DNS is at the core of the Internet and there’s no question that it’s a service we all depend on – so who is in charge of keeping it running smoothly? Let’s work our way through the hierarchy described in my previous post to cover who’s responsible and what’s changed over the past few decades.
The Root Servers
When people talk about “The 13 Root Servers,” they are referring to the 13 logical IP addresses (named a-root-servers.net through m.root-servers.net).
While we refer to them as 13, there are many more than that because 13 servers couldn’t possibly handle the world’s traffic. To accommodate so many requests, Anycast is used. This means there are actually hundreds of physical servers, distributed globally, that all “masquerade” as one of those 13 addresses.
These 13 logical slots are operated by a diverse consortium of organizations to ensure no single government or company can “shut down” the Internet:
Verisign: Operates the a and j root servers – they’re the largest commercial operator.
ICANN: Operates the l root server.
US Government: NASA and the US Army operate others.
Universities/Research Orgs: Institutions like the University of Maryland and the University of Tokyo operate additional servers.
The individuals who run the physical servers do not decide what goes into the DNS records; they simply provide the hardware and software to broadcast the data they’re given.
The Registry System (The TLDs)
The management of TLDs like .com, .net, and .org follows a tiered hierarchy: Registry Registrar Registrant.
The Registry (The Wholesaler)
The registry is the organization that manages the master database for a specific TLD. They decide the rules for that extension and maintain the authoritative servers for it.
- .com and .net are managed by Verisign
- .org is managed by the Public Interest Registry (PIR)
- .gov is managed by the US Government
Country codes (ccTLDs) are managed by their respective countries
The Registrar (The Retailer)
You can’t buy a domain directly from a Registry. You use a Registrar like Network Solutions or Cloudflare instead. Registrars are accredited by ICANN (more on them in a moment) to sell domain names from Registries to the public.
The Registrant (The Customer)
That’s you – the person who pays the annual fee to “lease” the name.
ICANN’s Role
The Internet Corporation for Assigned Names and Numbers is a non-profit organization that acts as the “coordinator” of the entire system. It does not “own” the Internet, but it manages the Root Zone. Think of the Root Zone File as the Master Directory. It’s a list that tells the root servers where to look based on a TLD, i.e., “If you’re looking for .com go to Verisign.”
ICANN has four primary roles:
Managing the Root Zone: ICANN, through its operational arm, IANA (Internet Assigned Numbers Authority) is responsible for updating the Root Zone file. When a new TLD is created, like .app, ICANN adds it to the root.
IP Address Allocation: ICANN oversees the distribution of IP addresses to regional registries – like ARIN in North America.
Policy Setting: ICANN creates the rules for how domains are handled, how disputes are settled (the UDRP process,) and who is allowed to be a Registrar.
Stability and Security: ICANN coordinates the technical standards, like DNSSEC, to ensure the system doesn’t crash or get hijacked.
The US Government’s Role
For decades, the US Department of Commerce (via the NTIA) had ultimate oversight over the IANA functions. This caused significant geopolitical tension, as other countries were uncomfortable with the US government effectively holding the “keys” to the Internet’s root.
In 2016, the US government officially handed over control of the IANA functions to the global community. ICANN transitioned to a “multi-stakeholder model,” meaning that decisions are now made by a consensus of technical experts, governments, and private sector representatives instead of a single government agency.
| Component | Managed By | Primary Function |
|---|---|---|
| Root Server | Consortium (Verisign, NASA, Universities, etc.) | Provide the physical infrastructure to answer queries. |
| Root Zone File | ICANN/IANA. | The master list mapping TLDs to their registries. |
| TLDs (Registries) | Verisign, PIR, etc. | Maintain the database of all domains within that TLD. |
| Registrars | NETSOL, GoDaddy, etc. | Sell domain names to the end user. |
| ICANN | Global Multi-stakeholder body. | Coordinates the entire system and sets policies. |
My first exposure to the system took place in 1997 when I decided it was time to move on from an AOL-hosted personal website. I registered my first .com domain via Network Solutions, found a hosting company with CGI support, and headed to my local Barnes & Noble to purchase my first book on Perl (for those page counters and guestbooks!)
Domain Registration Pricing
It cost $100 to register the domain for two years, a far cry from current domain registration pricing that can be found for under $1 for certain TLDs now.
The creation of ICANN in 1998 introduced a competitive registrar market, price wars followed, and margins collapsed fast.
The perceived cost used to be tied to infrastructure and legitimacy. Now it’s almost entirely a business decision. The DNS system itself didn’t get “cheaper” to run in a meaningful way, the distribution model just got more efficient and competitive.
The increase in accessibility means anyone can register a domain – and that means anyone running a Homelab can use a real domain (or subdomain) for their internal DNS structure. It’s an approach we’ll cover soon, but first let’s break down the anatomy of a DNS zone first.
Access Your Homelab from Anywhere.
DNS works because responsibility is clearly defined at each layer.
When you start exposing your own services, that same clarity becomes important inside your environment as well. Platforms like Twingate rely on that structure - here’s what that looks like outside your network.
The Origin and Evolution of DNS, the Domain Name System
DNS in the Homelab
Starting a Homelab the Right Way - With the Why