Do you have feedback on the definitions or the terms? Send us an email to: firstname.lastname@example.org
A form of malware in which the attacker disables or disrupts a victim’s computer and demands payment to undo the damage. Often attackers threaten to disable the computer permanently or destroy the user’s data unless they receive payment within 24 hours. Attackers frequently demand payment in cryptocurrencies such as bitcoin to make their identities and the transactions difficult to trace.
A process by which any person or entity materially affected by an action or inaction of the ICANN Board or ICANN organization can ask the ICANN Board to review or reconsider that action or inaction. Reconsideration is one of the accountability mechanisms mandated by the ICANN Bylaws.
A 30-day period following the deletion of a domain name, during which a deleted domain name is placed on hold and removed from the zone. During the RGP, a registrant can redeem an expired registration through the sponsoring registrar.
An organization that serves as the main forum and coordination point for public input to ICANN for a particular geographic region. A RALO keeps the At-Large Structures (ALSes) in its community informed about significant ICANN news. RALOs also establish mechanisms to facilitate two-way communication between the ALSes and ICANN policymakers so interested individuals can share their views on pending issues.
Each RALO elects its leadership and defines its own operating rules.
An individual or entity who registers a domain name. Upon registration of a domain name, a registrant enters into a contract with a registrar. The contract describes the terms under which the registrar agrees to register and maintain the requested name.
After registration, registrants manage their domain name settings through their registrar. To modify a setting, a registrant submits the changes to the registrar, and the registrar sends the change to the registry.
An organization through which individuals and entities (registrants) register domain names. During the registration process, a registrar verifies that the requested domain name meets registry requirements, and submits the name to the appropriate registry operator. Registrars are also responsible for collecting required information from registrants and making the information available through WHOIS. After registration, registrants can make updates to their domain name settings through their registrars.
A registrar that has entered into a Registrar Accreditation Agreement with ICANN is referred to as an ICANN-accredited registrar. A listing of ICANN-accredited registrars appears on the ICANN website.
A stakeholder group within the Generic Names Supporting Organization (GNSO) that represents the interests and concerns of generic top-level domain registrars accredited by and under contract to ICANN. The RrSG is a member of the Contracted Parties House within the GNSO Council.
An HTTP-based protocol that provides access to information about current domain name registrations and Internet Protocol address allocations. RDAP was designed as a replacement for the WHOIS protocol. Advantages of RDAP include secure data transmission via HTTPS, support for internationalization, and the ability to limit access to certain information about a registration.
A periodic review required by the ICANN Bylaws to assess the effectiveness of the generic top-level domain Registration Directory Services. The RDS Review is designed to assess whether the implementation of the Registration Directory Services meets the legitimate needs of law enforcement, promotes consumer trust, and safeguards registrant data.
Note: This review was formerly known as the WHOIS Review.
A set of online services that registrars and registry operators of top-level domains provide to enable public access to Domain Name Registration Data. Currently, Registration Directory Services are available for generic top-level domains through the WHOIS protocol and through HTTP-based directory services.
A formal procedure that gives established institutions a way to resolve disputes related to the registration restrictions in the Registry Agreement for a generic top-level domain.
Disputes resolved through an RRDRP are administered by Dispute Resolution Service Providers approved by ICANN. Complainants are required to take specific steps to address their issues before filing a formal complaint. An expert panel determines whether a registry operator is at fault and recommends remedies to ICANN.
An authoritative master database of the domain names registered in a top-level domain (TLD). Each TLD is associated with a registry that contains a record for each domain name that exists in its domain. The Domain Name System consults the TLD registry to obtain the authoritative name servers for the domain names registered in that TLD.
The organization that maintains the master database (registry) of all domain names registered in a particular top-level domain (TLD). ROs receive requests from registrars to add, delete, or modify domain names, and they make the requested changes in the registry.
An RO also operates the TLD’s authoritative name servers and generates the zone file. This information enables recursive name servers across the Internet to translate domain names into Internet Protocol (IP) addresses, so devices on the Internet can connect to one another.
A set of services that registry operators of generic top-level domains (gTLD) provide under their Registry Agreements with ICANN. To modify existing registry services or offer new registry services, gTLD registry operators must obtain approval from ICANN as outlined in the Registry Services Evaluation Policy.
A stakeholder group within the Generic Names Supporting Organization (GNSO) that represents the interests and concerns of the generic top-level domain registries under contract to ICANN. The RySG is a member of the Contracted Parties House within the GNSO Council.
A set of tests to determine whether a registry operator has the capacity to operate a new generic top-level domain in a stable and secure manner. The RST checks critical registry functions as described in the Registry Agreement. Testing requirements vary depending on the services a registry operator supports.
A list of domain names, Uniform Resource Locators (URLs), or Internet Protocol (IP) addresses that are known security threats. Security systems throughout the Internet use RBLs to keep malicious or unwanted material from reaching victims. In addition to filtering out billions of incoming spam messages a day, RBLs block outgoing requests to malicious or disreputable IP addresses.
RBLs are created and maintained by commercial service providers, researchers, and public interest communities.
A document of record produced by the Internet Engineering Task Force (IETF), the Internet Research Task Force (IRTF), or the Internet Architecture Board (IAB). When the IETF develops an Internet standard, the standard is published as an RFC. The IAB, IRTF, and IETF also use RFCs to publish best practices and informational material.
A Domain Name System (DNS) server that resolves host names on behalf of Internet users and applications (clients). Distributed throughout the Internet, a resolver performs iterative queries, starting at the root zone, to obtain the Internet Protocol (IP) address of a host computer requested by a client. Resolvers typically cache their query results so they can quickly retrieve the IP addresses for host names they have already resolved.
Periodic assessments mandated by the ICANN Bylaws that are critical for maintaining the health of the multistakeholder model. These mechanisms help ICANN determine the effectiveness, transparency, and accountability of its organizations (Organizational Reviews) and gauge its performance with respect to key commitments and core values (Specific Reviews).
The person or entity that maintains a set of rights to a particular property. With respect to policy development regarding domain names, the term rightsholder often refers to a person, entity, or designee (such as a licensee or assignee) that holds intellectual property rights on a specific trademark.
More generally, root can refer to the central authority for a hierarchical system. In this sense, it is sometimes used to refer to the Internet Assigned Numbers Authority (IANA) functions, which maintain the root for many of the Internet’s naming and numbering systems.
A file that provides the names and Internet Protocol (IP) addresses of the 13 authoritative name servers in the root zone of the Domain Name System. Recursive resolvers consult this file when resolving domain names whose IP addresses are not in local cache. The root hints file is often installed with the resolver software. It is also available from the Internet Assigned Numbers Authority website.
An individual server that responds to Domain Name System queries that are directed to the Internet Protocol (IP) address of one of the servers that is authoritative for the root zone. For example, an “instance of the ICANN Managed Root Server" refers to a root server that answers queries sent to the IP address of the authoritative name server operated by ICANN.
Hundreds of root server instances exist around the world. When a resolver submits a query to a root server, anycast routing relays the query packet to the nearest (in terms of routing layout) root server instance. If a local instance is unavailable (perhaps due to a power outage or a network problem), routers automatically redirect the query to the next nearest instance.
The Advisory Committee that advises the ICANN Board and the ICANN community on matters relating to the operation, administration, security, and integrity of the Internet’s Root Server System. The RSSAC consists of representatives from the root server operator organizations and liaisons from other ICANN groups and the partner organizations involved in the technical and operational management of the root zone.
The group within the RSSAC that is responsible for the essential work of the RSSAC. The RSSAC Caucus produces advisories, reports, and other technical documents for approval by the RSSAC. The RSSAC Caucus consists of RSSAC members and individual Domain Name System and root server system experts appointed by the RSSAC.
The collective services provided by all of the anycast instances managed by the root server operators. The root service responds to Domain Name System queries about the root zone. It does not matter which root server instance responds to a query. All root servers with the same version or edition of the root zone provide identical answers. Answers received from the root service can be validated using the Domain Name System Security Extensions.
The authoritative key at the top of the chain of trust for the Domain Name System Security Extensions (DNSSEC). The authority of the root trust anchor is conferred through parameter settings on DNSSEC-aware resolvers. It is not derived from other keys.
The root trust anchor consists of a public-private key pair. The private key is used to sign the zone signing key (ZSK) for the root zone. DNSSEC-aware resolvers use the public key to verify the authenticity of data in the root zone.
The top of the Domain Name System hierarchy. The root zone contains all the information needed to find top-level domains. Each edition of the root zone has a unique serial number. All root servers are expected to have (and respond to queries about) the current edition of the root zone.
The entity responsible for managing the data contained within the root zone. The Root Zone Administrator works with the operators of top-level domains (TLDs) and maintains technical and administrative details about the TLDs.
The group that reviews proposed architecture changes to the contents of the Domain Name System root zone and makes recommendations regarding the changes to the ICANN Board. The RZERC consists of nine members:
The public-private key pair that is the secure entry point for the root zone and serves as the root trust anchor for the Domain Name System Security Extensions (DNSSEC). The root trust anchor uses its private key to digitally sign the zone signing key (ZSK) for the root zone. DNSSEC-aware resolvers use the root trust anchor’s public key to verify the authenticity of the data in the root zone.
The entity that provides services related to the KSK for the Domain Name System as outlined in the DNSSEC Practice Statement for the Root Zone ZSK Operator.
The RZ KSK Operator is responsible for:
The RZ KSK Operator role is performed by Public Technical Identifiers (PTI) as part of its contracts with ICANN to perform the Internet Assigned Numbers Authority (IANA) functions. PTI is an affiliate of ICANN.
The process of retiring a root zone key signing key (KSK) and replacing it with a new key. The requirement for periodic rollovers of the KSK is specified in the DNSSEC Practice Statement for the Root Zone KSK Operator.
A set of rules that determine valid top-level domain labels and their variant labels. The RZ-LGR includes a list of permissible code points and variant code point mappings (if any), along with a set of rules that act on these code points and mappings.
The entity that accepts root zone data from the Root Zone Administrator, cryptographically signs the root zone data using the zone signing key, and places the signed data in the root zone distribution system. The RZM also serves as the Zone Signing Key Operator for the root zone.
The Internet Assigned Numbers Authority (IANA) function related to the stewardship of the root zone. Root zone management involves maintaining the authoritative registry of the top-level domains (TLDs), coordinating with the operators of the TLDs, and managing the root zone’s key signing key (KSK).
The entity that provides services related to the ZSK for the root zone as outlined in the DNSSEC Practice Statement for the Root Zone ZSK Operator.
The RZ ZSK Operator is responsible for: