Frequently Asked Questions: Name Collision for IT Professionals

Susceptible Parties, Effects & Risks

1. Could my organization/company network be affected by name collision? Studies have shown that it's unlikely that name collisions will affect significant numbers of corporate networks or Internet users. In a well-managed environment, the likelihood for name collision is low and the likelihood that a name collision could result in material damage is even lower as, chances are, disruptions will be noticed quite quickly. Without proper network management, however, there is a risk.
2. Do name collisions represent a significant risk? A study on naming system collisions in the global Internet Domain Name System (DNS) naming systems, conducted by JAS Global Advisors, indicated that the addition of new top-level domains (TLDs) does not fundamentally or significantly increase or change the risks associated with namecollisions. The modalities, risks, and etiologies of the inevitable collisions in new TLDs will resemble the collisions that already occur routinely in the other parts of the global DNS.

Risk Mitigation & Troubleshooting

3. How can system administrators prevent name collision? ICANN's Guide to Name Collision Identification and Mitigation for IT Professionals (version 1.1) [PDF, 476 KB] recommends that every organization that is not already using fully qualified domain names (FQDNs) from the global DNS should consider the following strategy:
   • Monitor name services, compile a list of private TLDs or short unqualified names you use internally, and compare the list you create against the list of applied-for new TLD strings.
   • Formulate a plan to mitigate causes of leakage; for example, you may need to change the root of your private name space to use a name you have registered in the global DNS, or change affected systems over to use FQDNs.
   • Prepare users for the impending change in name usage by notifying them in advance or providing training.
   • Implement a plan to mitigate the potential collision.
   • Continue to monitor old private name usage as well as new FQDN usage at name servers and along your network perimeter, and use this data to mitigate any causes you may discover once you have begun mitigating leaks..
4. How should a system administrator address name collisions once it has been identified? System administrators that encounter a system error due to name collision are encouraged to take the following steps:
   1. Report the problem to ICANN »
      Instances where there is a reasonable belief of demonstrable, severe harm as a consequence of a name collision should be reported.
   2. Read the Guide to Name Collision Identification and Mitigation for IT Professionals (version 1.1) [PDF, 476 KB] and implement the measures outlined therein.
   3. Learn more about name collisions by visiting https://www.icann.org/namecollision.
   4. Spread the word about the potential for name collision occurrence and mitigation in your professional circle.

ICANN's Role

5. Why is ICANN involved in name collision mitigation? Name collision occurrences received renewed attention because many new top-level domain strings applied-for through ICANN's New gTLD Program are identical to names used in other naming systems, such as private networks. ICANN's core focus is supporting a secure, stable and resilient Internet. Determining the risk and severity of potential name collisions, and proposing means of mitigating risk became of great importance.

   In a study published in January 2013, ICANN's Security and Stability Advisory Committee (SSAC) confirmed that some private naming systems sometimes "leak" into the global DNS (either through misconfiguration or the use of old software). ICANN's Board of Directors, staff and the Internet community, set out to address name collisions together. ICANN considers it essential that it does everything possible to minimize potential impact and to offer clear advice on dealing with the issue.

6. What has ICANN done to address name collision? ICANN has taken several steps to address name collision including commissioning an independent report on mitigating name collisions, issuing advice to IT professionals worldwide on how to proactively identify and manage private name space leakage into the global DNS, and conducting an outreach campaign to raise awareness of the potential issue of name collision.

   In order to assess and mitigate the risk for name collisions between the global DNS and other naming systems, ICANN has implemented the Name Collision Risk Management framework, following recommendations from the Name Collision Analysis Project Study Two Report,¹ as directed by the ICANN Board on 7 September 2024.²

   For additional information on how ICANN has worked to address name collision, read the following:

   • ICANN's role in addressing name collision »
     See the list of measures ICANN and the Internet community have undertaken to address name collision.
   • Name collision archive »
     View a detailed account of discussion and ideation regarding name collision, between members of the Internet community and ICANN, dating back to 2010.

Controlled Interruption & 127.0.53.53

7. What is Controlled Interruption? Controlled interruption is a method of notifying system administrators who have configured their networks incorrectly (knowingly or unknowingly) of the name collision occurrence, and helping them mitigate potential issues.

   Controlled interruption is intended to catch errant DNS queries. When an errant query is caught, a registry takes a "controlled" action to prevent harm and alert the user that a fix is needed. That action takes the form of responding to the DNS query with a special IP address (127.0.53.53). The word "interruption" refers to an activity that once seemed to work despite the errant query, but is now prevented from working.

   System administrators affected by a new gTLD registry performing controlled interruption might encounter the following "flags":

   • * 3600 IN MX 10 your-dns-needs-immediate-attention.<TLD>.
   • * 3600 IN SRV 10 10 0 your-dns-needs-immediate-attention.<TLD>.
   • * 3600 IN TXT "Your DNS configuration needs immediate attention see https://icann.org/namecollision"
8. What is 127.0.53.53? 127.0.53.53 is a special IPv4 address that will appear in system logs alerting system administrators that there is a potential name collision issue, enabling a quick diagnosis and remediation. The "53" is used as a mnemonic to indicate a DNS-related problem owing to the use of network port 53 for the DNS service. Instances where there is a reasonable belief of demonstrable severe harm as a consequence of a name collision should be reported at https://forms.icann.org/en/help/name-collision/report-problems. Additional information on name collision can be found at https://www.icann.org/namecollision.
9. I've encountered 127.0.53.53 (or another flag) in my system logs – what should I do now? System administrators who encounter a system error due to name collision are encouraged to take the following steps:
   1. Report the problem to ICANN »
      Instances where there is a reasonable belief of demonstrable, severe harm as a consequence of a name collision should be reported.
   2. Read the Guide to Name Collision Identification and Mitigation for IT Professionals (version 1.1) [PDF, 476 KB] and implement the measures outlined therein.
   3. Learn more about name collisions by visiting https://www.icann.org/namecollision.
   4. Spread the word about the potential for name collision occurrence and mitigation in your professional circle.

¹ See https://www.icann.org/en/system/files/files/ncap-study-2-report-05apr24-en.pdf.

² See https://www.icann.org/en/board-activities-and-meetings/materials/approved-resolutions-regular-meeting-of-the-icann-board-07-09-2024-en.