US gives control of DNS root zone

    This Friday, a message appeared on the site of an inconspicuous US agency that it was planning to give control of the root zone of the DNS. In other words, the United States will cease to control the entire domain name system, giving control to the community.

    Technical part

    In DNS, a recursive definition of a name begins with a dot at the end of a domain name. Most often it is missed, but, in fact, instead of www.grani.ruwriting should be - exactly so, with a dot. When a client asks for a recursive DNS server to tell which IP address is www, the process begins by identifying authoritative servers for the ru zone. And it starts with a request to the "." Zone, whose servers respond that the RU zone has several authoritative servers, and then the process continues recursively until we find out that the A-record for www points to, after which the browser goes to this address and finds out that Roskomnadzor ... However, the post is not about censorship.

    The root zone is responsible for the root server. They have 13 IP addresses - this is the maximum number that can be put in one DNS response over UDP. There are more servers themselves (multicasting, load balancing using DNAT and other technologies are used), but they have 13 addresses. The root server addresses are tightly “nailed” in the configs of almost any DNS server. And even DNS servers that do not support recursion usually respond with a list of root servers (if we don’t know the root servers and don’t know where to start the process of recursive name determination, then any DNS server will point them to us).

    It is in the root zone that TLDs (top level domains) are registered, such as .ru, .com, .jp, .info, etc.

    On this the technical part ends and the political part begins.

    Political part

    DPI, the great Chinese firewall, the small Russian firewall - it's all nonsense. Who controls the root zone controls the entire Internet. If you remove the .no zone from DNS, then no Norwegian website will be opened by name. More precisely, it will stop opening after some time, as soon as the caches of the resolvers are rotten.

    Historically, from the moment the Internet was allowed to be used for commercial activities, the root zone was formally subordinated to NTIA (full name: US Commerce Department's National Telecommunications and Information Administration - the American analogue of Roskomnadzor, however, without censorship functions). During the development of the Internet, the non-profit organization ICANN was created, which was engaged in relations with registrars of national domains, the creation of new TLDs, etc. An agreement was concluded with her - and ICANN also acted as IANA (top allocation IP address), she also managed the root zone. The technical work was entrusted to Verisign. But formal control remained with the United States.

    I must say, the United States has never in the slightest way used this “control” to influence the Internet, but the fear is “what if?” stayed. And intensified after the publication of NSA surveillance of everyone and everything. Demands to transfer control of the Internet (or rather, ICANN) under the control of international organizations, such as the UN, have been heard for a long time. The United States itself for a long time (back to 2000) promised to transfer control, but they pulled and pulled.

    And now, this moment has come true. The US plans to give control of the Internet.


    The contract between NTIA and ICANN expires in the fall of 2015. Until this moment, there will be no actual changes. But by this time it is planned to develop a policy for ICANN, principles for stakeholder participation and a general idea of ​​“how it will be.” In the list of so-called stakeholders - IETF, regional registrars (RIR), two completely unknown organizations: Internet Architecture Board (IAB), the Internet Society (ISOC), Verisign, TLD operators (all of a sudden, owners of .google, .yandex, etc. can get a slice of the handle for managing all DNS).

    In any case, taking into account the current NTIA behavior (non-interference), practical changes for end users (both website visitors and domain owners) will not be noticeable.

    On the other hand, there are certain risks of getting conflicts already around TLDs, allocation policies, etc. For all the seeming commercial and technical point of view (which the IETF is quite capable of), there is a risk of a considerable conflict around the national domains. Should a Basque Country Have a National Domain? Crimea? Abkhazia? Chechnya? Any other separatist group? If politicians catch up, then very serious problems are possible. Previously, they were solved by mild pressure from the United States. In the absence of a moderator, problems can become perceptible.

    illustration from

    Also popular now: