Root Zone refers to the highest level of the Domain Name System (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the gTLDs (.com, .net, .org, .jobs), and all the country code top level domains (ccTLDs), for example (.us, .uk .ph), including the entire list of all the root servers.
The DNS root zone contains only 280 delegations of generic, country code and internationalized top level domain names (TLD)s and its size is more or less 80,000 bytes. It also changes slowly and absorbs only one minor change per TLD every year.
Root Zone Management Process
The National Telecommunications Information Administration (NTIA), ICANN, Verisign and the Root Server Operators play significant roles in the management and process of the root zone.
NTIA is an agency under the United States Department of Commerce, which represents the federal government in a contract entered in with ICANN and Verisign, which grants the organizations separate functions in managing the performance of the root zone. NTIA is responsible in reviewing and approving whatever changes that need to be implemented within the root zone.
ICANN is the operator of the Internet Assigned Numbers Authority (IANA), which is responsible for the day-to-day management of the DNS root zone. IANA assigns the operators of the top level domain and ensures the maintenance and the administrative details of the TLDs. It is also responsible for the coordination of the Internet Protocol (IP) and Autonomous System Numbers (ASN) to the Regional Internet Registries (RIR).
Verisign, and formerly Network Solutions, serves as the root zone administrator under a cooperative agreement entered with the United States government; this has been in effect since 1998.
The Root Server Operators' primary role is to make sure that the operations of the root zone is always accurate, available, reliable and secure. There are thirteen Root Server Operators in the database of the root zone, which include:
- A - Verisign Global Registry Services
- B - Information Sciences Institute
- C - Cogent Communications
- D - University of Maryland
- E - NASA Ames Research Center
- F - Internet Systems Consortium, Inc.
- G - U.S. DOD Network Information Center
- H - U.S. Army Research Lab
- I - Autonomica/NORDUnet
- K - RIPE NCC
- L - ICANN
- M - WIDE Project
Root Zone Operational Changes
On February 3, 2009, the ICANN Board enumerated the upcoming operational changes to be implemented in the DNS root zone, such as the addition of IPv6 records to the root, new generic top level domains (gTLDs), new Internationalized Domain Names, and the implementation of DNSSEC. In connection to the anticipated root zone operational changes, the Board requested the Security and Stability Advisory Committee (SSAC) and Root Server System Advisory Committee (RSSAC) to conduct a joint study to analyze its impact to the stability and security to the DNS root server system. Furthermore, the Board requested both the committees to identify the capacity and scaling of the root server system to be able to solve any technical and operational challenges that might take place when the proposed changes are implemented. Some ICANN senior technical staff were also to take part in the study.
Root Scaling Study Report
The SSAC, RSSAC and ICANN Staff responded to the request of the ICANN Board by creating a Scaling Steering Group to conduct the study. On September 7, 2009, a report entitled: Report on the Impact on the DNS Root System of Increasing the Size and Volatility of the Root Zone was submitted by the Root Scaling Study Team for the Scaling Steering Group with the following findings and recommendations:
- Any of the proposed changes has an effect to the growth of the root zone. The study team suggested that it is best to add or make changes to the root zone with a large or sudden impact. Gradual changes can be added at later stages.
- Additional new TLDs will increase both the number of entries and the size of the root zone, however an increase in the number of TLDs will not increase the number of request per year per TLD.
- Adding DNSSEC changes the nature of the root zone wherein it will no longer be an atomic unit or an individual resource record, instead it will be a group resource record. Implementation of DNSSEC will result in a much bigger amount of data carried in the zone as well as larger zone transfers. Signature and other security related data will will added to queries to the DNS, and thus it needs more bandwidth network resources and the signature data needs to be regularly updated because they have expiration dates to avoid serving bad data and to avoid replay attacks.
- Additional IDN results to changes in the root zone similar to adding a TLD.
- Adding IPv6 records to the root zone will add glue records for the name server of every TLD. This means that the amount of data increases per TLD in the root zone and the number of changes per TLD will also increase each year.
The Root Scaling Study Team also found that the proposed changes to the root also affect the end-system applications of the Internet such as the web browsers, intermediary “middleboxes” that perform traffic shaping, firewall, and caching functions; and ISPs that manage the DNS services provided to internet users.
In addition, the team also recommended further study of how to detect the important signs of stress or problems in root zone management, and how to arrange communication between the individuals primary involved in the root zone management system to ensure that timely intelligence support and effective cooperative action are available and resolve the effects of discontinuities before causing further problems.