The world in your monitor
Back to Name Dropper home page
how dns works
F.A.Q. (Domain names)
Who is Nominet UK?
How DNS works

DNS - How it all works

ICANN is the corporation that oversees the Worldwide Domain Name System.

ICANN (The Internet Corporation for Assigned Names and Numbers) is a global coordinating body acting in the public interest. ICANN ensures that the Domain Name System (DNS) continues to function effectively, by overseeing the distribution of IP addresses and domain names. Among its responsibilities, ICANN oversees the processes and systems that ensure that each domain name actually gets to the correct IP address.

What is ICANN's role?
ICANN's mission (on behalf of the global Internet community) is to protect and preserve the stability, integrity and utility of the DNS and the authoritative root that ICANN was established to manage.

There are those, including operators of commercialized alternate roots, who pursue unilateral actions outside the ICANN consensus and development process. Many hope to circumvent these processes by claiming to establish some prior right to a top-level domain name. ICANN recognizes no such prior claim and continues to reflect the public policy consensus of the global Internet community over the private claims of the few who try to bypass this consensus.

Top of page 

ICANN has no role to play with alternate roots as long as these and other unauthorised efforts do not create instabilities in the DNS or otherwise impair the stability of the authoritative root. But ICANN does have a role to play in educating and informing about threats to the Internet's reliability and stability.

ICANN is a consensus development body for the global Internet community and its focus is the development of consensus policies relating to the single authoritative root and the DNS. These policies include those that allow the orderly introduction of new TLDs.

What is the Domain Name System?
The Domain Name System (DNS) helps users find their way around the Internet. Every computer on the Internet has a unique address, just like a telephone number, which is a rather complicated string of numbers. It is called an "IP address" (IP stands for "Internet Protocol").

But because it would be hard to remember everyone's IP address, the DNS makes it easier by allowing a "domain name" to be used instead of the numbers. Here's a 'for instance'. If you wanted to get to the ICANN web site, instead of typing (which is their IP address) you can type www.icann.org

Translating the name into the IP address is called "resolving the domain name." Hence, the Domain Name System (DNS) allows you to reach an IP address by entering its domain name.

Top of page 

What is universal resolvability and why is it important?
Think of the phone system... when you dial a number, it rings at a particular location because there is a central numbering plan that ensures that each telephone number is unique. The DNS works in a similar way. If telephone numbers or domain names were not unique, phone calls or e-mails intended for a particular person might go to someone else. Without uniqueness, both systems would be unreliable and totally unpredictable.

Ensuring predictable results from any place on the Internet is called "universal resolvability." It is a critical design feature of the DNS, one that makes the Internet the helpful, global resource it is.

If at any point the DNS had to make a choice between two identical domain names with different IP addresses, it just wouldn't know how to resolve the domain name. When a DNS computer queries another computer it basically asks, "are you the intended recipient of this message?" "Yes" and "No" are acceptable answers, but "maybe" is not.

Top of page 

What goes on behind the scenes?
Behind the scenes, the story becomes a little more complicated. In an Internet address such as icann.org the .org part is known as a Top Level Domain, or TLD. So-called "TLD registries" house online databases that contain information about the domain names in that TLD. The .org registry database for example, contains the Internet whereabouts, or IP address, of icann.org. So, in trying to find the Internet address of icann.org your computer must first find the .org registry database. How is this done?

Root Servers
At the heart of the DNS are 13 special computers called Root Servers. They are coordinated by ICANN and are distributed around the world. All 13 contain the same vital information this is to spread the workload and back each other up.

Why are these root servers so important? The root servers contain the IP addresses of all the TLD registries both the global registries such as .com, .org, etc. and the 244 country-specific registries such as .fr (France), .cn (China), etc. This is critical information. If the information is not 100% correct or if it is ambiguous, it might not be possible to locate a key registry on the Internet. In DNS language, the information must be unique and authentic. Let us look at how this information is used.

Top of page 

Domain Name Resolvers
Scattered across the Internet are thousands of computers called "Domain Name Resolvers" or just plain "Resolvers", that routinely download and copy the information contained in the Root Servers. These resolvers are located strategically with Internet Service Providers (ISPs) or institutional networks. They are used to respond to a user's request to resolve a domain name. (To find the corresponding IP address.)

So what happens to a user's request to reach our familiar friend at icann.org? The request is forwarded to a local resolver. The resolver splits the request into its component parts. It knows where to find the .org registry. (Remember, it had copied that information from a root server beforehand.) So it forwards the request over to the .org registry to find the IP address of icann.org. This answer is forwarded back to the user's computer and hey presto, we're done. It's that simple. The domain name icann.org has been "resolved".

Top of page 

Why do we need Domain Name Resolvers?
So why not use the root servers directly? After all, they contain essentially the same information. The answer is 'performance'. The Root Servers could not handle hundreds of billions of requests a day... it would slow everything down to a crawl.

If you are still with the story, you are already wondering about more complicated names with more parts such as www.icann.org. Well, the DNS is a hierarchical system. First, the resolver finds the IP address for the .org registry, queries that registry to find the IP address for icann.org, then queries a local computer at that address to find the final IP address for www.icann.org. Just what you would expect.

It is important to remember the central and critical role played by the root servers that store information about the unique, authoritative root. Confusion would result if there were two TLDs with the same name: which one did the user intend? The beauty of the Internet architecture is that it ensures there is a unique, authoritative root, so that there is no chance of ambiguity.

Top of page 

What about "Alternate Roots"? What are they?
Anyone can create a root system similar to the unique authoritative root managed by ICANN. Many people and entities have. Some of these are purely private (eg: inside a single corporation) and are insulated from having any effect on the DNS. Some however, overlap the authoritative global DNS root by incorporating the unique, authoritative root information and then adding new pseudo-TLDs that have not resulted from the consensus-driven process by which official TLDs are created through ICANN.

Alternate Roots are not authoritative.
The alternate root operators persuade some users to have their resolvers "point" to their alternate root instead of the authoritative root. Others (New.net is a recent example) also create browser plug-ins and other software work-arounds to accomplish similar effects. One uniform fact about all these efforts is that these pseudo-TLDs are not included in the authoritative root managed by ICANN and thus, are not resolvable by the vast majority of Internet users.

Top of page 

Why Alternate Roots create a problem.
There are many potential problems caused by these unofficial, alternate root efforts to exploit the stability and reach of the authoritative root. These efforts are often promoted by those unwilling to abide by the consensus policies established by the Internet community, policies designed to ensure the continued stability and utility of the DNS.

For example:

  • First, the names of some of these pseudo-TLDs could overlap TLD names in the authoritative root or those that appear in other alternate roots. Our familiar friend icann.org could appear in two different roots. Your e-mail to Aunt Sally could end up with my Uncle Juan.
  • Second, the unknowing users might not be linked to one of these alternate roots and not be able to reach these pseudo-TLD addresses at all. Your e-mail to Aunt Sally could end up as a dead-letter.

Top of page 

  • Third, those purchasing domain names in these pseudo-TLDs may not be aware of these and other consequences of the lack of universal resolvability. Or they may be under the impression that they are experiencing universal resolvability when in fact they are not. They may be very upset to learn that the names they registered are also being used by others, or that a new TLD in the authoritative root will not include those names.

These problems are not significant as long as these alternate roots remain very small... that is, house few domain names with little potential for conflict. But if they should ever attract many users, the problems would become much more serious and could affect the stability and reliability of the DNS itself.

Top of page 

Name Dropper UK, Media House, 53A High Street, Reigate, Surrey RH2 9AE - Tel: 01737 243696