Fact-checked by Grok 2 weeks ago

DNS zone

A DNS zone is a portion of the Domain Name System (DNS) namespace, typically a contiguous subtree, for which a particular or group of name servers has been delegated administrative responsibility. This delegation allows for granular management of domain names and their associated resource records (RRs), such as A records for addresses or MX records for mail servers, within that segment of the hierarchical DNS tree. Zones are essential for distributing authority across the global DNS, enabling scalability and redundancy by allowing multiple name servers to provide authoritative answers for the same zone. Zones can be categorized by their purpose and direction of lookup. Forward zones map domain names to IP addresses (or other resources) in the standard DNS hierarchy, supporting services like web hosting and . In contrast, reverse zones, often in the in-addr.arpa or ip6.arpa domains, perform the inverse mapping from IP addresses to domain names, aiding in network diagnostics, verification, and anti-spam measures. Additional zone types, such as stub zones, contain only key records (like and glue A/AAAA RRs) to optimize referrals without full data replication. Overall, DNS zones form the foundational units of administrative control in the DNS, balancing with coordinated global operation.

Fundamentals of DNS Zones

Domains and Zones

In the (DNS), a is defined as a contiguous portion of the DNS , represented by a string of labels that form a hierarchical path from the . This structure organizes the namespace as an inverted , where each corresponds to a label, and the full domain name specifies a unique location within the tree, such as "www.example.com". A DNS zone, in contrast, represents a specific portion of the DNS namespace that falls under the control of a single administrative authority, responsible for maintaining and updating the authoritative data for that segment. While zones are typically contained within a single domain, they can span multiple subdomains if no delegation occurs, allowing for flexible administrative boundaries that do not necessarily align with domain name delimiters. The concept of zones was formalized in RFC 1034, published in November 1987, which established them as the fundamental unit of administration in DNS. According to this specification, a zone encompasses the authoritative resource records for its nodes, and administrative changes within a zone—such as updates to records—are treated as atomic operations, ensuring consistency across redundant name servers. This design enables distributed management of the global while maintaining reliability through mechanisms like zone transfers. The DNS forms a logical, hierarchical that provides a unified view of all domain names, but physical zone boundaries introduce administrative divisions that fragment this into manageable units. For instance, the for "example.com" would include the authoritative data for example.com itself and all its subdomains (e.g., www.example.com and mail.example.com) unless explicit transfers authority for a subdomain to another entity, creating a separate subzone. This separation allows organizations to delegate control without altering the logical structure of the .

Zone Authority and Delegation

In the Domain Name System (DNS), authority over a is vested in one or more authoritative name servers that maintain the complete and current dataset for that , enabling them to provide definitive answers to queries about the names within it. These servers are responsible for responding to DNS queries with the Authoritative Answer () flag set in the response header, signifying that the information originates directly from the zone's authoritative data rather than from caching or referral. Typically, at least two authoritative name servers are recommended per to ensure redundancy and availability, as a single point of failure could disrupt resolution for the entire namespace segment. Delegation in DNS occurs when a parent zone transfers authority for a (child zone) to a set of designated authoritative , allowing administrative control to be distributed hierarchically. This process is implemented through NS (Name Server) resource records placed at the apex of the child zone in the parent's , which explicitly name the hosts responsible for the child zone's authoritative service. For example, to delegate authority for "" from the parent ".com" zone, NS records such as example.com. IN NS ns1.example.com. and example.com. IN NS ns2.example.com. would be added to the parent's configuration, directing resolvers to query those specified servers for further resolution within the subdomain. To prevent circular dependencies during resolution—where a resolver needs the address of a name server whose name falls within the delegated zone—glue records are included in the parent's response. These are address records, typically A or AAAA resource records, that provide the IP addresses of the NS targets directly alongside the NS records in the additional section of DNS messages. Without glue records, a resolver querying the parent might attempt to resolve an NS target's name using the very child zone it is trying to reach, leading to an infinite loop; glue records bootstrap this process by supplying the necessary addresses from the parent's authoritative perspective. The chain forms a hierarchical path from the zone through top-level domains (TLDs) to leaf zones, where each level's records guide resolvers downward by referring to the next authoritative layer. Starting from name servers, a resolver follows successive referrals: the delegates TLDs via records, each TLD delegates second-level domains similarly, and this continues until the target zone's authoritative servers are reached, providing the final answer. This chain ensures scalable distribution of authority across the global DNS , with each point maintaining only the necessary pointers to child authorities. A common error in delegation is lame delegation, where a name server listed in NS records for a zone fails to recognize or act as authoritative for it, often due to misconfiguration, such as not loading the zone file on the server. In such cases, queries to the delegated server may return referral responses or errors instead of authoritative answers, causing resolution failures, increased latency, or reliance on incomplete caching elsewhere in the system. Lame delegations typically arise from outdated NS records in the parent zone or incomplete setup on the child side, and they can be detected by verifying that delegated servers respond with the AA flag for queries within their purported zone.

