(The Internet Corporation for Assigned Names and Numbers) is a global coordinating body acting in the public interest. ICANN
ensures that the Domain Name System (DNS) continues to function effectively, by overseeing the distribution of IP addresses and domain names. Among its responsibilities, ICANN
oversees the processes and systems that ensure that each domain name actually gets to the correct IP address.
What is ICANN's role?
ICANN's mission (on behalf of the global Internet
community) is to protect and preserve the stability, integrity and utility of the DNS and the authoritative root that ICANN was established to manage.
There are those, including operators of commercialized alternate roots, who pursue unilateral actions
outside the ICANN consensus and development process. Many hope to circumvent these processes by claiming to establish some prior right to a top-level domain name. ICANN recognizes no such
prior claim and continues to reflect the public policy consensus of the global Internet community over the private claims of the few who try to bypass this consensus.
ICANN has no role to play with alternate roots as long as these and other unauthorised efforts do not create instabilities in the
DNS or otherwise impair the stability of the authoritative root. But ICANN does have a role to play in educating and informing about threats to the Internet's reliability and stability.
ICANN is a consensus development body for the global Internet community
and its focus is the development of consensus policies relating to the single authoritative root and the DNS. These policies include those that allow the orderly introduction of new TLDs.
What is the Domain Name System?
The Domain Name System (DNS) helps users find their way around the Internet. Every computer on the Internet has a unique address, just like a telephone number, which is a rather
complicated string of numbers. It is called an "IP address" (IP stands for "Internet Protocol").
But because it would be hard to remember everyone's IP address, the DNS
makes it easier by allowing a "domain name" to be used instead of the numbers. Here's a 'for instance'. If you wanted to
get to the ICANN web site, instead of typing 184.108.40.206 (which is their IP address) you can type www.icann.org
Translating the name into the IP address is called "resolving the
domain name." Hence, the Domain Name System (DNS) allows you to reach an IP address by entering its domain name.
What is universal resolvability and why is it important?
Think of the phone system... when you dial a number, it rings at a particular location because there is a central numbering plan that
ensures that each telephone number is unique. The DNS works in a similar way. If telephone numbers or domain names were not unique, phone calls or e-mails intended for a particular person
might go to someone else. Without uniqueness, both systems would be unreliable and totally unpredictable.
Ensuring predictable results from any place on the Internet is
called "universal resolvability." It is a critical design feature of the DNS, one that makes the Internet the helpful, global resource it is.
If at any point the DNS had to make a choice between two
identical domain names with different IP addresses, it just wouldn't know how to resolve the domain name. When a DNS computer queries another computer it basically asks, "are you
the intended recipient of this message?" "Yes" and "No" are acceptable answers, but "maybe" is not.
What goes on behind the scenes?
Behind the scenes, the story becomes a little more complicated. In an Internet address – such as icann.org – the .org part is
known as a Top Level Domain, or TLD. So-called "TLD registries" house online databases that contain information about the domain
names in that TLD. The .org registry database for example, contains the Internet whereabouts, or IP address, of icann.org. So, in trying to find the Internet address of icann.org your
computer must first find the .org registry database. How is this done?
At the heart of the DNS are 13 special computers called Root
Servers. They are coordinated by ICANN and are distributed around the world. All 13 contain the same vital information – this is to spread the workload and back each other up.
Why are these root servers so important? The root servers
contain the IP addresses of all the TLD registries – both the global registries such as .com, .org, etc. and the 244 country-specific registries such as .fr (France), .cn (China), etc.
This is critical information. If the information is not 100% correct or if it is ambiguous, it might not be possible to locate a key
registry on the Internet. In DNS language, the information must be unique and authentic. Let us look at how this information is used.
Domain Name Resolvers
Scattered across the Internet are thousands of computers called "Domain Name Resolvers" or just plain "Resolvers", that routinely
download and copy the information contained in the Root Servers. These resolvers are located strategically with Internet Service Providers (ISPs) or institutional networks. They are used to
respond to a user's request to resolve a domain name. (To find the corresponding IP address.)
So what happens to a user's request to reach our familiar friend at
icann.org? The request is forwarded to a local resolver. The resolver splits the request into its component parts. It knows where to find the .org registry. (Remember, it had copied that
information from a root server beforehand.) So it forwards the request over to the .org registry to find the IP address of icann.org. This answer is forwarded back to the user's computer
and hey presto, we're done. It's that simple. The domain name icann.org has been "resolved".
Why do we need Domain Name Resolvers?
So why not use the root servers directly? After all, they contain essentially the same information. The answer is 'performance'. The Root Servers could not handle hundreds of billions of
requests a day... it would slow everything down to a crawl.
If you are still with the story, you are already wondering about
more complicated names with more parts such as www.icann.org. Well, the DNS is a hierarchical system. First, the resolver finds the IP address for the .org registry, queries that
registry to find the IP address for icann.org, then queries a local computer at that address to find the final IP address for www.icann.org. Just what you would expect.
It is important to remember the central and critical role played by
the root servers that store information about the unique, authoritative root. Confusion would result if there were two TLDs with the same name: which one did the user intend? The beauty
of the Internet architecture is that it ensures there is a unique, authoritative root, so that there is no chance of ambiguity.
What about "Alternate Roots"? What are they?
Anyone can create a root system similar to the unique authoritative root managed by ICANN. Many people and entities have. Some of these are purely private (eg: inside a single
corporation) and are insulated from having any effect on the DNS. Some however, overlap the authoritative global DNS root by incorporating the unique, authoritative root information and then
adding new pseudo-TLDs that have not resulted from the consensus-driven process by which official TLDs are created through ICANN.
Alternate Roots are not authoritative.
The alternate root operators persuade some users to have their resolvers "point" to their alternate root instead of the authoritative
root. Others (New.net is a recent example) also create browser plug-ins and other software work-arounds to accomplish similar effects. One uniform fact about all these efforts is that these
pseudo-TLDs are not included in the authoritative root managed by ICANN and thus, are not resolvable by the vast majority of Internet users.
Why Alternate Roots create a problem.
There are many potential problems caused by these unofficial, alternate root efforts to exploit the stability and reach of the authoritative root. These efforts are often promoted by those
unwilling to abide by the consensus policies established by the Internet community, policies designed to ensure the continued stability and utility of the DNS.
- First, the names of some of these pseudo-TLDs could
overlap TLD names in the authoritative root or those that appear in other alternate roots. Our familiar friend icann.org could appear in two different roots. Your e-mail to Aunt
Sally could end up with my Uncle Juan.
- Second, the unknowing users might not be linked to one of
these alternate roots and not be able to reach these pseudo-TLD addresses at all. Your e-mail to Aunt Sally could end up as a dead-letter.
- Third, those purchasing domain names in these
pseudo-TLDs may not be aware of these and other consequences of the lack of universal resolvability. Or they may be under the impression that they are experiencing
universal resolvability when in fact they are not. They may be very upset to learn that the names they registered are also being used by others, or that a new TLD in the
authoritative root will not include those names.
These problems are not significant as long as these alternate
roots remain very small... that is, house few domain names with little potential for conflict. But if they should ever attract many
users, the problems would become much more serious and could affect the stability and reliability of the DNS itself.