Is there a master plan for supervision of the DNS root?

Published on: Monday 24 March 2014

Internet governance was already going to be one of the big topics of the year, but the US government's announcement that it intends to relinquish its role as supervisor of the DNS root's governance in 2015 has propelled the subject onto the front pages of national newspapers. And left people around the world wondering what the impact of the change will be and how supervision should be organised after 2015.

US has traditionally overseen IANA functions

Performance of the so-called 'IANA functions' has traditionally been under US supervision. Since ICANN was founded, it has been responsible for performing the IANA functions – administration of the root and other tasks such as the allocation of IP addresses – under a contract with the US government.

Changes to the root zone require US approval

Every change to the root of the domain name system - the central reference source, which points to all top-level domains (TLDs), including .nl, .com and .eu – currently has to be rubber stamped by the US Department of Commerce. That applies whether the change in question involves a US-based registry such as VeriSign getting the entry for .com updated, or involves SIDN getting something changed for.nl. Naturally China, to name but one, has been unhappy about US approval being needed for a root change to its own country-code domain. The fact that the US authorities have never apparently abused their power and that all TLD registries' requests have been approved without question has not prevented unease concerning the principle.

ICANN decides, IANA implements

Ultimately, the IANA functions are also purely technical/administrative. IANA does not decide who should administer which TLD. Responsibility for such decisions lies with ICANN, a multistakeholder organisation, which also defines the rules governing generic top-level domains (gTLDs). IANA's role is merely to implement decisions made by ICANN.

Control of the domain name system

Although whoever controls the IANA functions theoretically has enormous power over the way that the domain name system works, the situation has not actually yielded any problems so far. Nevertheless, in view of the potential for issues to arise, it is very important that future supervision of the IANA functions' performance is organised in a way that ensures that the functions continue to be performed on a purely technical/administrative basis. One would expect the US government to recognise that fact and to take steps to assure future impartiality before the handover of power.

No master plan

It is therefore surprising that the US's formal announcement of its intention to hand over its IANA role to a third party in 2015 contained no concrete proposal regarding a future governance model. Rather, the announcement merely indicated that ICANN should devise a new model. Apparently, therefore, there is no master plan for future governance. Or is there?

Key discussion topic for the 49th ICANN Meeting

This week, the 49th ICANN Meeting takes place in Singapore. The globalisation of the IANA functions will be one of the main subjects on the agenda. And we may discover whether all options really are up for discussion. The question is: is that actually desirable, and is there in fact a good alternative? Next week we shall learn more.

Comments

  • Tuesday 27 February 2018 Internet security

    DNSSEC-validating DNS service: successful pilot completed

    "It's high time access providers in the Netherlands enabled validation"

    Afbeelding van DNSSEC-validating DNS service: successful pilot completed
    Read more
  • Thursday 12 April 2018 Knowledge

    Catch-up: Webinar on the implications of the GDPR for domain registration

    Watch the webinar

    Afbeelding van Catch-up: Webinar on the implications of the GDPR for domain registration
    Read more
  • Thursday 5 April 2018 Knowledge bank

    DNSSEC timing: absolute, relative and administrative timestamps

    22 February 2016 DNSSEC has changed the world of the DNS operator in two key respects. First, it has transformed the DNS from a primarily administrative system into a much more complex cryptographic platform (NL) that can be used for a wide variety of new applications (NL). Second, DNSSEC has introduced absolute times to a system that previously used only relative times (TTLs). Furthermore, with DNSSEC, the two timing methods need to interact. In this article, we consider the timing aspects of DNSSEC by reference to the settings in OpenDNSSEC (NL) (in the file /etc/opendnssec/kasp.xml). OpenDNSSEC is the most widely used DNSSEC solution for BIND named, (NL) which in turn is the most popular DNS server.

    Afbeelding van DNSSEC timing: absolute, relative and administrative timestamps
    Read more