Daiki Ito
Yuta Takata
ABSTRACT
Traditionally, top-level domains (TLDs) are managed by the Internet corporation for assigned names and numbers (ICANN), and the domain names under them are managed by registrars. Against such a centralized management, a blockchain naming service (BNS) has been proposed to manage TLDs on blockchains without authority intervention. BNS users can register TLD strings as non-fungible tokens and manage the TLD root zone. However, such a decentralized management results in the introduction of a new security issue, BNS TLD name collision, wherein the same TLD is registered in several different BNSs. In this study, we investigated BNS TLD name collisions by analyzing TLDs registered on two BNSs: Handshake and Decentraweb. Specifically, we collected TLDs registered in Handshake and Decentraweb and the associated data, and analyzed the data registration status of BNS TLDs and BNS TLD name collisions. The analysis of 11,595,406 Handshake and 11,889 Decentraweb TLDs revealed 6,973 BNS TLD name collisions. In particular, lastname TLDs, which are intended for use as person names, yielded a large number of registered domain names. In addition, the analysis identified 10 name collisions between the BNS and operational ICANN TLDs. Further, the ICANN TLD candidates under review also had name collisions against the BNS TLDs. Consequently, based on the characteristics of these name collisions and discussions in BNS communities, we considered countermeasures against BNS TLD name collisions. For the further development of BNSs, we believe that it is essential to discuss with the existing Internet communities and coexist with the existing Internet.
Supplemental Material
- 2021. Handling ICANN Strings in Hard Fork. https://github.com/handshake-org/hsd/issues/649.Google Scholar
- 2023. Butterfly Protocol. https://www.butterflyprotocol.io/.Google Scholar
- 2023. CoinGecko. https://www.coingecko.com/ja.Google Scholar
- 2023. D&B Hoovers. https://www.dnb.com/products/marketing-sales/dnb-hoovers.html.Google Scholar
- 2023. Decentraweb. https://dns.decentraweb.org/.Google Scholar
- 2023. Decentraweb JavaScript SDK. https://github.com/decentraweb/decentrawebjs.Google Scholar
- 2023. Decentraweb JSON Reserve List. https://github.com/decentraweb/reserve-list.Google Scholar
- 2023. EmerDNS. https://emercoin.com/emerdns.Google Scholar
- 2023. Ethereum Name Service. https://ens.domains/.Google Scholar
- 2023. Handshake. https://handshake.org/.Google Scholar
- 2023. Handshake Developer Documentation. https://hsd-dev.org/.Google Scholar
- 2023. Handshake DNS: Adding DNS records to domains in Namebase. https://learn.namebase.io/starting-from-zero/how-to-add-dns-records.Google Scholar
- 2023. handshake-names. https://github.com/handshake-org/hs-names.Google Scholar
- 2023. Handshake WhitePaper. https://handshake.org/files/handshake.txt.Google Scholar
- 2023. How to Claim a Name. https://hsd-dev.org/guides/claims.html.Google Scholar
- 2023. Namecoin. https://www.namecoin.org/.Google Scholar
- 2023. NFTPort. https://www.nftport.xyz/.Google Scholar
- 2023. OpenNIC Project. https://www.opennic.org/.Google Scholar
- 2023. Superlink. https://superlink.me/.Google Scholar
- 2023. Tranco list. https://tranco-list.eu/.Google Scholar
- 2023. Unstoppable Domains. https://unstoppabledomains.com/.Google Scholar
- A. Allemann. 2022. Update: Unstoppable Domains sues over Handshake .wallet domain. https://domainnamewire.com/2022/07/20/update-unstoppable-domains-sues-over-handshake-wallet-domain/.Google Scholar
- Fran Casino, Nikolaos Lykousas, Vasilios Katos, and Constantinos Patsakis. 2021. Unearthing malicious campaigns and actors from the blockchain DNS ecosystem. Computer Communications 179 (2021), 217--230.Google ScholarDigital Library