Types of DNS Zones

Forward DNS Zones

Forward DNS zones represent the primary mechanism in the (DNS) for mapping human-readable domain names to addresses and other resources, facilitating the core function of name resolution in forward lookups. These zones contain authoritative data that translates names such as "www.example.com" into corresponding IPv4 or addresses, enabling network clients to locate and connect to hosts across the . Defined as portions of the DNS namespace holding records for name-to-address mappings, forward zones are essential for the hierarchical delegation of authority from root servers down to specific domains. Common use cases for forward DNS zones include hostname resolution for web services, where A records map domain names to IPv4 addresses and AAAA records to IPv6 addresses, allowing browsers to retrieve content from web servers. For email delivery, MX records within these zones specify mail exchanger hosts and their preference orders, directing incoming messages to the appropriate servers as outlined in the DNS specification. Additionally, forward zones support service discovery through records like SRV, which identify hosts and ports for specific protocols, such as locating SIP servers for voice communications. These applications underscore the zones' role in enabling seamless internet services beyond mere addressing. The structure of a forward DNS begins at the , the top node of the zone (e.g., ""), which typically includes essential records such as the SOA for administrative data and records for name servers, along with an A or record for the itself to ensure reachability. Subdomains within the zone, like "www.example.com", are defined by additional resource records under their respective labels, forming a contiguous portion of the until a delegation point. Wildcard records, denoted by an asterisk () at the zone apex or subdomain level, provide a mechanism to synthesize responses for non-existent names matching the pattern, such as ".example.com" resolving to a default IP for catch-all subdomains, while adhering to rules that prevent interference with explicit records. This organization allows efficient management of records within the zone's scope. Caching and (TTL) values play a critical role in forward DNS lookups by optimizing performance and reducing load on authoritative servers. Each resource record in a forward zone includes a TTL, expressed in seconds (ranging from 0 to ), which dictates the maximum duration resolvers may cache the record or negative responses (for non-existent names) before querying again. Uniform TTLs within a resource record set (RRset) ensure consistent caching behavior, with lower values enabling rapid propagation of changes like updates, while higher values minimize query traffic for stable configurations. In forward lookups, this mechanism allows recursive resolvers to store responses temporarily, accelerating subsequent resolutions for clients. The evolution of forward DNS zones traces back to the era, where centralized host tables maintained by the Network Information Center struggled with scalability, prompting the development of DNS as a distributed system in the early to replace these tables with dynamic name-to-address mappings. Initial implementations focused on IPv4 via A records, but as growth demanded larger address spaces, support for was integrated through records, extending forward zones to handle 128-bit addresses without disrupting existing IPv4 infrastructure. This progression has maintained while accommodating modern dual-stack environments.

