Chief Executive Officer,NIIEPA
Member,Board of Directors,ICANN
ICANN and IANA
What does ICANN do?
• ICANN was formed in 1998. It is a not-for-proﬁt
partnership of people from all over the world
dedicated to keeping the Internet secure, stable and
interoperable. It promotes competition and develops
policy on the Internet’s unique identiﬁers.
• The DNS and IP addresses
• Root servers
• ICANN’s role and structure
• Decisions making and accountability
NAME SERVERINTERNET SERVICE
How is the root zone file secured?
A layer of security called Domain Name System Security (DNSSEC)
ensures integrity of the DNS by using cryptographic signatures to create
a tamper-proof seal. ICANN holds and manages the master key used to
enable this security, called the key-signing key.
Every three months, ICANN holds a ceremony to use this master key to
generate a set of operational keys, called zone signing keys, that Verisign
will use for the following three months to create the tamper-proof seal
and publish the root zone on a daily basis. The ceremony is public so
that the operation is completely transparent.
How is policy made?
Policies applicable to the root zone are developed
by the ICANN community, through its supporting
organizations and advisory committees, as well
as the Internet Engineering Task Force (IETF) and
other parties. ICANN’s IANA staff implements
2014 | Creative Commons Attribution-ShareAlike 3.0
Internet Assigned Numbers Authority (IANA) Functions Website
Internet Corporation for Assigned Names and Numbers (ICANN)
National Telecommunications and Information Administration (NTIA)
Root Server Operators
THE ROOT ZONE DEMYSTIFIED Here’s the role of the root zone and how it helps the Internet function.
It plays an important role, but it is really simple and transparent.
ICANN updates the root
registry to reflect changes.
Event Triggers Request
An event such as a change in TLD
operator, routine maintenance or
a natural disaster triggers the
need for a change request.
A TLD operator submits a change request to
ICANN as the IANA Functions Operator.
ICANN as the IANA Functions
Operator checks that the change
request meets policy and technical
requirements and confirms consent
from the appropriate parties. If
issues are found, ICANN clarifies
with the TLD operator. Then, ICANN
forwards the request to NTIA for
verification and to Verisign, which
maintains the root zone file.
Publish Root File
The root zone maintainer, Verisign,
performs technical validation,
applies a tamper-proof seal, and
distributes the updated root zone
file to root server operators.
The root zone administrator, NTIA, verifies that
ICANN has followed the required procedural
checks, and then gives authorization to proceed
with publishing the change.
The root zone is the 'master directory' of the
Domain Name System (DNS): a comprehensive list
of all top-level domain (TLD) registries and where
they are hosted on the Internet.
Despite its importance, the root zone file is small.
As it only lists TLDs, it is less than a megabyte and
is available to anyone at:
Hundreds of root name servers host the root zone file
around the globe. They are operated by 12 diverse
organizations. This ensures that the root zone is
open, transparent, and always available anywhere
on the Internet.
ICANN maintains a root registry database that
contains the administrative and operational contacts
for root server operators and TLD administrators.
The Root Zone The Root FileThe Root Servers
. 86400 IN RRSIG SOA 8 0 86400 201406200
00000 20140612230000 40926 . Kch1aMBL5vl
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN RRSIG NS 8 0 518400 20140620
000000 20140612230000 40926 . lDRumYvGwI
. 172800 IN DNSKEY 256 3 8 AwEAAZvJd8ORk
int. 172800 IN NS ns.uu.net.
int. 172800 IN NS ns.icann.org.
int. 172800 IN NS ns0.ja.net.
int. 172800 IN NS ns1.cs.ucl.ac.uk.
int. 172800 IN NS sec2.authdns.ripe.net.
int. 86400 IN NSEC international. NS
WHY IT MATTERS
THE ROOT ZONE HOW IT IS MANAGED
The root zone is an integral part of the DNS, which is used
to translate readable host names into numeric Internet
Protocol (IP) addresses. Without this, you would only be
able to visit a website by entering its individual IP
address, such as
Here's how it works:
Can you take me to
Keep going. Here are directions to
find the example.com authority.
Welcome to the example.com
authority! I can tell you the network
location for www.example.com
This is a .com domain. Here are
directions to find the .com directory.
I need directions. I’ll ask
the root servers where to go.
Co-Created with XPLANE™