The “Top Level Domains” also called TLD or extensions, are defined by the IANA (Internet Assigned Numbers Authority) which depends on ICANN since 1998.
ICANN and IANA are in charge of allocating Internet protocol (IP) addresses space, assigning protocol identifiers and managing the top level domain names system, i.e. the “Top Level Domains”.
Find out in this “5 minutes to understand” document, available for download on the Nameshield’s website, the different types of top level domains.
Initially scheduled to take place in Cancun, Mexico, like ICANN67 , the recent summit on Internet governance was once again held entirely by videoconference due to the global health situation. The PDPs, the Policy Development Processes, were the main thread of this summit.
The PDP, Policy Development Process, is the central community mechanism used by the Generic Names Supporting Organization (Gnso), the body responsible for policy developments on generic domain names, to propose new requirements and revise existing rules to update them. Each PDP results in a series of reports that are ultimately forwarded to the ICANN Board of Directors, which decides on the fate of the recommendations they contain.
News on the PDP of the new generic extensions
It is with this mechanism that ICANN launched a program of new generic extensions that led to 1930 applications in Spring 2012 and 1233 delegated extensions by the end of 2020. The opportunity to consider a new round of applications was materialized by a PDP initiated by Gnso in late 2015. Five years later, this process to review and improve the Gnso recommendations for the 2012 cycle has entered its final stretch. It is now up to the ICANN Board to decide on the recommendations of the working groups that worked on this PDP. The Board of Directors should launch a last phase of consultations of the community before pronouncing on the continuation of their works. The community was expecting an announcement at this summit or perhaps even a timetable to mark out the next steps until the next round of applications, but we have to admit that hopes have been dashed. Indeed, no announcements were made, even though we know that the prospect of a future round of applications is now approaching fast. Regarding the content of the recommendations this time, the elements discussed mainly during ICANN70 were about a pre-evaluation of the future registries, the improvement of the predictability to evaluate the future applications and the ways to improve the applicants’ support.
The PDP: A solution to the impasse over malicious use of the DNS?
Another topic, related to the implementation of the PDP mentioned above, is the malicious uses of the DNS, a topic commonly referred to as DNS abuse.
ICANN’s monitoring of malicious practices in generic names covers some 205 million domain names, of which barely 11% are from the cycle of extensions created since 2012. The observation made through their analyses shows that around one million domains concentrate these infringements, that is to say 0.5% of them. Another notable fact is that the new generic extensions are more used for malicious practices than the historical generic extensions like .COM, .NET, .ORG, .BIZ and .INFO. In fact, ICANN indicated that in February 2021, 35% of security breaches came from names created in the new generic extensions against 65% in the historical extensions, a ratio that even rose to 40% in November 2020. ICANN also said that 90% of malicious practices in the new extensions were concentrated in 23 extensions. As for the most common types of attacks, spamming is involved at 85%, phishing at 8.4%, botnets (malicious programs that operate remotely) at 3.9% and malware at 2.7%. The new generic extensions concentrate more spamming and phishing practices. Although DNS abuse has been a central topic of discussion between the bodies representing the stakeholders of the Internet community for five summits now, positions still diverge on the measures to be taken to curb these harmful practices. Here again, the expectations of the community at this summit were high.
The GAC, the body that represents governments, has already supported the idea of a dedicated PDP on this topic. It advocates for a holistic approach that addresses all extensions, existing and future. GAC highlighted the work of the SSAC, the Security and Stability Advisory Committee, which advises the community and the ICANN Board on issues related to the security and integrity of the Internet’s naming and addressing systems. Indeed, it published an advisory prior to ICANN70 urging the Board before launching the next round of new gTLDs to commission a study of the causes, responses and best practices for mitigating domain name abuse proliferating in the new gTLDs in the 2012 round. To their credit, they also made a series of recommendations to the ICANN Board, ranging from the systematic presence of security experts in all future contract negotiations to an ePDP (expeditive Policy Development Process). As for Gnso, it is continuing consultations for the moment without ruling out the use of a PDP.
And the ePDP phase 1 and 2 on access to registration data
Another topic, another PDP process, the ePDP in connection with the GDPR for access to domain name registration data. Initiated in 2018, it was intended to replace a Temporary Specification that involved redacting personal data from freely available registration data of generic names. Phase 1 of the ePDP, not finalized at this time, is intended to replace the Temporary Specification with a future-proof provision. Phase 2 aims to create a standardized data access system for legitimate applications commonly referred to as SSAD. This phase has now reached the end of the roadmap, as it is now in the hands of the ICANN Board of Directors after the Gnso has approved all the provisions formulated by the working groups that have worked on this subject, even those that did not reach consensus. The Gnso assumed this position under the pretext that it was necessary to take its responsibilities and that the recommendations were a whole, a breach of the process of creating new policies that normally wants to be consensual and that led the ALAC (At-Large Advisory Committee) that represents the end users to express concerns, the IPC (Intellectual Property Constituency) that represents the interests of the intellectual property community even going so far as to ask not to continue with the review of the recommendations. The ICANN Board has simply launched an Operational Design Phase to consider the operability of the future system and intends to take a position on the recommendations at a later stage.
