Root Zone: Difference between revisions
No edit summary |
|||
(50 intermediate revisions by 12 users not shown) | |||
Line 1: | Line 1: | ||
[[ | '''Root Zone''' refers to the highest level of the [[DNS|Domain Name System]] (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the [[gTLD]]s ([[.com]], [[.net]], [[.org]]), including [[new gTLD]]s ([[.xyz]], [[.club]], [[.google]]), as well [[CcTLD|ccTLD]]s ([[.us]], [[.uk]], [[.ar]]) and [[IDN]]s ([[.在线]], [[.عرب]], [[.संगठन]]) in the root zone file.<ref>[http://www.isoc.org/briefings/019/ www.isoc.org]</ref> | ||
The DNS root zone contains over 1,500 gTLDs, ccTLDs and IDNs that are delegated to the Root Zone Database.<ref> | |||
[http://www.iana.org/domains/root/db IANA Root Zone Database]</ref> | |||
==Root Zone Management== | ==Root Zone Management Process== | ||
[[ICANN]], [[Verisign]] and the [[Root Server Operators]] play significant roles in the management and process of the root zone. | |||
ICANN is the operator of the [[IANA|Internet Assigned Numbers Authority]] (IANA), which is responsible for the day-to-day management of the DNS root zone. IANA assigns the operators of the top level domain and ensures the maintenance and the administrative details of the TLDs.<ref>RFC 1591</ref><ref>[http://www.iana.org/domains/root/ Root Zone Management]</ref> It is also responsible for the coordination of the [[IP|Internet Protocol]] (IP) and [[ASN|Autonomous System Numbers]] (ASN) to the [[RIR|Regional Internet Registries]] (RIR). | |||
Verisign, and formerly [[Network Solutions]], serves as the root zone administrator. | |||
The [[Root Server Operators]]' primary role is to make sure that the operations of the root zone are always accurate, available, reliable, and secure. There are twelve Root Server Operators in the database of the root zone, which include:<ref>[http://www.isoc.org/briefings/019/ Root Server Operators]</ref> | |||
* A/J - [[Verisign]] Global Registry Services | |||
* B - [[University of Southern California – Information Sciences Institute|USC ISI]] | |||
* C - [[Cogent Communications]] | |||
* D - [[University of Maryland – ACIGS]] | |||
* E - [[NASA Ames Research Center]] | |||
* F - [[ISC|Internet Systems Consortium, Inc.]] | |||
* G - [[Defense Information Systems Agency]] | |||
* H -[[ U.S. Army Research Lab]] | |||
* I - [[Netnod | Autonomica/NORDUnet]] | |||
* K - [[RIPE NCC]] | |||
* L - [[ICANN]] | |||
* M - [[WIDE Project]] | |||
==Root Zone Operational Changes== | |||
On February 3, 2009, the [[ICANN Board]] enumerated the upcoming operational changes to be implemented in the [[DNS]] root zone, such as the addition of [[IPv6]] records to the root, new [[gTLD|generic top level domains]] (gTLDs), new [[IDN|Internationalized Domain Names]], and the implementation of [[DNSSEC]]. In connection to the anticipated root zone operational changes, the Board requested the [[SSAC|Security and Stability Advisory Committee]] (SSAC) and [[RSSAC|Root Server System Advisory Committee]] (RSSAC) to conduct a joint study to analyze its impact to the stability and security to the DNS root server system. Furthermore, the Board requested both the committees to identify the capacity and scaling of the root server system to be able to solve any technical and operational challenges that might take place when the proposed changes are implemented. Some [[ICANN]] senior technical staff were also to take part in the study.<ref>[http://www.icann.org/en/minutes/prelim-report-03feb09.htm ICANN Special Board Meeting]</ref> | |||
==Root Scaling Study Report== | |||
The SSAC, RSSAC and ICANN Staff responded to the request of the ICANN Board by creating a Scaling Steering Group to conduct the study. On September 7, 2009, a report entitled: Report on the Impact on the DNS Root System of Increasing the Size and Volatility of the Root Zone was submitted by the Root Scaling Study Team for the Scaling Steering Group with the following findings and recommendations:<ref>[http://www.icann.org/en/committees/dns-root/root-scaling-study-report-31aug09-en.pdf Root Scaling Study Report]</ref> | |||
* Any of the proposed changes has an effect to the growth of the root zone. The study team suggested that it is best to add or make changes to the root zone with a large or sudden impact. Gradual changes can be added at later stages. | |||
* Additional new TLDs will increase both the number of entries and the size of the root zone, however an increase in the number of TLDs will not increase the number of request per year per TLD. | |||
* Adding DNSSEC changes the nature of the root zone wherein it will no longer be an atomic unit or an individual resource record, instead it will be a group resource record. Implementation of DNSSEC will result in a much bigger amount of data carried in the zone as well as larger zone transfers. Signature and other security related data will be added to queries to the DNS, and thus it needs more bandwidth network resources and the signature data needs to be regularly updated because they have expiration dates to avoid serving bad data and to avoid replay attacks. | |||
* Additional IDN results to changes in the root zone similar to adding a TLD. | |||
* Adding IPv6 records to the root zone will add glue records for the name server of every TLD. This means that the amount of data increases per TLD in the root zone and the number of changes per TLD will also increase each year. | |||
The Root Scaling Study Team also found that the proposed changes to the root also affect the end-system applications of the Internet such as the web browsers, intermediary “middleboxes” that perform traffic shaping, firewall, and caching functions; and [[ISP]]s that manage the DNS services provided to internet users. | |||
In addition, the team also recommended further study of how to detect the important signs of stress or problems in root zone management, and how to arrange communication between the individuals primary involved in the root zone management system to ensure that timely intelligence support and effective cooperative action are available and resolve the effects of discontinuities before causing further problems. | |||
==Human rights and the root zone== | |||
The root zone does not censor queries for any reason. Any user's queries are responded to regardless of their intentions. | |||
==References== | |||
{{reflist}} | |||
__FORCETOC__ | |||
[[Category:Glossary]] | [[Category:Glossary]] |
Latest revision as of 10:01, 26 April 2023
Root Zone refers to the highest level of the Domain Name System (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the gTLDs (.com, .net, .org), including new gTLDs (.xyz, .club, .google), as well ccTLDs (.us, .uk, .ar) and IDNs (.在线, .عرب, .संगठन) in the root zone file.[1]
The DNS root zone contains over 1,500 gTLDs, ccTLDs and IDNs that are delegated to the Root Zone Database.[2]
Root Zone Management Process[edit | edit source]
ICANN, Verisign and the Root Server Operators play significant roles in the management and process of the root zone.