Reverse DNS Zones

Reverse DNS zones, also known as reverse lookup zones, are specialized DNS zones that map IP addresses to domain names, performing the operation of forward DNS zones which resolve domain names to IP addresses. This functionality supports critical network operations, including spam filtering by allowing email servers to verify the legitimacy of incoming connections from IP addresses, by converting numeric IP addresses into readable hostnames for easier analysis, and network diagnostics by facilitating the identification of devices and connectivity issues. These zones utilize special top-level domains to accommodate the hierarchical nature of IP addressing. For IPv4, the in-addr.arpa domain employs reversed octet notation, where the IP address octets are inverted and appended with .in-addr.arpa; for example, the IP address 127.0.0.1 corresponds to 1.0.0.127.in-addr.arpa. For , the ip6.arpa domain uses nibble-reversed notation, converting the 128-bit address into hexadecimal nibbles (4-bit groups) that are reversed before appending .ip6.arpa; for instance, the address 2001:db8::1 becomes 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. Delegation of reverse zones is typically managed by entities responsible for IP address allocation, such as Regional Internet Registries (RIRs) like ARIN, , or for larger blocks, and Internet Service Providers (ISPs) for customer reassignments. RIRs delegate zones aligned with CIDR boundaries (e.g., /24 for IPv4 or nibble boundaries for IPv6), while ISPs handle sub-delegations, often requiring customers to provide nameserver details for approval. The primary resource record type in reverse zones is the PTR (Pointer) record, which points from the reversed IP address to the corresponding domain name, enabling the reverse lookup process. PTR records are essential for maintaining consistency between forward and reverse resolutions, though mismatches can occur if not properly synchronized. A common issue in reverse DNS zones is incomplete or improper delegation, which often results in NXDOMAIN (non-existent domain) responses during lookups, preventing resolution and potentially disrupting services like email delivery or network monitoring.

Zone Configuration and Management

Zone Files

A DNS zone file, also known as a master file, is a file that serves as a database storing the authoritative resource records for a specific DNS zone, which authoritative name servers load to provide responses to queries. This format, originally specified in RFC 1035 and widely adopted by the implementation, allows administrators to define zone data in a human-readable structure that the server parses upon startup or reload. Zone files are essential for primary name servers, where they directly supply the zone's content, while secondary servers receive equivalent data through zone transfers rather than loading their own files. Zone files employ several key directives to manage structure and defaults. The $ORIGIN directive sets the base for relative (unqualified) names in the file, enabling concise notation by appending the origin to partial domain names; for example, $ORIGIN example.com. makes subsequent entries like www resolve to www.example.com.. The $TTL directive, introduced in RFC 2308, establishes a default time-to-live value in seconds for all resource records that follow, unless overridden, helping control caching behavior across the DNS hierarchy. Additionally, the $INCLUDE directive allows modularization by inserting the contents of another file at the current point, optionally changing the origin for that included section, which facilitates maintaining large or complex zones. The syntax of a zone file consists of line-based entries separated by whitespace (spaces or tabs), with each resource record typically comprising five fields: the owner name (domain where the record applies, using @ to denote the current $ORIGIN), an optional TTL, the class (usually IN for Internet), the type (such as A or MX), and the data (RDATA specific to the type). Comments begin with a semicolon (;), and domain names can be absolute (ending in a dot) or relative. Blank lines and parentheses enable multi-line records for readability. For instance, a basic record might appear as @ IN A 192.0.2.1, where @ substitutes the zone's origin. Every zone file must begin with a Start of Authority (SOA) record to define administrative parameters. In BIND configurations, the primary (formerly ) name server loads the zone directly from its designated specified in the named.conf configuration, acting as the source of truth for the zone's data. Secondary (formerly slave) servers, in contrast, do not maintain their own s but instead synchronize data via automated zone transfers (AXFR or IXFR) from the primary, ensuring without manual file management on replicas. This division supports and load distribution in DNS deployments. To ensure correctness before loading, administrators validate zone files using tools like named-checkzone, a BIND utility that parses the file for syntax errors, structural inconsistencies (such as mismatched classes or missing SOA), and semantic issues, mirroring the checks performed by the named daemon during zone loading. If validation fails, the server suppresses loading to prevent propagation of errors.

