The root zone database page of the internet assigned numbers authority (iana):

There is no doubt that the Internet, which began as a small-scale system of links among academic institutions in the United States, is now a gigantic global network connecting users from any access point, regardless of national or geographical borders. The debate within the scope of the Working Group on Internet Governance (WGIG) points to issues of public policy to be considered when looking at the broad topic of coordinating the various aspects of Internet infrastructure. And so Internet Protocol (IP) numbers or addresses, domain names and root servers are central to this debate.

The root zone file is at the apex of a hierarchical distributed database called the Domain Name System (DNS) — the system that translates domain names into IP addresses. At the heart of the DNS are 13 special computers called root servers. Root servers contain pointers to the authoritative name servers for all top-level domains (TLD) — in other words, generic top-level domains (gTLD), such as “.org”, “.com” “.int” and “.net” and country code top-level domains (ccTLD), for example “.au” (Australia) and “.fr” (France). The root zone file contains records for all TLDs and is managed by the distribution master root server. According to the Internet Society, there were 258 TLDs and 773 different authoritative servers for those TLDs listed as at 12 December 2004. These figures tally with the WGIG breakdown of 15 generic top-level domains and 243 country code top-level domains.

Keeping the Net stable and secure

There are many steps involved in the running of the root server system. They include standards setting, initiation, selection, editing and the Internet Assigned Numbers Authority (IANA) functions of allocation, authorization, publication and mirroring (see box). Some of these activities are purely technical or operational while others include a public policy dimension.

The WGIG paper lists, as main actors in the management or governance of the root zone file and root name servers, the Internet Corporation for Assigned Names and Numbers (ICANN), the IANA functions, the United States Department of Commerce (DoC), VeriSign Inc. and the root server operators themselves. IANA functions are performed by ICANN under a contract with DoC. Standards for the management of the root zone file are also the subject of a contractual relationship between these two parties. Any governmental or non-governmental entity can submit proposals for the creation of new TLDs, but must follow the criteria and procedures defined in what is known as “requests for comment”. With regard to new gTLDs, this is done on the basis of a call for proposals, published by ICANN after a decision by its Board of Directors, based on recommendations from the Generic Name Supporting Organization (GNSO) Council.

Main actors

Internet Engineering Task Force (IETF): Responsible for standards-setting with regard to the format of the zone file.

Internet Corporation for Assigned Names and Numbers (ICANN): A United States-based non-profit corporation responsible for the initial delegation of new top-level domains (TLD) and for receiving requests for delegation or redelegation of TLDs.

Internet Assigned Numbers Authority (IANA): A unit of ICANN in charge of maintaining accurate records of the root zone file information and of managing requests for changes or additions to the root zone file without any authorizing role.

National Telecommunication and Information Administration (NTIA) of the US Department of Commerce (DoC): Responsible for authorizing the publication of modifications, additions or deletions to the root zone file or associated information that constitute delegation or redelegation of top-level domains in the Distribution Master (sometimes called the “hidden primary or hidden server”) of the authoritative Root Name Server System.

VeriSign Registry: Serves as root zone file editor and is responsible for the management of the Distribution Master and the A-Root Server of the authoritative Root Server System.

Root Server System Advisory Committee (RSSAC), composed of the operators of the 13 root servers (10 in the United States, 2 in Europe and 1 in Asia) and additional experts: RSSAC has responsibility for advising the ICANN Board of Directors about the operation of the DNS root name servers.

One IANA function is keeping the root zone file up to date and maintaining the authoritative WHOIS database for both generic and country code top-level domains. Ultimate control of the DNS root zone lies with the US Department of Commerce. When IANA receives requests for additions, deletions or modifications to the root zone file, it determines their appropriateness and subsequently reports to DoC for further review. Once DoC ascertains that the proper process has been followed, the changes are submitted to VeriSign Global Registry Services for implementation. The changes are first made to the “Distribution Master Server”, and then automatically propagated throughout the root server system. Each authoritative server then downloads the updated zone file using cryptographic techniques to ensure that the data are from the authoritative source. Thus, authoritative servers have identical databases and can all answer to queries from any TLD name server. The purpose of the Distribution Master Server is to maintain as secure a version of the root zone file as possible from the primary root server (“a.rootserver.net”).

The whole root server system is managed through numerous cooperative agreements, memoranda of understanding (MoU), sponsorship agreements, contracts, statements of work and voluntary arrangements. An example of this is the MoU between the US DoC and ICANN, which terminates at the end of September 2006. The terms of this MoU require that ICANN take the necessary steps by that time to assure the US DoC and the Internet community that it is able to carry out its important core technical missions in a stable and sustainable manner into the future. Some have expressed the concern that the long-term stability of the Internet may be uncertain because of this pending expiry. For others, however, this situation provides an opportunity for constructive developments and underlines the importance of establishing, in a timely manner, the appropriate governance structure and mechanisms consistent with the WSIS principles, including those relating to the roles and responsibilities of all the stakeholders, to ensure stable and secure functioning of the Internet into the future.

