AnyName Eligibility & Policy Controlled, Ethical, User-First NX Resolution

After the 2003 SiteFinder episode, any form of wildcarding was effectively prohibited.
If we now want to allow internet users to express intent through unregistered or inexistent domain names, the resolving of such inexistent domain names must not be used to monetize noise or recreate the problems seen before (see all ICANN, IETF & CA/B provisions that prohibit wildcarding here).

AnyName can therefore only be deployed in environments that are tightly governed, ethically operated, and where all resolution activity clearly benefits the internet user.

Eligible TLDs must meet all of the following conditions:

  1. A single trusted controller is authorized by the registrant base to resolve unregistered domain names.

  2. Registrant eligibility is strict and verified.

  3. Domain label eligibility is restricted and predictable.

  4. No monetization of unregistered queries is permitted; all outputs must clearly serve user benefit.

  5. The operation is subject to independent audit, revocation, and emergency stop capability.

This model is intended primarily for Spec-13 brand gTLDs.
It may also apply — upon review — to .edu, .gov, or sponsored and restricted TLDs like .museum and .post.
Open gTLDs like .com, .net, .org, .xyz, or .fun are very unlikely to qualify.

Enabling NX Resolving for eligible gTLDs – Minimal DNS Policy Adjustments Required

The current DNS policy framework correctly prohibits wildcarding in open TLDs to protect stability and prevent abuse. For eligible, tightly controlled gTLDs (primarily Spec-13 brand TLDs), AnyName requires only narrow, targeted policy updates to enable safe, user-benefiting NX resolution.

These changes are non-disruptive, backward-compatible, and fully auditable.

What ICANN Must Do

  • Add a new registry agreement clause (or Specification 14) allowing NX-Resolution only for TLDs with:

    • A single trusted controller who is authorized by the registrant base to resolve unregistered domain names.

    • Registrant eligibility is strict and verified.

    • Domain-name eligibility is restricted and predictable.

  • Require operators to apply for NX-Resolution eligibility during registry agreement review.

What IANA Must Do

  • Publish a public, machine-readable NX-Eligibility Registry (via RDAP or dedicated list) listing all NX-resolution approved TLDs.

What CA/B Forum Must Do

  • Adopt a new ballot permitting CAs to issue either:

    • Second-level wildcard certificates for *.gTLD for NX-eligible gTLDs, or

    • On-demand certificates for inexistent second-level labels

    • only when the parent TLD presents a valid CA-signed eligibility credential.

What IETF Must Do

  • Publish an Informational RFC recognizing contained, policy-gated DNAME use in eligible gTLDs as architecturally safe when:

    • Non-HTTP protocols return NXDOMAIN

    • Eligibility is cryptographically verified

    • Kill-switch is enforced

Full Details on Required Changes: See ICANN & CA/B & IETF – What Needs to Change

This is not a rewrite of DNS.
This is a safe, ethical exception — to enable user-intent resolving within eligible gTLDs only.



For more information please send an email to alexander.schubert@anyname.technology or call +1(202)888-2029