DNS

What is Root Zone?

Also known as: DNS Root

Definition

The Root Zone is the top-level delegation layer of the DNS hierarchy, containing the authoritative records for all top-level domains and served by 13 logical root server systems coordinated by ICANN.

The Root Zone is the highest layer of the Domain Name System hierarchy. It is a specially managed delegation file that contains the authoritative name server records for every top-level domain (TLD), both generic (e.g., .com, .org) and country-code (e.g., .uk, .jp). The Root Zone does not contain the actual DNS records for individual domain names but provides the initial delegation pointers that allow a DNS resolver to begin its iterative query process. Without the Root Zone, no domain name on the public internet could be resolved.

The content of the Root Zone is maintained and published by the Internet Assigned Numbers Authority (IANA), a function of ICANN. The file is distributed to the operators of 13 logical root server systems, identified by letters a through m, using anycast routing for redundancy and scaling. These root servers are operated by independent organizations such as Verisign, the University of Southern California's Information Sciences Institute, and NASA's Ames Research Center. The root zone file itself is signed (DNSSEC) using a root key signing key to allow resolvers to validate the authenticity of delegations.

When a DNS resolver receives a query for an unknown name, it first contacts a root server by sending a query for the TLD. The root server responds with a referral to the TLD's authoritative nameservers. This step is the first hop in the recursive resolution chain. The Root Zone is one of the most critical components of internet infrastructure, and its governance has been historically contentious, particularly regarding its oversight transition from the U.S. National Telecommunications and Information Administration to ICANN's multistakeholder model in 2016.

Key facts

  • Consists of a single published file listing all top-level domain delegations.
  • Served by 13 logical root server identities (A through M) using anycast routing.
  • Coordinated and maintained by IANA, a department of ICANN.
  • Root zone file is DNSSEC signed to enable cryptographic validation.
  • Governance transitioned to ICANN's multistakeholder model in September 2016.

How it works in practice

When a resolver receives a query for www.example.com, it first asks a root server for the nameservers of .com. The root server replies with a delegation pointing to Verisign's TLD servers. The resolver then queries Verisign for example.com, and continues downward. This first delegation step is the only function of the root zone: it is not a registry for individual domains, only for TLDs.

Related terms

DNS Top-Level Domain (TLD) ICANN Root Server IANA Recursive Resolver

References

More in DNS

A Record

A DNS resource record that maps a hostname to a 32-bit IPv4 address. It is the most fundamental record type for translating domain names to numeric addresses on the Internet.

AAAA Record

A DNS resource record that maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4.

Authoritative DNS

An authoritative DNS server holds the definitive resource records for a specific domain and responds to queries with the final answer for that zone, not a cached copy.

CAA Record

A CAA (Certification Authority Authorization) DNS record lets domain owners specify which certificate authorities are permitted to issue SSL/TLS certificates for their domain.

CNAME Record

A DNS record that maps an alias hostname to the true or canonical hostname, allowing multiple names to resolve to the same IP address without duplicating A or AAAA records.

DNS

The Domain Name System (DNS) is a hierarchical, distributed naming system that translates human-readable domain names (like example.com) into IP addresses and other resource records used by internet protocols.

DNS Anycast

DNS Anycast uses one IP address served from multiple geographically distributed nameservers; queries are routed to the nearest or healthiest node, improving resilience and reducing latency.

DNS Caching

DNS caching stores resolved domain name query results for the specified TTL duration to avoid repeated queries to upstream authoritative servers.

DNS Hijacking

DNS hijacking is an attack or misconfiguration that returns forged DNS responses, causing users to connect to attacker-controlled hosts instead of the intended server.

DNSSEC

DNSSEC (DNS Security Extensions) add cryptographic digital signatures to DNS records, enabling resolvers to verify that responses have not been tampered with or spoofed.

Who Is Online

In total there are 76 users online: 0 registered, 70 guests and 6 bots.

Bots: AhrefsBot Facebook Majestic Other Bot Other Spider SemrushBot

Users active in the past 15 minutes. Total registered members: 340