The root zone is the highest level in the Domain Name System (DNS) structure. The root zone file contains the lists of names and Internet Protocol (IP) addresses of all top level domains (both generic top level domains - gTLDs and country code top level domains - ccTLDs) in the DNS.
How is the root zone managed?
The management of the root zone is carried out by the Internet Assigned Numbers Authority (IANA), whose functions are currently performed by the Public Technical Identifiers, an affiliate of the Internet Corporation for Assigned Names and Numbers (ICANN). In performing this role, PTI assigns the operators of top level domains and maintains a database with their technical and administrative details.
The maintenance of the root zone file itself is performed by VeriSign, on the basis of an agreement with ICANN. VeriSign’s role in this regard is to edit the file (at ICANN’s proposal), publish it, and distribute it to root server operators.
The DNS root zone is served by root servers – also known as authoritative servers, which keep the public copy of the root zone file. There is a misconception that the total number of root servers is 13. The fact is that there are hundreds of root servers scattered at various locations around the world. The number 13 comes from the 13 different hostnames, due to a technical limitation in the design of the DNS. Twelve entities – academic/public institutions (6), commercial companies (3), and governmental institutions (3) – manage these primary instances and ensure that all root servers within the same instance have the updated copy of the root zone file.
If one of the 13 hostnames crashes, the remaining 12 would continue to function. Even if all 13 went down simultaneously, the resolution of domain names into IP addresses (the main function of root servers) would continue on other domain name servers, distributed hierarchically throughout the Internet.
Therefore, hundreds of domain name servers contain copies of the root zone file and an immediate and catastrophic collapse of the Internet could not occur. It would take some time before any serious functional consequences would be noticed, during which time it would be possible to reactivate the original servers or to create new ones.
The system of root servers is considerably strengthened by the Anycast scheme, which replicates root servers throughout the world. This provides many advantages, including an increased robustness of the DNS and the faster resolution of Internet addresses (with the Anycast scheme, the resolving servers are closer to the end-users).
Alternative root servers – feasibility and risks
Creating an alternative root server is technically straightforward. The main question is how many followers an alternative server would have, or, more precisely, how many computers on the Internet would point to it, when it came to resolving domain names. Without users, any alternative DNS becomes useless. A few attempts to create an alternative DNS have been made: Open NIC, New.net, and Name.space. Most of them were unsuccessful, accounting for only a few percent of Internet users. A more recent project - the Yeti DNS Project - launched in 2015, plans to ‘build a parallel experimental live IPv6 DNS root system to discover the limits of DNS root name service’.
Conceptual discussion: single vs alternative root server system
For a long time, the principle of the single root server was considered to be one of the main Internet mantras, which were not supposed to be touched or even discussed. Various arguments have been put forward in order to prevent any discussions about alternatives to the single root server. One argument is that the current (single root server) system prevents the risk of the DNS being used by some governments for censorship. However, the censorship argument against changes in DNS policy is losing ground on a functional basis. Governments do not need control over the DNS system or the root zone file in order to introduce censorship. They already rely on more effective tools, based on the filtering of Web traffic.
A more solid argument is that any alternative root servers could lead towards the fragmentation and even, maybe, the ultimate disintegration of the Internet, including one possible scenario of violent disintegration. The fragmentation of the Internet could endanger one of the core functions of the Internet – a unified global communication system.