How the heck is http://to./ a valid domain name?

Apparently it's a URL shortener. It resolves just fine in Chrome and Firefox. How is this a valid top-level domain?

Update: for the people saying it's browser shenanigans, why is it that: http://com./ does not take me to: http://www.com/?

And, do browsers ever send you a response from some place other than what's actually up in the address bar? Aside from framesets and things like that, I thought browsers tried really hard to send you content only from the site in the address bar, to help guard against phishing.

Answers 21

  • Basically, someone has managed to convince the owners of the ccTLD 'to.' (Tonga?) to assign the A record to their own IP address. Quite a coup in the strange old world of URL shorteners.

    Normally these top-levels would not have IP addresses assigned via a standard A record, but there is nothing to say that the same could not be done to .uk, .com, .eu, etc.

    Strictly speaking there is no reason to have the '.' specified, though it should prevent your browser from trying other combinations like 'to.yourdomain.com' first, and speed up the resolution of the address. It might also confuse browsers, as there is no dot, but Safari at least seems to work ok with it.


  • "to" (the country TLD for Tonga) is the entire domain for the site - there's no browser trickery:

    $ telnet to 80
    Trying 216.74.32.103...
    Connected to to.
    Escape character is '^]'.
    GET / HTTP/1.1
    Host: to
    
    HTTP/1.1 200 OK
    Date: Thu, 03 Dec 2009 18:34:04 GMT
    Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_perl/1.26
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=ISO-8859-1
    
    2d7
    <!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
    <head>
    <title>TO. -- Get Shorty URL</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <form method="post" action="/" enctype="multipart/form-data">
    <table><tr><td>Enter a long URL:</td> <td><input type="text" name="url"  size="50" /></td></tr><tr><td>Enter an optional name:</td> <td><input type="text" name="name"  size="20" /></td></tr><tr><td>&nbsp</td> <td><input type="submit" name="&#39;Witz that URL!" value="&#39;Witz that URL!" /></td></tr></table></form>
    </body>
    </html>
    0
    
    Connection closed by foreign host.
    

    The reason why it's a good idea to use "http://to./" is because some browsers will try to convert "to" into "http://www.to.com" in the address bar.


  • Any DNS zone can have any DNS record for that zone itself (in a bind configuration file, this record is labeled with an @). Actually -- let me ask this -- can the root zone have an @ to describe itself? IE can @ have an address record? I don't see why it couldn't. that would be a cool address to have. "http://./"

    The "Root" zone is simply a zone named ".". At the moment, that zone has a bunch of name servers. The addresses of these name servers are distributed as a text file. This text file or something similar is manually entered into many typical recursive name servers.

    Placing a "." at the end of a name tells your local resolver that the name you have entered a "fully qualified" domain name, meaning it is exactly and only the name you wish to look up. Often, we use unqualified or otherwise ambiguous names such as "www" to mean "www.of.the.place.I.work" where your local DNS resolver has "of.the.place.I.work" as the "dns domain" or "search domain".

    These root level domain servers have a list of "top level" domains which map roughly to old abstractions of how researchers in the 80s thought the internet would be used and countries, and a top level domain for "infrastructure". Each of these top level domains has a bunch of name servers that have lists of actual zones in that domain, so a request for maps.google.com first goes to a root level server which passes out a list of name servers that know about .com, and when asked, one of those knows about which name server has records for google.com, and one of those knows the specific record for www.google.com.

    So, all you need to do is convince whoever runs the TLD for a country or organization to put in an address record for .zone instead of just google.zone and you're golden.

    At present, the following top level domains have address records (not all run web servers, though)

    ac has address 193.223.78.210
    ai has address 209.59.119.34
    bi has address 196.2.8.205
    cm has address 195.24.205.60
    dk has address 193.163.102.23
    gg has address 87.117.196.80
    hk has address 203.119.2.28
    io has address 193.223.78.212
    je has address 87.117.196.80
    ph has address 203.119.4.7
    pn has address 80.68.93.100
    pw has address 203.199.114.33
    sh has address 64.251.31.234
    tk has address 217.119.57.22
    tm has address 193.223.78.213
    to has address 216.74.32.103
    uz has address 91.212.89.8
    ws has address 63.101.245.10
    

    and the following have mx records (so [email protected] is a potentially deliverable address)