Resource Records in Zones

Resource records (RRs) are the fundamental data elements stored within DNS zones, mapping to associated data such as IP addresses, server locations, and administrative information. Each RR in a zone consists of a structured format that includes an owner name (the to which the record applies), a (TTL) value indicating the caching duration in seconds, a field (typically IN for ), a type field specifying the record category, and RDATA containing type-specific data. The TTL is a 32-bit unsigned , with a value of zero prohibiting caching, while the class IN is standard for zones. Core RR types commonly used in DNS zones include A for mapping hostnames to IPv4 addresses, AAAA for IPv6 addresses, CNAME for creating aliases to other domain names, MX for designating mail exchange servers, TXT for arbitrary text strings, and NS for specifying authoritative name servers. The A record's RDATA is a 32-bit IPv4 address, such as 192.0.2.1. The AAAA record's RDATA is a 128-bit address, enabling support for modern networks. A CNAME record's RDATA points to another , allowing redirection without altering the original name's resolution. MX records include a 16-bit value followed by a for the mail , with lower preferences indicating higher priority. TXT records carry one or more character strings in RDATA for purposes like or . NS records' RDATA holds the of a responsible for the zone or . Every DNS zone must include a Start of Authority (SOA) record at its apex, which provides essential administrative and transfer information for the zone. The SOA record's RDATA comprises the primary name server (MNAME), the responsible person's email address encoded as a domain name (RNAME), a 32-bit serial number for version tracking, refresh interval (seconds before secondary servers check for updates), retry interval (seconds to wait before retrying a failed refresh), expire interval (seconds after which a secondary server considers the data invalid), and minimum TTL for negative caching. These timers facilitate zone synchronization between primary and secondary servers, ensuring consistency across the DNS hierarchy. In DNS zones, resource records with the same owner name, class, and type form a resource record set (RRset), which is treated as a single unit for operations like caching and validation. RRsets allow multiple values for the same name, such as several A records for load balancing, and must be returned completely in responses to avoid partial information. DNS zones also support extension records like SRV for service location and for certificate authority authorization. SRV records specify the location, port, and priority of services (e.g., or XMPP) under a , with RDATA including priority, weight, port, and target hostname. records enable domain owners to restrict which certificate authorities may issue TLS certificates for the , containing flags, issuer identifiers, and tag-value pairs in RDATA to enforce policy.
Record TypeType ValuePrimary PurposeExample RDATA
A1IPv4 address mapping192.0.2.1
AAAA28IPv6 address mapping2001:db8::1
CNAME5Alias to another nameexample.com.
MX15Mail server designation10 mail.example.com.
TXT16Text data storage"v=spf1 mx -all"
NS2Name server specificationns1.example.com.
SOA6Zone authority detailsns1.example.com. hostmaster.example.com. 2023111001 3600 1800 604800 86400
SRV33Service location_sip._udp.example.com. 0 1 5060 sipserver.example.com.
CAA257CA authorization0 issue "letsencrypt.org"

