Root Zone

From ICANNWiki
Jump to: navigation, search
This article is neutral, and sponsored by Neustar,
the technical provider for 358 new gTLD applicants
& a leading telecom information provider,
learn more about their services here
ICANNWiki Gold Sponsor

Root Zone refers to the highest level of the Domain Name System (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the gTLDs (.com, .net, .org, .jobs), and all the country code top level domains (ccTLDs), for example (.us, .uk .ph), including the entire list of all the root servers.[1]

The DNS root zone contains only 280 delegations of generic, country code and internationalized top level domain names (TLD)s and its size is more or less 80,000 bytes. It also changes slowly and absorbs only one minor change per TLD every year.[2]

Root Zone Management Process

The National Telecommunications Information Administration (NTIA), ICANN, Verisign and the Root Server Operators play significant roles in the management and process of the root zone.

NTIA is an agency under the United States Department of Commerce, which represents the federal government in a contract entered in with ICANN and Verisign, which grants the organizations separate functions in managing the performance of the root zone. NTIA is responsible in reviewing and approving whatever changes that need to be implemented within the root zone.[3]

ICANN is the operator of the Internet Assigned Numbers Authority (IANA), which is responsible for the day-to-day management of the DNS root zone. IANA assigns the operators of the top level domain and ensures the maintenance and the administrative details of the TLDs.[4][5] It is also responsible for the coordination of the Internet Protocol (IP) and Autonomous System Numbers (ASN) to the Regional Internet Registries (RIR).

Verisign, and formerly Network Solutions, serves as the root zone administrator under a cooperative agreement entered with the United States government; this has been in effect since 1998.

The Root Server Operators' primary role is to make sure that the operations of the root zone is always accurate, available, reliable and secure. There are thirteen Root Server Operators in the database of the root zone, which include:[6]

Root Zone Operational Changes

On February 3, 2009, the ICANN Board enumerated the upcoming operational changes to be implemented in the DNS root zone, such as the addition of IPv6 records to the root, new generic top level domains (gTLDs), new Internationalized Domain Names, and the implementation of DNSSEC. In connection to the anticipated root zone operational changes, the Board requested the Security and Stability Advisory Committee (SSAC) and Root Server System Advisory Committee (RSSAC) to conduct a joint study to analyze its impact to the stability and security to the DNS root server system. Furthermore, the Board requested both the committees to identify the capacity and scaling of the root server system to be able to solve any technical and operational challenges that might take place when the proposed changes are implemented. Some ICANN senior technical staff were also to take part in the study.[7]

Root Scaling Study Report

The SSAC, RSSAC and ICANN Staff responded to the request of the ICANN Board by creating a Scaling Steering Group to conduct the study. On September 7, 2009, a report entitled: Report on the Impact on the DNS Root System of Increasing the Size and Volatility of the Root Zone was submitted by the Root Scaling Study Team for the Scaling Steering Group with the following findings and recommendations:[8]

  • Any of the proposed changes has an effect to the growth of the root zone. The study team suggested that it is best to add or make changes to the root zone with a large or sudden impact. Gradual changes can be added at later stages.
  • Additional new TLDs will increase both the number of entries and the size of the root zone, however an increase in the number of TLDs will not increase the number of request per year per TLD.
  • Adding DNSSEC changes the nature of the root zone wherein it will no longer be an atomic unit or an individual resource record, instead it will be a group resource record. Implementation of DNSSEC will result in a much bigger amount of data carried in the zone as well as larger zone transfers. Signature and other security related data will be added to queries to the DNS, and thus it needs more bandwidth network resources and the signature data needs to be regularly updated because they have expiration dates to avoid serving bad data and to avoid replay attacks.
  • Additional IDN results to changes in the root zone similar to adding a TLD.
  • Adding IPv6 records to the root zone will add glue records for the name server of every TLD. This means that the amount of data increases per TLD in the root zone and the number of changes per TLD will also increase each year.

The Root Scaling Study Team also found that the proposed changes to the root also affect the end-system applications of the Internet such as the web browsers, intermediary “middleboxes” that perform traffic shaping, firewall, and caching functions; and ISPs that manage the DNS services provided to internet users.

In addition, the team also recommended further study of how to detect the important signs of stress or problems in root zone management, and how to arrange communication between the individuals primary involved in the root zone management system to ensure that timely intelligence support and effective cooperative action are available and resolve the effects of discontinuities before causing further problems.