    ai mail is handled by 10 mail.offshore.ai.
    as mail is handled by 10 dca.relay.gdns.net.
    cf mail is handled by 10 mail.intnet.cf.
    dj mail is handled by 5 smtp.intnet.dj.
    dj mail is handled by 5 relais2.intnet.dj.
    dm mail is handled by 10 mail.nic.dm.
    gp mail is handled by 20 manta.outremer.com.
    gp mail is handled by 5 ns1.nic.gp.
    gp mail is handled by 10 ns34259.ovh.net.
    gt mail is handled by 10 mail.gt.
    hr mail is handled by 10 alpha.carnet.hr.
    io mail is handled by 10 mailer2.io.
    kh mail is handled by 10 ns1.dns.net.kh.
    km mail is handled by 110 bow.snpt.km.
    km mail is handled by 100 mail1.comorestelecom.km.
    mh mail is handled by 10 imap.pwke.twtelecom.net.
    mh mail is handled by 20 mx1.mail.twtelecom.net.
    mh mail is handled by 30 mx2.mail.twtelecom.net.
    mq mail is handled by 10 mx1-mq.mediaserv.net.
    ne mail is handled by 20 bow.rain.fr.
    ne mail is handled by 10 bow.intnet.ne.
    pa mail is handled by 5 ns.pa.
    td mail is handled by 0 mail.intnet.td.
    tt mail is handled by 0 66-27-54-138.san.rr.com.
    tt mail is handled by 10 66-27-54-142.san.rr.com.
    ua mail is handled by 10 mr.kolo.net.
    va mail is handled by 20 paul.vatican.va.
    va mail is handled by 50 proxy2.urbe.it.
    va mail is handled by 90 john.vatican.va.
    va mail is handled by 10 lists.vatican.va.
    ws mail is handled by 10 mail.worldsite.ws.
    

    (I really wonder about what's going on with "tt" here...)

    So, in theory, you could send email to [email protected] and it will be delivered properly...

    If you use different root servers, you will wind up with a different view of what exists on the internet. All the local resolutions I did were against my local system which is using "dnscache" which goes directly to the root servers. Many other resolving DNS servers will ask another local DNS server instead of asking the root servers.


  • How it's not? There isn't any limitation for the minimum "sections" a domain should have. It's a ccTLD for Tonga like us, eu, uk, me, .... The following dot means it's a subdomain of the root domain. In fact, xyz.com is really xyz.com..

    Basically, what they have done is simply adding an A record pointing to a Web server. They own the nameserver responsible for answering queries for to. and all its subdomains so they can do that easily.

    Demonstration of the fact:

    MehrdadAir:~ Mehrdad$ ping to.
    PING to (216.74.32.103): 56 data bytes
    Request timeout for icmp_seq 0
    ^C
    --- to ping statistics ---
    2 packets transmitted, 0 packets received, 100.0% packet loss
    MehrdadAir:~ Mehrdad$ telnet 216.74.32.103 80
    Trying 216.74.32.103...
    Connected to 216.74.32.103.static.sfo.hosting.com.
    Escape character is '^]'.
    GET / HTTP/1.0
    Host: to.
    User-Agent: Mozilla
    
    
    HTTP/1.1 200 OK
    Date: Thu, 03 Dec 2009 18:41:05 GMT
    Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_perl/1.26
    Connection: close
    Content-Type: text/html; charset=ISO-8859-1
    
    <!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
    <head>
    <title>TO. -- Get Shorty URL</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <form method="post" action="/" enctype="multipart/form-data">
    <table><tr><td>Enter a long URL:</td> <td><input type="text" name="url"  size="50" /></td></tr><tr><td>Enter an optional name:</td> <td><input type="text" name="name"  size="20" /></td></tr><tr><td>&nbsp</td> <td><input type="submit" name="&#39;Witz that URL!" value="&#39;Witz that URL!" /></td></tr></table></form>
    </body>
    </html>
    Connection closed by foreign host.
    

    PS: Based on the content of this thread, I'm absolutely convinced that the software used by some Internet operators (ISPs, ...) does not follow specs correctly and just happens to follow conventions. This is probably why the domain is broken for many people.


  • It is rare that a top level domain has an A record, but it's perfectly legitimate. Think how you can have "www.foo.com" and "foo.com" have different records, and apply that all the way down to the Tongan ccTLD, .to.


  • yeah...

    "telnet www.to 80" ... typing "GET /" works

    "telnet www.to. 80" ... typing "GET /" works

    "telnet to 80" ... couldn't open connection

    "telnet to. 80" ... couldn't open connection

    so yeah, i would guess the browser's helping out. m.


  • Looks like someone bought the whole .to. TLD http://en.wikipedia.org/wiki/.to as Mehrdad said you can then add an A Record. I think they're just adding the . to the end of www.to. to make sure that what ever is looking up the address searches at the root of the tld. the . on the end of all domains should be implied anyway what I don't get is why does serverfault.com. return a 400 Bad Request?


  • Being a TLD, it too can have an A record pointing to an IP Address, just like example.com can have an A record.

    Edit: According to some testing with nslookup, it does seem like the A record for "to" is different than the one for "www.to", though I'm not entirely sure if this is a glitch or not.


