Interview with IANA and ICANN: Root Zone and IDN Integration
Posted February 1st, 2011
As the New gTLD program inches ever closer to the starting gate and IDNs continue their successful integration, questions are arising about IDN integration and the stability of the Root Zone.
We spoke with Naela Sarras, Manager of the IDN Fast Track and Kim Davies, Manager of Root Zone Services at ICANN about how the DNS and Root could be affected by these new additions. Their answers are surprising and reveal what the possibilities for Internet expansion can be.
IDN Integration
NameSmash: The IDN initiation is off to a highly successful start. How has the introduction of these domains altered the DNS and what if any long term effects might surface?
Naela Sarras: The DNS has coped just fine! From a technical perspective, these are just new domains much like any other. We see an increased number of overall registrations, but nothing that the infrastructure in place can’t handle. Time will tell how pervasive adoption of IDNs will be in different countries, but there is nothing to suggest the DNS can’t cope with increasing adoption of the technology.
NameSmash: Are issues like Synchronized ccTLDs, data base blooms and IDN homograph attacks real concerns for IDNs and if so what measures are in place / are being put into place to tackle them?
Naela Sarras: Issues with variants, such as synchronized TLDs, are partly a question of policy – i.e. who should get what variants, and partly technical – what is the best way to implement them in the DNS. These are puzzling as there is no clear right or wrong answer as to what is the best way to achieve either. That is not to say consensus can’t be built on the best compromise to all these questions.
As for homographic attacks, these issues are no different to the possibility of homographic attacks in a pre-IDN DNS. In English, a zero looks very similar to a capital letter “O”, and a 1 close to a lower case “l”. ICANN, and other domain registries, have policies in place to guard against bad-faith registration and other areas where this can be of concern. Certainly, most TLDs that have deployed IDNs have limited their registration policies to mitigate against most of these kinds of attacks.
Name Smash: What do you expect to be the technical effects the continued expansion of IDN implementation will have on the Internet?
Naela Sarras: IDN has been developed in such a way that it is a seamless addition to the DNS, which means there is little technical effect. The worst case is that on a computer without IDN support, the domain will fall-back to appearing as its encoded form. The domain will still work, however. Hopefully, continued deployment will raise awareness in software vendors to support internationalization in general, which will help those who do not use Latin script to have access to software that better suits their needs.
Name Smash: Are there any current misconceptions about IDNs that you would like to dispel?
Naela Sarras: One of the common misconceptions is that IDNs actually makes the Internet less global, because not everyone can read addresses in the new scripts these enable. While it is true the fact that mankind speaks different languages and uses different scripts means not everyone can universally understand one another, IDNs will not make that worse. In fact, the opposite, it will help people who are disenfranchised because they don’t know Latin script, to use the Internet in languages they understand. This will help Internet adoption. Businesses and others who wish to communicate globally will continue to translate their services in a variety of different ways as they do today.
Root Zone Stability
Name Smash: What is the Root and how does it function?
Kim Davies: The root zone is the upper-most part of the DNS hierarchy. When someone registers a domain ending in .COM, for example, that registration is maintained within the .COM registry which is authoritative for which domains are registered and by whom. We are one level above that, the root zone contains the registrations of which top-level domains exist, and who they are registered to.
Name Smash: How is the Root Zone maintained?
Kim Davies: We maintain the root zone as a specialized domain registry. ICANN has a variety of policies on what is allowed as gTLDs and ccTLDs, and the IANA department with ICANN is responsible for managing the root zone in line with those policies. In particular, the IANA staff receive requests to modify gTLD and ccTLD registrations, evaluate them against the policy, and then send qualified changes for implementation.
Implementation of changes that ICANN as qualified is performed by VeriSign, which has a separate contract with the US Government to perform that specific function. Their role is to transmit the changes ICANN has verified to the root server operators.
Name Smash: How does stability in the Root Zone or a lack there of effect “civilian” end users and businesses?
Kim Davies: Stability of the root zone is critical, as it is the basis of a stable domain name system. Inaccurate entries in the root zone can result in entire top-level domains becoming inoperable. It is through the root zone that DNS servers around the world can ultimately identify where domain names are located, in order to perform proper resolution. While end users and business will never have to deal with root zone management directly, the ability of their top-level domain operators to maintain proper registration in the root zone ensures their domains continue to function.
Name Smash: There has been concern that IDNs and the release of a large number of New gTLDs will cause instability in the Root Zone. Is this a valid concern and if not, what actual effects could the addition of so many extensions have on the Root?
Kim Davies: We do not anticipate the volumes of new top-level domains that are being considered with IDNs and new gTLDs will have any significant impact on root zone operation. While we are confident we are able to scale to the volumes of new top-level domains considered, we are also implementing new automation systems to help improve our responsiveness and ultimately require less staff resources to maintain the root zone registry. This will more than cater for the increase of root zone data caused not just by new top-level domains, but by the additional information associated with DNSSEC.
Name Smash: What misconceptions about the security of the Root Zone would you like to address?
Kim Davies: One of the biggest misconceptions we run into is that there are only 13 root servers. I wrote a blog post about it on ICANN’s website a few years ago trying to debunk this. The truth is there are hundreds and hundreds of root servers in many different countries right now. While it is true that if someone uses the DNS protocol to query the number of name servers for the root using the DNS protocol would receive a list of 13, this is a technical limitation and does not reflect the true diversity of root servers. Behind each of those 13 entries returned is more than one server, and typically with those servers spread over multiple countries providing great redundancy and resiliency.
For those unfamiliar with IANA and it’s functions: It’s the body responsible for coordinating some of the key elements that keep the Internet running smoothly. While the Internet is renowned for being a worldwide network free from central coordination, there is a technical need for some key parts of the Internet to be globally coordinated – and this coordination role is undertaken by IANA.
Specifically, IANA allocates and maintains unique codes and numbering systems that are used in the technical standards (“protocols”) that drive the Internet.”
IANA is in charge of domain names, number resources and protocol assignments. Now operated by ICANN, IANA is actually one of the Internets most enduring institutions with “It’s activities dating back to the 1970s”. (For more info on IANA, click HERE)
Tags: IANA, ICANN, IDNs, Root Zone
Posted in gTLDS, IANA, ICANN, IDNs by Kelly Hardy
