Skip to main content

First ICANN Managed Root Server Instance Installed in Palau

Enhancing the Internet experience for Palau Internet users

SINGAPORE – 2 July 2020 – The Internet Corporation for Assigned Names and Numbers (ICANN) today announced the successful installation of an ICANN Managed Root Server (IMRS) instance in the Republic of Palau (Palau).

The installation of the first Palau instance is a joint effort between ICANN and the Palau National Communications Corporation (PNCC). PNCC supplied the equipment necessary for the installations and the bandwidth needed to support the instance.

"We appreciate the joint effort by PNCC to host the IMRS instance. This commitment improves root zone Domain Name System service, and augments the technical stability and resiliency of the Domain Name System in the region," said David Conrad, ICANN Chief Technology Officer.

"Having an IMRS instance in Palau should not be considered a PNCC accomplishment," said Leo Ben Teriong, PNCC Chief Executive Officer. "It is an advancement in the quality of experience that every Internet user in Palau will benefit from, as we continue to build our Republic of Palau hand-in-hand."

ICANN manages more than 165 IMRS instances around the world, most of which are hosted by third parties. There are now 22 IMRS instances installed in Oceania, located in Australia, Federated States of Micronesia, Fiji, French Polynesia, Guam, Marshall Islands, New Caledonia, New Zealand, Palau, Papua New Guinea, Samoa, and Solomon Islands.


ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you have to type an address - a name or a number - into your computer or other device. That address must be unique, so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation and a community with participants from all over the world.


What is a root server?

A root server is a name server for the Domain Name System (DNS) root zone. Root servers respond to DNS lookup requests made by DNS resolvers generally operated by Internet service providers. When the request is a query about the root zone itself, the root server will respond authoritatively with the answer. For all other queries, the root server will respond with either a referral to the appropriate top-level domain (TLD) name server or an error response (e.g., to indicate a non-existent TLD). Each root server is made up of a number of machines at multiple locations. These machines are known as instances.

What is a root server instance?

An instance makes use of an Internet traffic routing technique known as "anycast" that allows all the root server's instances to have the same two IP addresses (an IPv4 address and an IPv6 address) and to serve the same DNS content, including information about the name servers for TLDs.

Benefits of root server instances

Increasing the number of instances improves the overall fault tolerance of the DNS, bolsters the resilience against certain types of cyber threats such as Denial of Service (DoS) attacks, and can reduce the response time that local Internet users experience during DNS queries.

Contrary to common misconception, root servers do not control the Internet. The operation of an instance also does not provide any mechanism to alter content of the DNS. Any modification of root zone content will be mitigated by a part of the DNS protocol known as the DNS Security Extensions (DNSSEC) and if an instance fails to respond to a query, resolvers will ask the same question to another instance or root server.

Regardless of which root server the resolvers are sending queries to, spreading more instances geographically leads to a more resilient, dispersed system that reduces the risk of Internet users being taken offline by a problem or attack. The increased distribution of instances also ensures that the turnaround time of a DNS query and response is as fast as possible, resulting in better experiences for Internet users.

Historically, there were 13 individual machines that provided root service, with each one of those machines having one of 13 unique IPv4 addresses. However, today, there are 26 unique IP addresses - 13 IPv4 and 13 IPv6, that are used to provide root service via over 1000 individual machines. The equipment, hardware, and connectivity for the machines that use those 26 addresses are administered by 12 organizations known as "root server operators." ICANN, which administers the ICANN Managed Root Server (IMRS), is one of those 12 organizations.

Each of the root server operators manages their constellation of instances independently of the others, although they do coordinate with one another when needs arise. While the service provided by each root server operator may differ in how the service is offered, they are identical in the answers to DNS questions they receive. No root server operator is unique - all 12 root server operators obtain root zone data as defined by the Internet Assigned Numbers Authority (IANA) and make that data available via the IPv4 or IPv6 address associated with their server.

More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."