ICANN is the operator of the Internet Assigned Numbers Authority (IANA), which is responsible for the day-to-day management of the DNS root zone. IANA assigns the operators of the top level domain and ensures the maintenance and the administrative details of the TLDs.[3][4] It is also responsible for the coordination of the Internet Protocol (IP) and Autonomous System Numbers (ASN) to the Regional Internet Registries (RIR).
Verisign, and formerly Network Solutions, serves as the root zone administrator.
The Root Server Operators' primary role is to make sure that the operations of the root zone are always accurate, available, reliable, and secure. There are twelve Root Server Operators in the database of the root zone, which include:[5]
- A/J - Verisign Global Registry Services
- B - USC ISI
- C - Cogent Communications
- D - University of Maryland – ACIGS
- E - NASA Ames Research Center
- F - Internet Systems Consortium, Inc.
- G - Defense Information Systems Agency
- H -U.S. Army Research Lab
- I - Autonomica/NORDUnet
- K - RIPE NCC
- L - ICANN
- M - WIDE Project
Root Zone Operational Changes[edit | edit source]
On February 3, 2009, the ICANN Board enumerated the upcoming operational changes to be implemented in the DNS root zone, such as the addition of IPv6 records to the root, new generic top level domains (gTLDs), new Internationalized Domain Names, and the implementation of DNSSEC. In connection to the anticipated root zone operational changes, the Board requested the Security and Stability Advisory Committee (SSAC) and Root Server System Advisory Committee (RSSAC) to conduct a joint study to analyze its impact to the stability and security to the DNS root server system. Furthermore, the Board requested both the committees to identify the capacity and scaling of the root server system to be able to solve any technical and operational challenges that might take place when the proposed changes are implemented. Some ICANN senior technical staff were also to take part in the study.[6]
Root Scaling Study Report[edit | edit source]
The SSAC, RSSAC and ICANN Staff responded to the request of the ICANN Board by creating a Scaling Steering Group to conduct the study. On September 7, 2009, a report entitled: Report on the Impact on the DNS Root System of Increasing the Size and Volatility of the Root Zone was submitted by the Root Scaling Study Team for the Scaling Steering Group with the following findings and recommendations:[7]
- Any of the proposed changes has an effect to the growth of the root zone. The study team suggested that it is best to add or make changes to the root zone with a large or sudden impact. Gradual changes can be added at later stages.
- Additional new TLDs will increase both the number of entries and the size of the root zone, however an increase in the number of TLDs will not increase the number of request per year per TLD.
- Adding DNSSEC changes the nature of the root zone wherein it will no longer be an atomic unit or an individual resource record, instead it will be a group resource record. Implementation of DNSSEC will result in a much bigger amount of data carried in the zone as well as larger zone transfers. Signature and other security related data will be added to queries to the DNS, and thus it needs more bandwidth network resources and the signature data needs to be regularly updated because they have expiration dates to avoid serving bad data and to avoid replay attacks.
- Additional IDN results to changes in the root zone similar to adding a TLD.
- Adding IPv6 records to the root zone will add glue records for the name server of every TLD. This means that the amount of data increases per TLD in the root zone and the number of changes per TLD will also increase each year.
The Root Scaling Study Team also found that the proposed changes to the root also affect the end-system applications of the Internet such as the web browsers, intermediary “middleboxes” that perform traffic shaping, firewall, and caching functions; and ISPs that manage the DNS services provided to internet users.
In addition, the team also recommended further study of how to detect the important signs of stress or problems in root zone management, and how to arrange communication between the individuals primary involved in the root zone management system to ensure that timely intelligence support and effective cooperative action are available and resolve the effects of discontinuities before causing further problems.
Human rights and the root zone[edit | edit source]
The root zone does not censor queries for any reason. Any user's queries are responded to regardless of their intentions.