Wildcarding

Wildcarding is a type of non-existent domain substitution (NXDOMAIN substitution) or DNS redirection that can be utilized at the registry level to redirect users when a site does not exist instead of taking the user to an error page. Wildcard functions are often denoted by a special character such as an asterisk. ICANN and the Security and Stability Advisory Committee (SSAC) view wildcarding as a "destabilizing practice."

Public Perception
Previously attempted wildcarding services, such as Verisign's Sitefinder, were harshly censured by both ICANN and users. Public perception is not in favor of any kind of registry level wildcarding or NXdomain substitution service. However, wildcarding or redirecting on individual site levels is not viewed with such vehement opposition, although it is not encouraged.

Outcome
The outcome of DNS wildcarding on a registry level is confusion and a failure to return the appropriate error messages, which can cause problems for incorrectly addressed emails. At an individual site level, it is less problematic.

Historical Use
Wildcarding allows registry operators to direct traffic from pages that do not exist to other pages of their choosing by introducing a wildcard DNS record into their DNS zone files.
 * A notable example of wildcarding was Verisign's Sitefinder, which generated an immediate response from the Internet community and brought the issue into the public eye in 2003. Essentially, Sitefinder was the website that all non-valid, typed-in URLs in the .com and .net domains were redirected to. This wildcarding service allowed Verisign to potentially profit from domains that were not registered and did not return any error messages as each URL that could not be found was redirected to Sitefinder. The service was quickly shut down. A report by ICANN's SSAC found that as a result of Verisign's Sitefinder: "certain e-mail systems, spam filters and other services failed resulting in direct and indirect costs to third parties."

General Views

 * ICANN and SSAC have made recommendations against the practice of DNS wildcarding at the registry level.


 * An ICANN document released in 2009 stated that "ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in new and existing gTLDs and ccTLDs and any other level in the DNS tree for registry-class domain names."
 * Additionally, if a registry operator wishes to provide a wildcarding service or a service that involves NXdomain substitution at the registry level, a comprehensive plan for the service must be submitted for "global public scrutiny" before execution.

Registry Agreement
"'DNS Resources Records or using redirection within the DNS by the Registry is prohibited. When queried for such domain names the authoritative name servers must return a “Name Error” response (also known as NXDOMAIN).'"
 * DNS wildcarding is prohibited in the 2013 Registry Agreements (RAs) signed by all new gTLD applicants:

Name Collision Mitigation Report

 * A report released by JAS Global Advisors in February 2014 regarding the new gTLD program and the risk of name collision recommended that ICANN temporarily relax its prohibition on TLD-level wildcarding. Wildcarding at the registry level could in theory help registries and IT professionals identify and address name collision risks before the TLDs are launched and available to the public.
 * Read the Name Collision Mitigation Report
 * The public comment period on this report is set to remain open until April 21.

Legislation
There is no legislation that addresses wildcarding at this time.

DNS Award
Awardees do not redirect and confuse users with unnecessary or deceptive wildcarding. Other uses of wildcarding may be compatible the best practices set up by the award, especially any ICANN mandated use of wildcarding such as what has been suggested within the new gTLD program.

Additional Resources

 * For more information on Verisign's Sitefinder Program, read the SSAC's Report on Redirections in the Com and Net Domains
 * In reference to wildcarding and the new gTLD program, see ICANN's New gTLD Program Explanatory Memorandum: Harms Caused by NXDOMAIN Substitution in Top-level and Other Registry-class Domain Names

Related Article

 * 2013 Registry Agreement