Debate Over Internet Governance Starts At The Root

The U.S. government controls the Internet's root system. Some, like Google's Vinton Cerf, say don't mess with it. Others think there could be another way.
With the approach of the U.N. World Summit on the Information Society in Tunis on November 16, the U.S. government finds itself under pressure from foreign countries seeking change in the way Internet names and addresses are administered.

Among the issues other nations have with U.S.-led Internet governance is America's control of the Domain Name System (DNS), which maps domain names made up of alphanumeric characters to numeric Internet Protocol (IP) addresses through programs called "resolvers."

DNS is hierarchical. At the top of the DNS hierarchy are 13 root name servers that distribute the root zone file. That file describes where the authoritative servers for top-level domains like,, or can be found.

The root servers represent the "authoritative root." They are authoritative because virtually all Internet users accept their authority. They respond to queries from resolvers about a domain name such as "" by pointing to computers that have information about domain names. A resolver then queries one of those nameservers where to find the nameservers for "," until it finally finds the IP address associated with that domain name. VeriSign Inc., through a contract with the U.S. Department of Commerce, publishes the official root zone file, and the U.S. government has authority over the contents of the file. The Department of Commerce also dictates the policy making tasks that the Internet Corporation for Assigned Numbers and Names (ICANN) can perform, which have to do with the creation of new top-level domains and the rules domain registrars are required to follow.

In June, the government said it intended to keep control of the root going forward, for the sake of Internet security and stability. That's an understandable position, given the power that comes with control of the root. But it's a position based on an assumption that some argue is false.

"It's a techno-religious dogma that there has to be one root," says Karl Auerbach, CTO of networking software company InterWorking Labs Inc. and a former board member of ICANN. "There can be several. Imagine phone books. You can look up a name in the Yellow Pages on your Palm Pilot, on your Web page. And as long as you get to the same place, does it really matter? Different roots can be consistent with one another."

But many, including Vinton Cerf, chief Internet evangelist at Google Inc., ICANN chairman, and co-designer of the TCP/IP protocol, believe in the one catholic root. "I don't like to be considered dogmatic but in this particular case I think I probably would accept the label and argue that it's an important element of the architecture," he says. "The intention of the DNS design was that whenever you looked up a particular domain name you would always get the same answer. And that certainty eliminates a fundamental potential ambiguity which could lead to very bad results."

Indeed, alternate or competing roots can and have lead to confusion. There's the potential for two different domain registrars to sell the same domain name to different companies or individuals. Internet users that used different roots would then see different sites despite typing the same domain name into their browsers. In fact this happened several years ago when ICANN approved the domain, even though someone was already operating a domain registry on an alternate root.

However, multiple roots do not have to create confusion. Existing competing roots like Public-Root or OpenNIC resolve ICANN-approved domains like,, and, while also resolving new top-level domains such as dot.parody.

The problem is that those in charge of the domain name system don't want others adding new top-level domains. As a consequence, they don't resolve domain names found on other roots. That means most Internet users can't easily use those domain names.

The situation could change if the U.S. remains deaf to the concerns sure to be voiced by other nations in Tunis. It's possible that China, for example, might choose to operate its own root and mandate that all Chinese citizens use it. In a few years, the U.S. might find its authority substantially eroded.

There's also the possibility that new methods of Internet addressing could supplant the existing root system. One such method, suggests Auerbach, would be for everyone to run his or her own root. "I've done it," he writes via E-mail. "It works. And it has no central point of failure."

There's precedent for this idea. According to Auerbach, there used to be a system called "Grass Roots" in which individuals could select which top-level domains they wanted to honor and then create their own root zone file. Root zone files could also be moved around using a peer-to-peer system that incorporated digital signatures, he suggests.

To date, however, such options have had far more ideological than financial traction. Absent a strong business case for the emergence of competing roots or an international rebellion against U.S. Internet control, the current system seems likely to survive in some form, at least in the near term.

That's what Cerf would prefer. "It seems to me if you started out today, all over again, you'd have the same parties at the table trying to figure out what structure would make sense," he says. "And I would guess you'd come up with something not too different. So my preference would be to do what we can to revise the existing system to improve its operation rather than simply starting all over or suddenly announcing, 'Well we think the U.N. should do this, or the ITU, or some other yet-to-be-developed international organization.'"

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing