ERR_ICANN_NAME_COLLISION — ICANN-level warning. Your internal network uses a domain (.corp, .home, .lan) that became a public TLD after ICANN gTLD expansion (2013+). Now external DNS resolves your internal hostname → confusion. Chrome warns. Fix: rename internal zones to .internal or .arpa (reserved), or explicitly blacklist.
Below: causes, fixes, FAQ.
Free online tool — SSL certificate checker: instant results, no signup.
.internal, .home.arpa (RFC 8375)The ERR_ICANN_NAME_COLLISION error occurs when a domain name resolves to an internal TLD (Top-Level Domain) that collides with a public TLD, causing DNS resolution failures. This typically affects private networks or local test environments where domains are misconfigured or overlap with existing ICANN TLDs. To resolve this, ensure your internal TLDs do not conflict with public TLDs by using custom or non-ICANN TLDs.
The ERR_ICANN_NAME_COLLISION error arises when a domain name used in a private network conflicts with a public TLD registered with ICANN (Internet Corporation for Assigned Names and Numbers). This conflict can occur when:
Such collisions can lead to issues in DNS resolution, affecting the accessibility of services hosted on the conflicting domain.
To resolve the ERR_ICANN_NAME_COLLISION error, it is essential to implement best practices in domain naming and DNS configuration. Below are several strategies you can employ:
nslookup yourdomain.testReplace yourdomain.test with your actual domain. If this resolves to a public IP, you may need to adjust your DNS records.
C:\Windows\System32\drivers\etc\hosts, and on Linux or macOS, edit /etc/hosts. Add lines like:127.0.0.1 yourdomain.testThis will force the system to resolve yourdomain.test to your local machine.
By implementing these practices, you can minimize the risk of encountering the ERR_ICANN_NAME_COLLISION error and ensure smooth operation of your web services.
SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.
Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).
Full chain verification: from leaf certificate through intermediates to root CA.
Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.
Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.
SSL certificate monitoring
TLS config audit
HTTPS as ranking factor
customer trust
www and subdomains.Strict-Transport-Security header forces browsers to always use HTTPS.SSL certificate monitoring, check history and alerts 30 days before expiry.
Sign up free.corp, .home, .mail, .office — NOT in public use but reserved by ICANN. Safer: .internal (proposed reserved), .home.arpa, .localhost.
Yes: attacker can register a .corp domain, resolve internal names to malicious IPs, MITM.
Chrome warns, does not block. But may treat as suspicious for certain workflows.
.internal (IETF draft), .test, .localhost, .invalid, .example — safe. Anything else — ideally check the public registry.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.