Special and Infrastructure Zones

Zones for Internet Infrastructure

The root zone serves as the uppermost level in the DNS hierarchy, managed by the (IANA). It primarily contains (NS) records that direct queries to the 13 logical root server clusters, identified as a.root-servers.net through m.root-servers.net, each operated by distinct organizations to ensure redundancy and global reach. This zone is cryptographically signed using DNSSEC, with the Key Signing Key (KSK) maintained by IANA to validate the integrity and authenticity of root zone data during resolution. Delegations from the root zone establish top-level domains (TLDs), which form the next layer of the DNS infrastructure. These include generic TLDs (gTLDs), such as .com managed by as the registry operator, and country-code TLDs (ccTLDs), such as .uk administered by national entities. IANA records these delegations in the Root Zone Database, ensuring that TLD name servers are authoritative for their respective domains, with over 1,500 active TLDs currently listed. Reverse DNS infrastructure relies on specialized zones under the .arpa to map addresses back to domain names. For IPv4, the domain in-addr.arpa serves as the root for reverse DNS, from which IANA delegates /8 subzones to Regional Registries (RIRs); for instance, ARIN handles delegations for North American IPv4 blocks. For , the ip6.arpa domain provides the root for reverse DNS mappings, with delegations to RIRs on a boundary (e.g., /32 or larger blocks). Oversight of these zones falls under the Internet Corporation for Assigned Names and Numbers (), which coordinates policy and stability, while IANA executes technical delegations and updates to the root zone. To bolster resilience, root servers employ anycast routing, allowing a single to be served from multiple geographic instances worldwide, thereby mitigating single points of failure and enhancing global query performance. Historically, the root zone originated in the mid-1980s with initial TLD delegations managed by starting in 1985, evolving from a handful of domains to support expansive growth; DNSSEC signing of the root commenced in January 2010 and was fully operational by July of that year.

Example of Zone Authority in DNS Queries

In DNS resolution, zone authority is determined through a hierarchical traversal of the domain name space, where queries progress from higher-level zones to the specific zone containing the requested record. This process typically involves a client's stub resolver forwarding the query to a recursive resolver, which then performs iterative queries to name servers, following delegations until reaching an authoritative source. For example, consider a client querying for the A record of "www.example.com." The stub resolver, part of the operating system, initially checks its local cache; if unsuccessful, it forwards a recursive query to a configured recursive resolver, such as one operated by an ISP or public service like 1.1.1.1. The recursive resolver begins its iterative resolution by querying a , which is authoritative for the root zone (".") and responds with a referral rather than a final answer. This referral includes NS records pointing to the name servers for the (TLD) zone, in this case ".com," along with glue A records providing their IP addresses to avoid circular dependencies. The recursive resolver then queries one of the .com TLD name servers, which similarly provides a referral with NS records for the "example.com" zone and associated glue records. Finally, the resolver queries a authoritative for the "example.com" zone, which returns an authoritative answer containing the A record for "www.example.com," marked by the AA (Authoritative Answer) bit in the response header. This step-by-step trace illustrates how authority is delegated downward: root → TLD → authoritative zone, with each intermediate response being a non-authoritative referral guiding the query. Recursive , where the resolver delegates the full query pursuit to name servers, contrasts with iterative resolution, in which the resolver itself iteratively follows referrals by sending successive queries. Most recursive resolvers employ iterative queries internally to traverse the , reinitializing their server list (SLIST) at each delegation boundary to track potential authoritative servers. Authoritative answers, sourced directly from a zone's , differ from referrals, which populate the authority section of responses with NS records to indicate delegation points without providing the queried record. This distinction ensures efficient resolution while maintaining the distributed nature of DNS . Common failure modes in this authority chain can disrupt . Delegation loops occur when records create a cycle, such as a subdomain delegating back to an ancestor zone, causing the resolver to detect and abort the query after traversing the loop (limited by mechanisms like a maximum referral count). Timeouts arise if a fails to respond within the query's timeout period, prompting the resolver to retry with another server from the SLIST or return a SERVFAIL error if all options exhaust. These issues highlight the importance of proper zone configuration to preserve the acyclic structure.