Chinese version of this page/本页中文版


根区域指的是域名系统(DNS)结构的最高级别。它包含所有顶级域名,比如通用顶级域(gTLD)(.com, .net, .org,.jobs),以及所有国家代码顶级域(ccTLDs),比如(.us, .uk .ph)的名称和数字IP地址,包括所有根服务器的完整列表。[9]

域名系统根区域只包含280个授权的通用类、国家代码类和国际化顶级域 (TLD),其大小在80,000字节左右。它也在缓慢地发生变化,并且每年只采纳每个顶级域的一个微小变更。[10]



国家电信和信息管理局(NTIA)是隶属于美国商务部 的一家机构,在与ICANN及威瑞信达成的一份合约中代表联邦政府,赋予ICANN和威瑞信各自管理根区域绩效的职能。NTIA负责审核和批准需要在根区域内部执行的任何变更。[11]

ICANN互联网号码分配机构(IANA)的运营商,IANA负责DNS根区域的日常管理工作。IANA指派顶级域的运营商并确保顶级域的维护和具体管理工作。[12][13]它还负责互联网协议(IP)及自制系统编号 (ASN)至区域性互联网注册局(RIR)的协调。

根区域原来由Network Solutions负责管理,威瑞信在1998年与美国政府缔结了一份合作协议,自此负责管理根区域。

根服务器运营商的主要职责是确保根区域的运作一直精确、可用、可靠和安全。根区域的数据库中共有十三个根服务器运营商,包括: [14]


2009年2月3日, ICANN 董事会列举了将在 DNS 根区域中执行的操作性变更,比如向根添加互联网通信协议第6版(IPv6)的记录、新通用顶级域(gTLDs)、新国际化域名 以及执行域名系统安全扩展(DNSSEC)。与预期的根区域操作性变更有关的是,董事会要求安全与稳定咨询委员会(SSAC)和根服务器系统咨询委员会(RSSAC)执行一项联合调查,分析它对DNS根服务器系统稳定性和安全性的影响。此外,董事会要求两大委员会确定根服务器系统的容量和调整,以应对执行提议的变更后可能发生的任何技术性和操作性挑战。一些ICANN高级技术员工也参与了此次研究。[15]


SSAC、 RSSAC 和ICANN员工根据ICANN董事会的要求创办了一个调整指导组执行该研究。2009年9月7日,代表调整指导组的根调整研究团队提交了一份标题为:增加根区域大小和易变性对DNS根系统的影响报告,结果和建议如下:[16]

  • 任何一项变更提议都会对根区域的发展产生影响。研究团队建议最好以对根区域有大影响或快速影响的方式进行添加或变更。逐步的变更可以在后期进行添加。
  • 额外的新顶级域将增加记录的数量和根区域的大小,但是顶级域数量的增加不会导致每个顶级域每年申请数量的增加。
  • 添加域名系统安全扩展(DNSSEC)会改变根区域的性质,根区域会因此而不再属于一个原子单位或个体资源记录,而将成为一个群组资源记录。执行DNSSEC会导致根区域中存在更大数量的数据以及更大量的区域传输。签名和其他安全相关数据将被添加到对DNS的查询中,因此需要更多宽带网络资源,而且签名数据需要定期更新,因为它们有一个有效期限,目的是为了避免服务不良数据并且避免重放攻击。
  • 额外的国际化域名对根区域产生的影响与添加顶级域的影响类似。
  • 添加IPv6记录至根区域将增加每个顶级域中名称服务器的粘附记录。这意味着根区域中每个顶级域的数据量将增加,并且每个顶级域的变更数量也将每年增加。

根调整研究团队还发现,提议对根进行的变更还会影响互联网的终端系统应用,比如网页浏览器、执行流量整形的“中间设备(middleboxes)”、防火墙和缓存功能;以及负责管理提供给互联网用户的DNS服务的 互联网服务提供商(ISP)。


Chinese translation of this page provided thanks to TLD Registry Ltd.


  2. Scaling the Root
  4. RFC 1591
  5. Root Zone Management
  6. Root Server Operators
  7. ICANN Special Board Meeting
  8. Root Scaling Study Report
  10. Scaling the Root
  12. RFC 1591
  13. Root Zone Management
  14. Root Server Operators
  15. ICANN Special Board Meeting
  16. Root Scaling Study Report