICANN]] |url=https://www.icann.org/resources/pages/name-collision-2013-12-06-en |access-date=17 August 2021}}</ref>