Domain Name and Addressing System

Overview
The Domain Name and Addressing System (DNS) is a distributed database residing in computers around the world that is used to translate alphanumeric domain names into the equivalent numeric Internet Protocol (IP) address used by computers to find a website. It is a critical component of the Internet infrastructure and is used by almost every Internet protocol-based application to associate human-readable computer hostnames with the numerical addresses required to deliver information on the Internet.

Historical Background
In the early days of computer networks, the address system used to permit one computer to communicate with another was cumbersome. Each computer had to have a unique 32-digit number called an Internet Protocol (IP) address, so that it could transmit information to, and receive information from, other computers on the network. To make these numerical, computer-readable addresses, more user-friendly, human-readable names, which typically consist of fewer numerical and/or other characters, were adopted.

Before the development of the Domain Name System, all of these address pairs &mdash; both the 32-digit numbers and the more user-friendly names associated with the number &mdash; were placed in a master "host file," which was maintained by the Stanford Research Institute pursuant to a contract with the Department of Defense. Each computer on the network had to have a copy of the host file in order to communicate with the other computers on the network. Thus, every time a new computer was added to the network, the host file had to be revised to include the new computer, and all of the computers on the network had to download the entire revised host file. As the network grew and more computers were added, its operation was increasingly affected by errors and slow machine speeds caused by the continual need to download the host file.

Working under funding provided by the Department of Defense, a group led by Drs. Paul Mockapetris and Jon Postel creates the domain name system (DNS) for locating networked computers by name instead of by number. The DNS is a hierarchical name system that eliminates the need for each computer to download and store every other computer’s human-readable name and corresponding computer-readable IP address.


 * Although its implementation is complex, the concept behind [the DNS] is simple. The name space was divided into a hierarchy. The responsibility for assigning unique names, and for maintaining databases capable of mapping the names to specific IP addresses, was distributed down the levels of the hierarchy. The DNS is just a database &mdash; a protocol for storing and retrieving information that has been formatted in a specific way.

The DNS database is distributed and formulated so that “any computer on the Internet can find the information it needs to map any name to its correct IP address.”

Following a 1997 presidential directive, the Department of Commerce began a process for transitioning the technical responsibility for the domain name system to the private sector. After requesting and reviewing public comments on how to implement this goal, in June 1998 the Department issued a general statement of policy, known as the “White Paper.” In this document, the Department stated that because the Internet was rapidly becoming an international medium for commerce, education, and communication, the traditional means of managing its technical functions needed to evolve as well. Moreover, the White Paper stated the U.S. government was committed to a transition that would allow the private sector to take leadership for the management of the domain name system.

Accordingly the Department stated that the U.S. government was prepared to enter into an agreement to transition the Internet’s name and number process to a new not-for-profit organization. At the same time, the White Paper said that it would be irresponsible for the U.S. government to withdraw from its existing management role without taking steps to ensure the stability of the Internet during the transition. According to Department officials, the Department sees its role as the responsible steward of the transition process.

In November 1998, the Department entered into an agreement with ICANN in the form of a Memorandum of Understanding (MOU) under which the two parties agreed to collaborate on a joint transition project.

How the DNS Works
The DNS is a hierarchical and globally distributed system in which distinct servers throughout the world maintain the detailed information for their local domains and pointers for how to navigate the hierarchy to retrieve information from other domains. The system works like an automated telephone directory, allowing users to reach websites using easy-to-understand domain names like www.senate.gov, instead of the string of numbers that computers use when communicating with each other.

Each domain name server stores a limited set of names and numbers. They are linked by a series of 13 root servers, which coordinate the data and allow users to find the server that identifies the site they want to reach. Domain name servers are organized into a hierarchy that parallels the organization of the domain names. For example, when someone wants to reach the website at www.senate.gov, his or her computer will ask one of the root servers for help. The root server will direct the query to a server that knows the location of names ending in the .gov top-level domain. If the address includes a sub-domain, the second server refers the query to a third server &mdash; in this case, one that knows the address for all names ending in senate.gov. This server will then respond to the request with an numerical address, which the original requester uses to establish a direct connection with the www.senate.gov site. Figure 3 illustrates this example.



The accuracy, integrity, and availability of the information supplied by the DNS are essential to the operation of any system, service or application that uses the Internet.

The DNS was not originally designed with strong security mechanisms to ensure the integrity and authenticity of the DNS data. Over the years, a number of vulnerabilities have been identified in the DNS protocol that threaten the accuracy and integrity of the DNS data and undermine the trustworthiness of the system. Technological advances in computing power and network transmission speeds have made it possible to exploit these vulnerabilities more rapidly and effectively.

The Future of DNS Governance
The current ICANN-DOC Joint Project Agreement is due to expire on September 30, 2009. U.S. Congress and the Administration are assessing the appropriate federal role with respect to ICANN and the DNS, and examining to what extent ICANN is presently positioned to ensure Internet stability and security, competition, private and bottom-up policymaking and coordination, and fair representation of the global Internet community. A related issue is whether the U.S. government’s unique authority over the DNS root zone should continue indefinitely.

Foreign governments have argued that it is inappropriate for the U.S. government to have exclusive authority over the worldwide DNS, and that technical coordination and management of the DNS should be accountable to international governmental entities. On the other hand, many U.S. officials argue that it is critical for the U.S. government to maintain authority over the DNS in order to guarantee the stability and security of the Internet.

The expiration of the JPA and the continuing U.S. authority over the DNS root zone remain two issues of keen interest to the 111th Congress, the Administration, foreign governments, and other Internet stakeholders worldwide. How these issues are addressed will likely have profound impacts on the continuing evolution of ICANN, the DNS, and the Internet.