References

  1. [1]
    https://www.ietf.org/rfc/rfc1035.txt
  2. [2]
    RFC 1035: Domain Names - Implementation and Specification - IETF
    Since the contents of a zone can be expressed in the form of a list of RRs a master file is most often used to define a zone, though it can be used to list a ...
  3. [3]
    What is a DNS zone? - Cloudflare
    A DNS zone is an administrative space which allows for more granular control of DNS components, such as authoritative nameservers.What is a DNS zone?
  4. [4]
    DNS server types | Cloudflare
    The four main DNS server types are recursive resolvers, authoritative nameservers, TLD nameservers, and root nameservers.
  5. [5]
    https://datatracker.ietf.org/doc/html/rfc1034#section-3.1
  6. [6]
    https://datatracker.ietf.org/doc/html/rfc1034#section-3.2
  7. [7]
    RFC 1034: Domain names - concepts and facilities
    Summary of each segment:
  8. [8]
    RFC 1034: Domain names - concepts and facilities
    Authority Carries RRs which describe other authoritative servers. May ... This structure includes the equivalent of a zone name, the known name servers ...
  9. [9]
    RFC 1035: Domain names - implementation and specification
    Summary of each segment:
  10. [10]
    RFC 1912: Common DNS Operational and Configuration Errors
    ###Summary of RFC 1912 on Glue Records and Lame Delegation
  11. [11]
    RFC 8499 - DNS Terminology - IETF Datatracker
    Lame delegation: "A lame delegations exists [sic] when a nameserver is delegated responsibility for providing nameservice for a zone (via NS records) but is ...
  12. [12]
    RFC 1035 - Domain names - implementation and specification
    MX records cause type A additional section processing for the host specified by EXCHANGE. The use of MX RRs is explained in detail in [RFC-974]. 3.3.10 ...
  13. [13]
    RFC 3596 - DNS Extensions to Support IP Version 6
    This document defines the changes that need to be made to the Domain Name System (DNS) to support hosts running IP version 6 (IPv6).
  14. [14]
    What Is a Reverse DNS Lookup and How Does It Work? - phoenixNAP
    Dec 25, 2024 · Resolving an IP address back to its domain name improves the readability of data in logs, diagnostic tools, and network monitoring systems.
  15. [15]
    Reverse DNS - American Registry for Internet Numbers - ARIN
    Reverse DNS determines the hostname from an IPv4 address, used by servers to find the human-friendly name associated with an IP address.On This Page · Managing Reverse Dns... · Who Can Manage Dns...
  16. [16]
    https://datatracker.ietf.org/doc/html/rfc1035#section-3.5
  17. [17]
    RFC 3152 - Delegation of IP6.ARPA - IETF Datatracker
    This document discusses the need for delegation of the IP6.ARPA DNS zone, and specifies a plan for the technical operation thereof.
  18. [18]
    Reverse Delegation - DNS - RIPE NCC
    Reverse delegation maps an IP address to a domain name using in-addr.arpa (IPv4) and ip6.arpa (IPv6) domain names. RIPE NCC delegates these zones.
  19. [19]
    Reverse DNS delegation - APNIC
    Reverse DNS delegation is when APNIC gives referral if it has the DNS Name Server info of the network that received IP delegation from APNIC.Apnic Manages Reverse Dns... · How To Update Reverse... · 1. Apnic Name Server
  20. [20]
    https://datatracker.ietf.org/doc/html/rfc1035#section-3.3.12
  21. [21]
    Reverse DNS doesn't work - NXDOMAIN - Server Fault
    May 26, 2012 · For IPv4, you usually don't get the reverse zone delegated unless you have been allocated one or more /24 blocks.Reverse DNS lookups failing except when specifying my NSreverse dns configuration not working - Server FaultMore results from serverfault.comMissing: incomplete issues
  22. [22]
    https://datatracker.ietf.org/doc/html/rfc1035#section-5
  23. [23]
    3. Configurations and Zone Files
    This type of zone file is frequently referred to as a forward-mapped zone file, since it maps domain names to some other value, while a reverse-mapped zone file ...
  24. [24]
