<div id="doctitle">
<p class="title">Harms and Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar Technologies) at Registry Level</p>
<p class="docdate">24 November 2009</p>
</div>
<p> This <a href="http://www.icann.org/en/topics/new-gtlds/nxdomain-substitution-harms-24nov09-en.pdf">explanatory
                memorandum</a> describes the harms and concerns posed
        by NXDOMAIN substitution (commonly implemented by the use of DNS wildcard)
        at the registry level. The paper is a collection of the findings published
by experts on the subject.</p>
<p> On 10 June 2009, the Security and Stability Advisory Committee (SSAC)
        published an advisory stating that the redirection and synthesizing of
        DNS responses (e.g., DNS wildcard) by TLDs poses a clear and significant
        danger to the security and stability of the Domain Name System.</p>
<p> At its public meeting in Sydney in June 2009, the ICANN Board of Directors
        resolved that new top-level domains should not use DNS redirection and
        synthesizing of DNS responses.</p>
<p> In response to the Board resolution, ICANN staff included a prohibition
        against redirection and synthesizing of DNS responses in the draft Registry
        Agreement for new gTLDs. ICANN also included a similar commitment as part
        of the request for new IDN ccTLDs in the proposed Terms and Conditions
        and in the three proposed relationship options between ICANN and the IDN
        ccTLD manager.</p>
The Board also directed ICANN staff to report on the harms and concerns
posed by the use of redirection and synthesizing of DNS responses; collectively,
NXDOMAIN substitution.