### Article: The Internet Corporation for Assigned Names and Numbers (ICANN) Designates a New Top-Level Domain for Private Networks
In recent news, the Internet Corporation for Assigned Names and Numbers (ICANN) has announced an exciting development in the world of internet infrastructure. ICANN is in the process of designating and reserving a top-level domain (TLD) specifically for use on private internal networks. This new TLD will be reserved exclusively for private networks, such as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 ranges, ensuring that these networks have their own dedicated domain space.
The initiative is part of ICANN's efforts to improve the organization and security of internal network infrastructure. The proposed TLD will allow private networks to resolve names internally without interfering with the public DNS root zone. This means that internal networks will no longer have to rely on generic or non-standard naming conventions, which can lead to confusion and potential security risks.
The Security and Stability Advisory Committee (SSAC) has recommended the reservation of a namespace label that does not correspond to any current or future delegation from the root zone of the global DNS. This is a long-winded way of saying that ICANN will create its own TLD for private use, ensuring that it never conflicts with public DNS resolution.
Currently, many enterprises and device vendors make ad hoc use of TLDs that are not present in the root zone when they intend the names for private use only. This uncoordinated usage can cause harm to internet users, as there is no explicit provision for internally scoped names in the DNS. The SSAC concurs with this best practice and encourages enterprises, vendors, and others who require internally scoped names to use subdomains of registered public domain names wherever possible.
However, it is not always feasible to use subdomains of public domain names for internal purposes. There are legitimate use cases for private use TLDs, such as when an individual wants to register a domain for personal or internal use. For example, someone might want to use "internal.example.com" for their own network, but this would require coordination and approval from ICANN.
The SSAC has proposed reserving a string in a manner similar to the current use of private IP address space. This rationale can be used to reserve more strings if the need arises. The document also highlights the importance of ensuring that the reserved private use TLD is never delegated in the global DNS root zone, as this would cause conflicts with public DNS resolution.
After months of discussion and review, ICANN has made a provisional determination that "internal" should be reserved for private use and internal network applications. Prior to final approval by the ICANN board, feedback is being sought on whether the selection complies with specified procedures and other relevant considerations.
Once reserved, "internal" will never be used for any public purpose, making it safe for anyone to start using it for internal purposes. This development marks a significant step forward in the organization of private networks, ensuring that they have their own dedicated namespace without interfering with the public internet.
In conclusion, the designation of a new TLD specifically for private internal networks is a long-overdue solution to the challenges faced by enterprises and individuals alike. While it has taken over 30 years to reach this point, the benefits of having a dedicated namespace for private networks will undoubtedly make the wait worthwhile. For more information on this groundbreaking development, visit the ICANN website or tune into Security Now for a full discussion.
---
*Note: This article is based entirely on the provided transcription and does not include any additional summaries or interpretations.*
"WEBVTTKind: captionsLanguage: enthis is Twi in a cool bit of news I can the internet Corporation for assigned names and numbers is going to make an assignment uh it's in the process of designating and reserving get this a top level domain specifically for use on private internal networks in other words our 10 Dot and our 192.168 networks and there's a 17.16 thing in there too will be obtaining an official TLD of their own so Local Host May soon be less lonely here's the executive summary which explains and lays out the rationale behind Ian's plans they wrote in this document the ssac that's the security and stability advisory committee because you know you know that's what you want in your internet is some security and stability advising they recommend the reservation of a NS label that does not and cannot correspond to any current or future delegation from the root zone of the global DNS which is the very long-winded way of saying we're going to get our own do something TLD they said this label can then serve as the top level domain name of a privately resolvable name space that will not collide with the resolution of names delegated from the root Zone that is you know the the public DNS roote Zone in order for this to work properly this reserved private use TLD must never be delegated in the global DNS route currently many Enterprises and device vendors make ad hoc use of tlds that are not present in the root Zone when they intend the name for private use only this usage is uncoordinated and can cause harm to internet users oh my the DNS has no explicit provision for internally scoped names and current advice is for the vendors or service providers to use a subdomain of a public domain name for internal or private use using subdomains of registered public domain names is still the best practice to to name internal resources the ssac concurs with this best practice and encourages Enterprises vendors and others who require internally scoped names to use subdomains of registered public domain names wherever possible however this is not always feasible and there are legitimate use cases for private use tlds and I'll just note that you know for example an individual could register a domain with hover who I don't know if they if they're still a sponsor of the twit network they are still my domain name provider I moved everything away from Network Solutions once it became clear I don't think they're a sponsor anymore but we still love them Yep they're the right guys anyway so you know you know Johnny apple seed you could get that oh go of course you can't get dot Johnny apple seed so that wouldn't work but but you could get you know uh a a do or some inexpensive subdomain of some some established top level domain and this you use that for