    https://datatracker.ietf.org/doc/html/rfc1035#section-5.1
  25. [25]
    https://datatracker.ietf.org/doc/html/rfc1035#section-5.2
  26. [26]
    https://datatracker.ietf.org/doc/html/rfc1035#section-4.3.5
  27. [27]
    4. Name Server Operations - BIND 9 Administrator Reference Manual
    The named-checkzone program checks a zone file for syntax and consistency. For more information and a list of available commands and options, see named- ...
  28. [28]
    RFC 2181 - Clarifications to the DNS Specification - IETF Datatracker
    This document considers some areas that have been identified as problems with the specification of the Domain Name System, and proposes remedies for the ...Missing: directive | Show results with:directive
  29. [29]
    RFC 8659 - DNS Certification Authority Authorization (CAA ...
    The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify the Certification Authorities (CAs) authorized ...Table of Contents · Definitions · Relevant Resource Record Set · Mechanism
  30. [30]
    Root Zone Management - Internet Assigned Numbers Authority
    We are responsible for management of the DNS root zone. This role means assigning the operators of top-level domains, such as .uk and .com, and maintaining ...Root Zone Database · Root Files · Root Servers · Change RequestsMissing: 13 | Show results with:13
  31. [31]
    Root Servers - Internet Assigned Numbers Authority
    This file contains the names and IP addresses of the root servers, so the software can bootstrap the DNS resolution process. For many pieces of software, this ...
  32. [32]
    DNSSEC Information
    DNSSEC Information. Root Zone Operator Information. Information regarding our role as operator of the Key Signing Key (KSK) for the DNS Root Zone.DNSSEC Practice Statement · Trust Anchors and RolloversMissing: 13 | Show results with:13
  33. [33]
    DNSSEC Deployment in Root Zone of DNS Begins at ICANN
    Jan 27, 2010 · Deployment of DNSSEC is proposed to be completed in July 2010. For more information about the deployment of DNSSEC in the root zone ...Missing: 1985 | Show results with:1985
  34. [34]
    Root Zone Database - Internet Assigned Numbers Authority
    The Root Zone Database represents the delegation details of top-level domains, including gTLDs such as .com, and country-code TLDs such as .uk. ... VeriSign, Inc.
  35. [35]
    ICANN Renews .COM Registry Agreement with Verisign
    Nov 27, 2024 · The Internet Corporation for Assigned Names and Numbers (ICANN) today announced the renewal of its .COM Registry Agreement (RA) with Verisign.
  36. [36]
    [PDF] Brief Overview of the Root Server System | ICANN
    May 6, 2020 · Anycast routing allows machines all over the Internet to use the same IP addresses to provide identical responses, thereby allowing root server ...
  37. [37]
    [PDF] RSSAC023v2: History of the Root Server System - icann cdn
    Jun 17, 2020 · 14 April 2010. H begins serving unvalidatable DNSSEC signed root zone. 15 July 2010. All root servers begin serving valid DNSSEC signed root ...
  38. [38]
    Domain Name Industry | History, facts, figures
    Jun 1, 2024 · After ICANN approved the creation of internationalized ccTLDs in May 2010, the first IDN ccTLDs entered the DNS root zone. The first three ...<|control11|><|separator|>
  39. [39]
    What is DNS? | How DNS works - Cloudflare
    The process of DNS resolution involves converting a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1).
  40. [40]
    https://datatracker.ietf.org/doc/html/rfc1035#section-5.3
  41. [41]
    https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.1
  42. [42]
    https://datatracker.ietf.org/doc/html/rfc1034#section-6.3
  43. [43]
    https://datatracker.ietf.org/doc/html/rfc1035#section-7.3
  44. [44]
    https://datatracker.ietf.org/doc/html/rfc1034#section-6.2
  45. [45]
    https://datatracker.ietf.org/doc/html/rfc1035#section-4.1
  46. [46]
    https://datatracker.ietf.org/doc/html/rfc1035#section-7.4
  47. [47]
    https://datatracker.ietf.org/doc/html/rfc1035#section-7.2