ICANN manages the root zone file which contains the authoritative records for all top-level domains on the internet. The root zone file is distributed to root servers operated by diverse organizations around the world to ensure it is always available. When changes need to be made, such as adding a new TLD, the TLD operator submits a request to ICANN which verifies it meets policy requirements before forwarding to NTIA for authorization and Verisign to publish the updated file. This process maintains security and stability of the domain name system.

1. Kuo-Wei Wu
Chief Executive Officer,NIIEPA
Member,Board of Directors,ICANN
ICANN and IANA

2. What does ICANN do?
• ICANN was formed in 1998. It is a not-for-profit
partnership of people from all over the world
dedicated to keeping the Internet secure, stable and
interoperable. It promotes competition and develops
policy on the Internet’s unique identifiers.
• The DNS and IP addresses
• Root servers
• ICANN’s role and structure
• Decisions making and accountability

3. RIRs

4. TLDs before 2011
3

5. Root Servers

8. ICANN Multistakeholder Model

9. TLD SERVER
NAME SERVERINTERNET SERVICE
PROVIDER (ISP)
How is the root zone file secured?
A layer of security called Domain Name System Security (DNSSEC)
ensures integrity of the DNS by using cryptographic signatures to create
a tamper-proof seal. ICANN holds and manages the master key used to
enable this security, called the key-signing key.
Every three months, ICANN holds a ceremony to use this master key to
generate a set of operational keys, called zone signing keys, that Verisign
will use for the following three months to create the tamper-proof seal
and publish the root zone on a daily basis. The ceremony is public so
that the operation is completely transparent.
How is policy made?
Policies applicable to the root zone are developed
by the ICANN community, through its supporting
organizations and advisory committees, as well
as the Internet Engineering Task Force (IETF) and
other parties. ICANN’s IANA staff implements
those policies.
ICANN COMMUNITY
IANA FUNCTION
RATIFIED POLICY
2014 | Creative Commons Attribution-ShareAlike 3.0
Further Information
Internet Assigned Numbers Authority (IANA) Functions Website
www.iana.org
Internet Corporation for Assigned Names and Numbers (ICANN)
www.icann.org
National Telecommunications and Information Administration (NTIA)
www.ntia.doc.gov
Verisign
www.verisigninc.com
Root Server Operators
www.root-servers.org
THE ROOT ZONE DEMYSTIFIED Here’s the role of the root zone and how it helps the Internet function.
It plays an important role, but it is really simple and transparent.
DRAFT
6/26/2014
+ PUBLISH
Update Root
Zone Database
ICANN updates the root
registry to reflect changes.
VERIFIED
☑
☑
☑
ALL GOOD!
NEW TLD!
CHANGE
OPERATOR!
CHANGE
ADDRESS!
CHANGE
SERVER!
Event Triggers Request
An event such as a change in TLD
operator, routine maintenance or
a natural disaster triggers the
need for a change request.
Change Request
A TLD operator submits a change request to
ICANN as the IANA Functions Operator.
Policy Check
ICANN as the IANA Functions
Operator checks that the change
request meets policy and technical
requirements and confirms consent
from the appropriate parties. If
issues are found, ICANN clarifies
with the TLD operator. Then, ICANN
forwards the request to NTIA for
verification and to Verisign, which
maintains the root zone file.
Publish Root File
The root zone maintainer, Verisign,
performs technical validation,
applies a tamper-proof seal, and
distributes the updated root zone
file to root server operators.
Verification
The root zone administrator, NTIA, verifies that
ICANN has followed the required procedural
checks, and then gives authorization to proceed
with publishing the change.
The root zone is the 'master directory' of the
Domain Name System (DNS): a comprehensive list
of all top-level domain (TLD) registries and where
they are hosted on the Internet.
Despite its importance, the root zone file is small.
As it only lists TLDs, it is less than a megabyte and
is available to anyone at:
www.iana.org/domains/root/files.
Hundreds of root name servers host the root zone file
around the globe. They are operated by 12 diverse
organizations. This ensures that the root zone is
open, transparent, and always available anywhere
on the Internet.
ICANN maintains a root registry database that
contains the administrative and operational contacts
for root server operators and TLD administrators.
The Root Zone The Root FileThe Root Servers
. 86400 IN RRSIG SOA 8 0 86400 201406200
00000 20140612230000 40926 . Kch1aMBL5vl
YqprLSU008HFiRA8=
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN RRSIG NS 8 0 518400 20140620
000000 20140612230000 40926 . lDRumYvGwI
N3TCqApkA=
. 172800 IN DNSKEY 256 3 8 AwEAAZvJd8ORk
+jmZ41QMYbQ1XCpf60l6YJuHtnxn0VSh5a5vqwEj
int. 172800 IN NS ns.uu.net.
int. 172800 IN NS ns.icann.org.
int. 172800 IN NS ns0.ja.net.
int. 172800 IN NS ns1.cs.ucl.ac.uk.
int. 172800 IN NS sec2.authdns.ripe.net.
int. 86400 IN NSEC international. NS
WHY IT MATTERS
THE ROOT ZONE HOW IT IS MANAGED
The root zone is an integral part of the DNS, which is used
to translate readable host names into numeric Internet
Protocol (IP) addresses. Without this, you would only be
able to visit a website by entering its individual IP
address, such as
Here's how it works:
Can you take me to
www.example.com?
Keep going. Here are directions to
find the example.com authority.
Welcome to the example.com
authority! I can tell you the network
location for www.example.com
is 192.0.2.253.
This is a .com domain. Here are
directions to find the .com directory.
I need directions. I’ll ask
the root servers where to go.
Co-Created with XPLANE™