At the end of June 2005, the US Government announced its four new principles regarding the Internet’s Domain Name and Addressing System. One of them stipulates that: “The United States Government intends to preserve the security and stability of the Internet’s Domain Name and Addressing System (DNS). Given the Internet’s importance to the world’s economy, it is essential that the underlying DNS of the Internet remain stable and secure.  As such, the United States is committed to taking no action that would have the potential to adversely impact the effective and efficient operation of the DNS and will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”

Recognizing success

More than 20 years of Internet practice have shown that the bottom-up process, on which the technical administration mechanism is based, has worked and ensured the functioning, stability and security of the Internet to date. Many commentators share this view. For example, DENIC, the registry for the German top-level domain “.de”, in its submission to WGIG states that: “The exceptionally, successful development of the Internet and particularly the Domain Name System to date has been made possible not by top-bottom (intergovernmental) regulation, but by bottom-up coordination and private initiative. It is of paramount importance to stay aware of this elementary insight as the considerations on Internet governance continue and focus shifts to details,” the statement underlines.

It is recognized in the WGIG paper that the long record of effective technical management can be taken as proof that the involved actors, regardless of their special legal status, rights and responsibilities have demonstrated their capacity to fulfil their roles reasonably. They have shared the responsibilities needed to secure the proper functioning of the Internet and, in particular, the DNS.

ITU 050028/Photo.com

So what needs fixing?

For historical reasons, the existing system involves only one government in the authorization of changes to the root zone file. One issue of concern to some is the decision-making procedure for authorizing the publication of modifications, additions or deletions to the root zone file or associated information that constitute delegation or redelegation of top-level domains. This procedure (“approval” of IANA function recommendations by DoC) is considered by some as neither multilateral nor democratic and that it does not involve other governments, the private sector, civil society and international organizations. It is argued that the existing system is mainly based on trust, not on a treaty. And so the system, it is further argued, reduces the governmental participation in the authorization of modifications, additions or deletions to one single government, which has no contractual relationship with other governments with regard to the execution of this function.

Operators of root servers restrict themselves to operational matters and are not involved in policy-making and data modifications. Some have expressed concerns over the current situation underlining that root zone operators perform their functions today without a formal relationship with any authority. It is further argued that root server operators have no clearly defined responsibilities and accountability, especially in relation to the stability and secure functioning of the Internet.

The root server system (DNS protocol and root zone file) is a critical operational aspect of the Internet, which is stable and reliable. Governance of the root server system needs to be addressed in a way that attempts to improve the current situation without harming the functioning of the DNS or its operation. Some feel that standards-development organizations should also consider re-engineering the concept, creating new procedures if necessary, and reorganizing its technical architecture and management in a way that is responsive to the requirements of all users, including countries, the private sector and civil society.

Another issue for some is that, at present, the number of root servers cannot be increased to more than the current 13 due to protocol limitations. However, others believe that the situation has improved with the establishment in 2003 of “clones” of the root servers around the world. The original 13 root servers now appear in multiple locations through a technique known as “anycast”. This technique makes it possible to “clone” one server in multiple locations, all of which respond to the same IP address and all of which contain identical data. The “cloned” servers are also known as “mirror servers”.

Transparency is also an issue. It is acknowledged that the process of consultation is transparent and involves different stakeholders, at different stages, to a different degree. At the same time, the paper also highlights that the process of decision-making is not fully transparent. There are those who feel that because ICANN is mainly accountable to the US Department of Commerce, other governments have no direct authority in the decision-making of ICANN. And even though there are some member governments in ICANN’s Governmental Advisory Committee (GAC), the current advisory status of GAC does not provide sufficient governmental involvement and oversight.

Furthermore, it is stated in the WGIG paper that while governments and intergovernmental organizations can channel concerns with regard to the root zone file and root name server management via GAC, that GAC has no special mandate in this area, that it is not a legal decision-making entity under international law and that it has a limited membership — private sector members are partly involved as root server operators.

But others feel that increased involvement by government is neither necessary nor productive and that GAC’s advisory function should not be underestimated. They point out that GAC today is in an evolutionary process. For example, the Information Technology Association of America (ITAA), in its submission to the WGIG questionnaire on Internet governance arrangements underlines that given GAC’s relatively short period of existence, it may not yet be operating at its full potential. “Participation by governments must continue to develop. It is not always the same individuals participating from meeting to meeting, yet it must be recognized that GAC continues to grow.”

Overall assessment

WGIG recognizes that the root server system is one of the key enablers, which allow a stable and secure functioning of the Internet. Access by end-users has been generally non-discriminatory to date, but there should be clear governance rules to ensure that this will continue, without exception, in the future. While the 13 root servers of the authoritative root, for historical reasons, are essentially located in the United States (with ten in that country, two in Europe and one in Asia), there is the view that this geographical distribution has not affected the functioning of the system globally. Moreover, the recent introduction of the “anycast” technique with more than 90 new root servers, linked to one of the 13 root servers of the authoritative root, has enabled a distribution of root server capacities in other parts of the globe. Nevertheless, looking ahead, others believe that it is necessary to carry out a requirements analysis to determine the appropriate evolution, including possible restructuring of the architecture to meet end-user needs.

The WGIG paper underlines that: “Proposals for improvement need to consider that in general, the existing system has functioned properly from the technical point of view for more than two decades and that adjustments, where needed, both for technical and political reasons have to be made in a proper and adequate way related to the functioning, stability, security and further development of the Internet.” 

This article mainly draws on “Root zone file and root server management”, a “draft working paper” reflecting the preliminary findings of the Working Group on Internet Governance (WGIG) drafting team. The paper has been subject to review by all 40 WGIG members, but it does not necessarily present a consensus position nor does it contain agreed language accepted by every member. It was published on the WGIG website in April 2005 for public comment (see http://www.wgig.org/docs/WGIGPaper-Cluster1-RootServer-Final.pdf).

What is root zone database?

What is an IANA ID?

What is the function of IANA?

What is the name of the root zone?