your own purpose because you because you have that subdomain nobody else is is is going to be able to to to use it publicly so you're you're you're safe so that so that's what these guys are saying so they they they continue the need for private use identifiers is not unique for domain names and a useful analogy can be drawn between the uses of private IP address space and those of a private use TLD Network operators use private IP address space to number resources not intended to be externally accessible and private use tlds are used by Network operators in a similar fashion this document proposes reserving a string in a manner similar to the current use of private IP address space a similar rationale can be used to reserve more strings in case the need arises okay so they go on and on anyway finally after all the bureaucratic boilerplate has settled down I can wrote the internet assigned numbers Authority I has made a provisional determination that do internal should be reserved for private use and internal Network applications prior to review and approval of this reservation by the Ian board we're seeking feedback on whether the selection complies with the specified procedure from sa113 more Bureau bureaucracy and other observations that this string would be an uh to verify that it would be an appropriate selection for this purpose so it's all but certain that dot internal will be reserved and will never be used for any public purpose and therefore it would be safe for anyone to start using it for any internal purpose very cool do internal we and I saw some commentary saying well it only took 30 years it's like that's true that's that is true it's true took him a little while hey it's Leo leaport I hope you've enjoyed this little snippet from security now if you want the whole show you can get at our website twit.tv slsn of course you can subscribe to security now and your favorite podcast or just click one of the links belowthis is Twi in a cool bit of news I can the internet Corporation for assigned names and numbers is going to make an assignment uh it's in the process of designating and reserving get this a top level domain specifically for use on private internal networks in other words our 10 Dot and our 192.168 networks and there's a 17.16 thing in there too will be obtaining an official TLD of their own so Local Host May soon be less lonely here's the executive summary which explains and lays out the rationale behind Ian's plans they wrote in this document the ssac that's the security and stability advisory committee because you know you know that's what you want in your internet is some security and stability advising they recommend the reservation of a NS label that does not and cannot correspond to any current or future delegation from the root zone of the global DNS which is the very long-winded way of saying we're going to get our own do something TLD they said this label can then serve as the top level domain name of a privately resolvable name space that will not collide with the resolution of names delegated from the root Zone that is you know the the public DNS roote Zone in order for this to work properly this reserved private use TLD must never be delegated in the global DNS route currently many Enterprises and device vendors make ad hoc use of tlds that are not present in the root Zone when they intend the name for private use only this usage is uncoordinated and can cause harm to internet users oh my the DNS has no explicit provision for internally scoped names and current advice is for the vendors or service providers to use a subdomain of a public domain name for internal or private use using subdomains of registered public domain names is still the best practice to to name internal resources the ssac concurs with this best practice and encourages Enterprises vendors and others who require internally scoped names to use subdomains of registered public domain names wherever possible however this is not always feasible and there are legitimate use cases for private use tlds and I'll just note that you know for example an individual could register a domain with hover who I don't know if they if they're still a sponsor of the twit network they are still my domain name provider I moved everything away from Network Solutions once it became clear I don't think they're a sponsor anymore but we still love them Yep they're the right guys anyway so you know you know Johnny apple seed you could get that oh go of course you can't get dot Johnny apple seed so that wouldn't work but but you could get you know uh a a do or some inexpensive subdomain of some some established top level domain and this you use that for your own purpose because you because you have that subdomain nobody else is is is going to be able to to to use it publicly so you're you're you're safe so that so that's what these guys are saying so they they they continue the need for private use identifiers is not unique for domain names and a useful analogy can be drawn between the uses of private IP address space and those of a private use TLD Network operators use private IP address space to number resources not intended to be externally accessible and private use tlds are used by Network operators in a similar fashion this document proposes reserving a string in a manner similar to the current use of private IP address space a similar rationale can be used to reserve more strings in case the need arises okay so they go on and on anyway finally after all the bureaucratic boilerplate has settled down I can wrote the internet assigned numbers Authority I has made a provisional determination that do internal should be reserved for private use and internal Network applications prior to review and approval of this reservation by the Ian board we're seeking feedback on whether the selection complies with the specified procedure from sa113 more Bureau bureaucracy and other observations that this string would be an uh to verify that it would be an appropriate selection for this purpose so it's all but certain that dot internal will be reserved and will never be used for any public purpose and therefore it would be safe for anyone to start using it for any internal purpose very cool do internal we and I saw some commentary saying well it only took 30 years it's like that's true that's that is true it's true took him a little while hey it's Leo leaport I hope you've enjoyed this little snippet from security now if you want the whole show you can get at our website twit.tv slsn of course you can subscribe to security now and your favorite podcast or just click one of the links below\n"