- Qi Alfred Chen, Eric Osterweil, Matthew Thomas, and Z. Morley Mao. 2016. MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, and Z. Morley Mao. 2017. Client-side Name collision vulnerability in the New gTLD Era: A systematic study. In ACM SIGSAC Conference on Computer and Communications Security (CCS).Google Scholar
- IANA. 2023. tlds-alpha-by-domain.txt. http://data.iana.org/TLD/tlds-alpha-by-domain.txt.Google Scholar
- ICANN. 2001. Keeping the Internet a Reliable Global Public Resource: Response to New.net Policy Paper. https://archive.icann.org/en/icp/icp-3-background/response-to-new.net-09jul01.htm.Google Scholar
- ICANN. 2013. Guide to Name Collision Identification and Mitigation for IT Professionals. https://www.icann.org/en/system/files/f iles/name-collision-mitigation-05dec13-en.pdf.Google Scholar
- ICANN. 2013. Name Collision Resources & Information. https://www.icann.org/resources/pages/name-collision-2013--12-06-en.Google Scholar
- ICANN. 2014. Guide to Name Collision Identification and Mitigation for IT Professionals. https://www.icann.org/en/system/files/f iles/name-collision-mitigation-01aug14-en.pdf.Google Scholar
- ICANN. 2014. Name Collision Occurence Management Framework. https://www.icann.org/en/system/files/files/name-collision-framework-30jul14-en.pdf.Google Scholar
- ICANN. 2023. About the New gTLD Program. https://newgtlds.icann.org/en/about/program.Google Scholar
- ICANN. 2023. New gTLD Current Application Status. https://gtldresult.icann.org/applicationstatus/viewstatus.Google Scholar
- Interisle Consulting Group, LLC. 2013. Name Collision in the DNS. https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf.Google Scholar
- JPCERT/CC. 2023. JPCERT Coordination Center. https://www.jpcert.or.jp/english/.Google Scholar
- JPNIC. 2015. Appendix1: IP address and domain name. https://www.nic.ad.jp/timeline/en/20th/appendix1.html.Google Scholar
- Harry Kalodner, Miles Carlsten, Paul Ellenbogen, Joseph Bonneau, and Arvind Narayanan. 2015. An empirical study of Namecoin and lessons for decentralized namespace design. In Workshop on the Economics of Information Security (WEIS).Google Scholar
- Audrey Randall, Wes Hardaker, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman. 2022. The Challenges of Blockchain-Based Naming Systems for Malware Defenders. In APWG Symposium on Electronic Crime Research (eCrime).Google Scholar
- Tripti Sinha. 2023. ICANN Board Accepts Next Round Implementation Plan from ICANN Org. https://www.icann.org/en/blogs/details/icann-board-accepts-next-round-implementation-plan-from-icann-org-31-07--2023-en.Google Scholar
- Unstoppable Domains. 2022. Why we're no longer offering .coin. https://unstoppabledomains.com/blog/categories/announcements/article/coin.Google Scholar
- Pengcheng Xia, Haoyu Wang, Zhou Yu, Xinyu Liu, Xiapu Luo, Guoai Xu, and Gareth Tyson. 2022. Challenges in Decentralized Name Management: The Case of ENS. In ACM SIGCOMM Conference on Internet Measurement Conference (IMC).Google ScholarDigital Library
- Zonefiles. 2023. All active domain lists. https://zonefiles.io/all-registered-domains/.Google Scholar
Index Terms
- Investigations of Top-Level Domain Name Collisions in Blockchain Naming Services
Recommendations
The Good and the Bad of Top-Level Domains
ICANN has recently announced an "open season" on top-level domains, to start some time in 2009. This will dramatically expand the namespace for Internet domain names, and will allow cities, industries, and companies to register specific top-level ...
Domain name registrars: are they part of the domain name fraud problem?
InfoSecCD '06: Proceedings of the 3rd annual conference on Information security curriculum developmentDomain names are a hot commodity. A simple Google search on the phrase "domain name buying and selling" yields 17,000,000 results, with eight sponsored links on the right column. The rise in domain name commerce has resulted in an abundance of frauds ...
Comments