Published on


Published in: Internet
  • Be the first to comment


  1. 1. Kuo-Wei Wu Chief Executive Officer,NIIEPA Member,Board of Directors,ICANN ICANN and IANA
  2. 2. What does ICANN do? • ICANN was formed in 1998. It is a not-for-profit partnership of people from all over the world dedicated to keeping the Internet secure, stable and interoperable. It promotes competition and develops policy on the Internet’s unique identifiers. • The DNS and IP addresses • Root servers • ICANN’s role and structure • Decisions making and accountability
  3. 3. RIRs
  4. 4. TLDs before 2011 3
  5. 5. Root Servers
  6. 6. ICANN Multistakeholder Model
  7. 7. TLD SERVER NAME SERVERINTERNET SERVICE PROVIDER (ISP) How is the root zone file secured? A layer of security called Domain Name System Security (DNSSEC) ensures integrity of the DNS by using cryptographic signatures to create a tamper-proof seal. ICANN holds and manages the master key used to enable this security, called the key-signing key. Every three months, ICANN holds a ceremony to use this master key to generate a set of operational keys, called zone signing keys, that Verisign will use for the following three months to create the tamper-proof seal and publish the root zone on a daily basis. The ceremony is public so that the operation is completely transparent. How is policy made? Policies applicable to the root zone are developed by the ICANN community, through its supporting organizations and advisory committees, as well as the Internet Engineering Task Force (IETF) and other parties. ICANN’s IANA staff implements those policies. ICANN COMMUNITY IANA FUNCTION RATIFIED POLICY 2014 | Creative Commons Attribution-ShareAlike 3.0 Further Information Internet Assigned Numbers Authority (IANA) Functions Website www.iana.org Internet Corporation for Assigned Names and Numbers (ICANN) www.icann.org National Telecommunications and Information Administration (NTIA) www.ntia.doc.gov Verisign www.verisigninc.com Root Server Operators www.root-servers.org THE ROOT ZONE DEMYSTIFIED Here’s the role of the root zone and how it helps the Internet function. It plays an important role, but it is really simple and transparent. DRAFT 6/26/2014 + PUBLISH Update Root Zone Database ICANN updates the root registry to reflect changes. VERIFIED ☑ ☑ ☑ ALL GOOD! NEW TLD! CHANGE OPERATOR! CHANGE ADDRESS! CHANGE SERVER! Event Triggers Request An event such as a change in TLD operator, routine maintenance or a natural disaster triggers the need for a change request. Change Request A TLD operator submits a change request to ICANN as the IANA Functions Operator. Policy Check ICANN as the IANA Functions Operator checks that the change request meets policy and technical requirements and confirms consent from the appropriate parties. If issues are found, ICANN clarifies with the TLD operator. Then, ICANN forwards the request to NTIA for verification and to Verisign, which maintains the root zone file. Publish Root File The root zone maintainer, Verisign, performs technical validation, applies a tamper-proof seal, and distributes the updated root zone file to root server operators. Verification The root zone administrator, NTIA, verifies that ICANN has followed the required procedural checks, and then gives authorization to proceed with publishing the change. The root zone is the 'master directory' of the Domain Name System (DNS): a comprehensive list of all top-level domain (TLD) registries and where they are hosted on the Internet. Despite its importance, the root zone file is small. As it only lists TLDs, it is less than a megabyte and is available to anyone at: www.iana.org/domains/root/files. Hundreds of root name servers host the root zone file around the globe. They are operated by 12 diverse organizations. This ensures that the root zone is open, transparent, and always available anywhere on the Internet. ICANN maintains a root registry database that contains the administrative and operational contacts for root server operators and TLD administrators. The Root Zone The Root FileThe Root Servers . 86400 IN RRSIG SOA 8 0 86400 201406200 00000 20140612230000 40926 . Kch1aMBL5vl YqprLSU008HFiRA8= . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN RRSIG NS 8 0 518400 20140620 000000 20140612230000 40926 . lDRumYvGwI N3TCqApkA= . 172800 IN DNSKEY 256 3 8 AwEAAZvJd8ORk +jmZ41QMYbQ1XCpf60l6YJuHtnxn0VSh5a5vqwEj int. 172800 IN NS ns.uu.net. int. 172800 IN NS ns.icann.org. int. 172800 IN NS ns0.ja.net. int. 172800 IN NS ns1.cs.ucl.ac.uk. int. 172800 IN NS sec2.authdns.ripe.net. int. 86400 IN NSEC international. NS WHY IT MATTERS THE ROOT ZONE HOW IT IS MANAGED The root zone is an integral part of the DNS, which is used to translate readable host names into numeric Internet Protocol (IP) addresses. Without this, you would only be able to visit a website by entering its individual IP address, such as Here's how it works: Can you take me to www.example.com? Keep going. Here are directions to find the example.com authority. Welcome to the example.com authority! I can tell you the network location for www.example.com is This is a .com domain. Here are directions to find the .com directory. I need directions. I’ll ask the root servers where to go. Co-Created with XPLANE™