A new PDP on domain name transfer policies
Another PDP process was officially launched at ICANN70 to revise the rules for domain name transfers: transfers between registrars and transfers between two registrants. The latter aims to simplify, secure and make name transfers more efficient. A vast project that could extend over several years…
Concerns about the concentration of the sector
Indicative of the concerns of the Internet community, the public forum this year was marked by many questions around the concentration that is accelerating among the players of domain names. The latest is Ethos Capital, a private equity firm founded in 2019, which after buying the operator of .ORG, PIR, has just taken over Donuts, which manages no less than 242 new generic extensions and had recently acquired Afilias, which is among other things manager of the extension .INFO. The community has expressed concerns about these new players whose expectations are not necessarily in line with one of ICANN’s totems, which is to defend competition, trust and consumer choice. ICANN, for its part, does not see a problem in this phenomenon, which has become a trend, because these mergers trigger very closely supervised procedures for analyzing and approving the changes that are brought about.
ICANN70 has highlighted the fact that ICANN is looking at a number of potentially high-impact topics in domain name management, most of which are about to be materialized into new policies that Nameshield will implement for its customers. Beyond this framework, Nameshield, an independent French player, has already implemented solutions that provide answers to the problems that some of these policies must address. Do not hesitate to reach your consultant with your needs so that we can study together the solutions that we can already bring.
The crux of the war for high-visibility websites is the download time. As a natural referencing factor admitted by Google, this download time can be significantly impacted during DNS resolution. If it is necessary to rely on a first-class DNS infrastructure, the choice of the extension associated with a domain name is important. Indeed, not all registries perform equally well in terms of DNS, not to say that some have disappointing performance. The offer in terms of TLDs (nearly 1400) has greatly increased since ICANN’s New Extensions Program. Analysis to follow.
Resolving a domain such as nameshield.net follows several steps before you can contact the content server. The DNS resolver contacts the root DNS servers (.), then the DNS servers of the registry of the extension concerned (.net) in order to obtain the list of DNS servers responsible for the domain, and finally these DNS servers to obtain the requested response. The response obtained is certainly cached by the DNS resolver (generally managed by the Internet Service Provider), but this will not always be the case depending on the popularity of your domain.
This means that if the DNS for the top level domain (.net) is slow, it may actually delay DNS resolution for the domain itself and, in the very unlikely worst case scenario, even cause a breakdown. There’s not much you can do about this, apart from choosing the right TLD.
Bunny CDN, a Slovenian content delivery player, conducted the following surprising analysis. Relying on their global network, they monitored DNS performance worldwide from more than 50 sites and networks.
For each TLD, their system chose a random name server published for each top-level domains and queried a random domain name. The results were grouped by region and the data recorded every 10 seconds.
They tested 42 of the most popular top-level domains and then aggregated the results into a global median average and an 85-percentile aggregation (the 15% slowest responses were not taken into account). These tests were conducted only from their network, so a more complete study would certainly be worthwhile, but they provide a good overview.
The most surprising domains are .info and .org, which have shown really poor performance, especially in the 85 percentile range, despite their seniority and the millions of domains registered. It seems that 4 of the 6 names servers function extremely poorly, which explains the poor results.
The .net and .com have been very slightly slower than expected in Europe and North America, but otherwise offer excellent and stable performance in all regions, visible in the global median. .net and .com have much larger networks, but remain a very interesting choice for absolute maximum performance.
Less expected is the performance of the .co, .biz and .in TLDs, well ahead of the others.
Some new domains (.online, .top, .blog…), which are attractive from a marketing point of view and growing strongly, show disappointing performances…
… on the other hand, very good surprises for .live, .email, .news, managed by Donuts Inc or .club and .buzz managed by Neustar Inc, with, however, a very important decrease in performance in regions outside Europe and North America, which further aggravates the problem.
42 of the most popular TLDs among the 1400+ available have been tested. Without drawing any definitive conclusions, we can assume that many may not work much better.
Do you need to revolutionize the management of your domain name portfolio and the choice of TLDs for your most visible websites? Should you switch everything to .biz or .co immediately to increase performance?
Certainly not. First of all, DNS responses are heavily cached, especially for very popular websites, resolvers may not need to reach many top-level names servers. Then, the choice of a domain name is primarily driven by marketing imperatives (brand, geographical area, name availability) that are often far more impactful than the additional 50 milliseconds of loading time for the first page to load.
However, if you are trying to compress absolutely every last bit of performance and ensure high reliability in a system where every last millisecond counts, then you may want to think twice before choosing your domain. The differences aren’t huge, but if you’re aiming for that one-second loading time, things can add up to 200 ms in some cases.
Choosing the right TLD based on DNS performance is indeed a good thing, but probably not a cause for too much concern.
