Internet Society - Public Policy - The Domain Name System

ISOC's Public Policy Activities Principles Strategic Global Engagement Community and Partners Key Issues Internet Governance User Centric Internet Internet Events Calendar Worth a Read Advisory Groups Help Support Public Policy Activities

Topics

Access Capacity Building Domain Name System Innovation Intellectual Property IP Addressing Multilingualism Privacy Security Spam Standardization

Key Issues

The Domain Name System

The Domain Name System (DNS) enables networks on the Internet to use globally unique names. This creates a "human" environment, where people can use easy-to-remember names for things like web pages and mailboxes, rather than long numbers or codes. A less obvious, but equally important benefit is that DNS allows names to be separated from locations. Services and devices can move to a totally different network location, without the need for a name change. This is fully transparent to the average user; for example, "www.isoc.org" can be on a server in Virginia today and on another server in Geneva tomorrow without any effect on the way people visit or use that website.

The DNS has been a major factor in the success and growth of the Internet, because it helps make it simple to access and use for ordinary people. But behind its simplicity, the DNS raises many complex technical, legal, and political challenges. We have divided our discussion of the DNS into the following topics:

General overview of DNS: Concepts and questions

What does the DNS do?

The purpose of the DNS is quite simple: it is a service that looks up Internet names and "resolves" them into Internet address numbers, allowing communication across the Internet. To be effective, it must be automatic, very fast, and transparent to ordinary users. The following documents explain the DNS in more detail, but in simple terms:

What is ICANN's role in managing the DNS?

The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for managing and coordinating the Domain Name System to ensure that every address is unique and that all users of the Internet can find all valid addresses. It does this by overseeing the distribution of unique IP addresses and domain names. ICANN is also responsible for accrediting the domain name registrars. This involves setting minimum standards for the performance of registration functions, recognizing persons or entities who meet those standards, and entering into an accreditation agreement defining the rules and procedures applicable to Registrar Service providers.

ICANN holds regular public meetings to bring together the spectrum of Internet stakeholders and users, including business, government, non-commercial, technical, and individual users. More than eighty governments closely advise the Board of Directors via the Governmental Advisory Committee (GAC), but other communities also have direct input to the process. The ICANN structure is designed to ensure participation from all stakeholders, while preventing a single stakeholder group from dominating the agenda.

To learn more about ICANN, refer to:

ICANN's own FAQ
RIPE NCC's special Information bulletin (PDF: 334KB), which includes an overview of ICANN, the DNS, and governance questions

Who controls the DNS?

No single entity or organization controls the entire DNS. Different aspects of the DNS are managed by a number of bodies and oversight mechanisms. This responsibility is distributed administratively and geographically. For example, ICANN manages the authoritative "root" of the DNS, country code Top Level Domains (ccTLDs) are administered at a national level, generic Top Level Domains (gTLDs) are administered by accredited organisations, and root servers are operated by a range of organizations around the world. Other interested parties also participate in the day-to-day development and management of the Internet (for example, the IETF's role in developing technical standards).

What are the root servers?

The DNS root name servers publish the "root zone file" to the Internet. DNS is a distributed database and the root zone file stores only the information at the top level of the hierarchy. It is a text file that lists the names and numeric IP addresses of the authoritative DNS servers for all top-level domains (TLDs), including the gTLDs (for example, .ORG, .COM, .INT) and the ccTLDs (for example, .NL, .AU, and .JP). Other name servers query the root servers, which reply with a referral to the authoritative servers for the appropriate TLD (or with an indication that no such TLD exists).

For further information, refer to:

DNS Root Name Servers Explained For Non-Experts (PDF: 112KB)
DNS Root Name Servers Frequently Asked Questions (PDF: 120KB)
Root- Servers.org (details of the locations and operators of the 13 root servers
An example of the root zone file (in this sample from 12-Dec-2004, there were 5335 lines of text in the file sized at only 119KB)

Why are there only 13 root servers?

Technical limitations in one of the main protocols mean that there can only be 13 distinct root servers. However, each root server can be mirrored in many locations, using a technique called IP anycasting. In fact, several of the root servers are now using anycast to make mirror copies of the root available. By mid-2007 there were more than 130 instances of the root servers available in 50 countries.

Will IPv6 allow us to have more than 13 root servers?

No, IPv6 does not provide scope for more root name servers. This is a limitation of the DNS protocol whose architecture does not change with IPv6. In fact the introduction of IPv6 aggravates the limitation explained above because additional numeric addresses have to be transmitted for root name servers reachable via IPv6.