  • this has nothing to do with browsers. 'to' has a DNS Resource Record, simple as that:

    $ORIGIN to.
    @ SOA to. admin.to. ( ... )
    @ A 123.4.5.6
    

  • No help browser needed:

    $ curl -i "http://to./check"
    HTTP/1.1 302 Found
    Date: Thu, 03 Dec 2009 18:27:20 GMT
    Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_perl/1.26
    Location: http://madmw.tumblr.com/tagged/check <<<=== Actual URL
    Transfer-Encoding: chunked
    Content-Type: text/plain
    

    It seems the whole TLD is mapped to an IP address (vs. a DNS hierarchy), try:

    $dig to.
    ...
    to.         85265   IN  A   216.74.32.103
    ...
    

    But check any other TLD:

    $dig as.
    as.         600 IN  SOA dca.tld.gdns.net. hostmaster.gdns.net.as. 56480 10800 1800 604800 21600
    

    I don't know if this follow ICANN rules but it's just a matter of configuring the DNS for the DNS of a whole country TLD.


  • Apparently not all caching DNS entities are prepared for a TLD to have an A record, as it worked only with 50% of the 2 DNS servers I tried.

    Those friendly browsers "fixing" the domain in that case to www.to sure don't help in clearing the confusion.



  • I think the simple answer is that the owner of the web server set

    to.
    

    as (additional) http host header for that web site.

    The problem here is that some DNS server can resolve "to" and "to." (Google DNS says 216.74.32.103) and some simply cannot.


  • The DNS specification also permits a trailing period to be used to denote the root, e.g., "a.b.c" and "a.b.c." are equivalent, but the latter is more explicit and is required to be accepted by applications. This convention is especially important when a TLD name is being referred to directly. For example, while ".COM" has become the popular terminology for referring to that top-level domain, "COM." would be strictly and technically correct in talking about the DNS, since it shows that "COM" is a top-level domain name.

    From: ftp://ftp.rfc-editor.org/in-notes/rfc3696.txt


  • So the question is why wouldn't it work. And the answer is that after Verisign decided to introduce a wildcard into the .com. zone a few years back, the developers of bind introduced the concept of a 'delegation-only' zone. In a delegation-only zone, any A records which aren't inferior glue for an NS record will not be accepted by the resolver and the client will get back an NXDOMAIN.

    So while from a strict protocol viewpoint it's okay for the "to." DNS name to have an A record, in practice it won't work for customers of some ISPs.

    You might put:

    zone "com." { type delegation-only; };
    

    in your named.conf to turn this on just for the .com. domain, or you might turn it on for all of the TLDs but exclude some of them by adding to the options{} block something like:

    root-delegation-only exclude { "de"; "to"; };
    

    etc. There's a long list of "accepted" domains here which are commonly allowed, such as "to", but depending on how BOFHish you're feeling, you might limit this more.

    The link has moved since I first noted it down, and again since I first wrote this reply, but I think this is what I pointed to: http://www.isc.org/software/bind/delegation-only


  • Any chance it may have something to do with OpenDNS. On my home computer using OpenDNS nslookup returns an IP address. On my work computers through the VPN to does not resolve and http://to./ does nothing.

    It could be a bug with OpenDNS...this seems to be acting similar to their shortcut functionality, where you enter something like 'mail' as the shortcut and 'http://webmail.mydomain.com' as the website, and when you enter 'mail' from your defined network it takes you to 'http://webmail.mydomain.com'. Possibly someone defined their network as 0.0.0.0 and created 'to' as a shortcut? If that's the case it would be a huge opportunity to exploit OpenDNS users!


  • As has been indicated. "to." is a valid way to specify a fully qualified host name. No other portions of your "typical" DNS name are required.

    If you look at this screen capture of a "dig to.", you'll see that "to." has an A record of 216.74.32.103:

    I'm guessing Tonga decided to allow this in exchange for something (cold, hard cash possibly?)



  • Doing a whois on the TO. domain name yields that it is owned by IANA:

    Domain Name: TO
       Registrar: INTERNET ASSIGNED NUMBERS AUTHORITY (2)
       Whois Server: whois.iana.org
       Referral URL: http://www.iana.org
       Name Server: AUTH02.NS.UU.NET
       Name Server: COLO.TO
       Name Server: NS-TO.RIPE.NET
       Name Server: NS1.IAFRICA.COM
       Name Server: TONIC.TO
       Status: clientDeleteProhibited
       Status: clientTransferProhibited
       Status: clientUpdateProhibited
       Status: serverDeleteProhibited
       Status: serverTransferProhibited
       Status: serverUpdateProhibited
       Updated Date: 23-oct-2008
       Creation Date: 18-dec-1995
       Expiration Date: 31-dec-2099
    

  • Some screen captures, to show that http://to./ yields a different site than http://www.to./:


    http://to./ versus http://www.to./ (click to enlarge)

    The IP addresses are different as well: 216.74.32.103 versus 74.54.218.210 today.

    So: if one is seeing the same for the two URLs then the browser is indeed messing up, and is probably showing www.to for both.

    http://www.to./ probably does not need the trailing dot to tell browsers not to try anything fancy, and hence is the same as http://www.to, in which www probably has been registered as a second-level domain by some unrelated other company.



Related Questions