ICANN 76 just wrapped up, and we were excited to have Mark Price, NetActuate’s VP of Infrastructure, attend. He traveled to Cancún, Mexico, from March 11-16 to meet with customers and partners and learn about technical areas of interest in the world of internet infrastructure.
What is ICANN?
ICANN stands for the Internet Corporation for Assigned Names and Numbers. These assigned names and numbers, or addresses, help one person reach another over the Internet, and they all must be unique. ICANN was created in 1998 to coordinate and facilitate these unique identifiers worldwide. ICANN is a global nonprofit with participants and members from all over the world. This year, ICANN held their 76th community forum in Mexico.
New gTLDs and ICANN leadership were front and center
Throughout the multi-day event, two major areas of focus were widely discussed. The first was the process for adding even more new gTLDs (generic top-level domains). The very first gTLDs are the ones we are all familiar with: .com, .net, and .org. Today, there are more than 1,241. These domains represent a wide range of uses, such as .aero for airline transport industry, .tokyo and .kiwi for geographic regions, as well as domains like .shop and .info, which are more widely available for anyone to register.
At ICANN 76, the board adopted recommendations and set in motion the start of the implementation process for the next round of new gTLDs. ICANN updates its gTLD statistics every month on its website. To date, 1,930 applications have been submitted, though not all get approved.
New ICANN leadership was another important topic during the event. The ICANN board approved the establishment of a President and CEO Search Committee to identify and recommend new candidates for ICANN’s next leader. The Board appointed eight members to serve on the committee, including its leadership: Chris Chapman (Chair), Sarah Deutsch (Vice Chair), Tripti Sinha, Becky Burr, Christian Kaufmann, Sajid Rahman, León Sánchez, and Katrina Sataki.
Root server governance, DNSSEC adoption, and routing security
When he wasn’t meeting with customers and providers, three informational sessions really stood out to Price. The first was about Root Server Governance. During ICANN, six working group sessions were held. Ken Renard, Lars-Johan Liman, and Wes Hardaker also held an informational session to help attendees understand what root servers are, the current state of root servers, what anycast is, and why it’s so important for root servers, and the evolution of how these servers are governed. You can watch the Zoom recording of ICANN 76’s Root Server System Information Session.
All lookups of domain names on the internet rely on 13 Root Server Operators. The RSOs have an effective but somewhat informal governance structure today, so the six working group sessions focused on asking a lot of hard questions as part of their overall work towards developing a more structured governance model.
DNSSEC adoption was another topic of interest at ICANN 76. DNSSEC is an extension to the DNS protocol that uses cryptography to secure DNS lookups.
When your computer asks your local DNS server to lookup a name like anycast.com, the use of DNSSEC would ensure that a bad actor isn’t hijacking or mangling the DNS response to direct your computer to a malicious IP. Despite being deployed in the root servers over 10 years ago, worldwide adoption is less than 50% today.
Kimberly Carlson, ICANN Policy Operations Specialist, and Kathy Schnitt, ICANN SSAC Support Specialist, held three DNSSEC and Security Workshops to support those implementing DNSSEC, and come up some ideas for how to make DNSSEC implementation easier.
Resource Public Key Infrastructure (RPKI) and routing security overall was also something that several sessions and individual conversations touched on. RPKI which is an important part of keeping the Internet safe and secure. It involved using a cryptographic method of signing records that make sure a BGP route announcement is coming from the correct originating AS number, similar to secure web browsing.
Network operators can prevent inadvertent IP route hijacking by utilizing RPKI. At NetActuate, we have recently undertaken two measures: signing all our IP announcements with matching Route Origin Authorizations (ROAs) and deploying RPKI ROA validation on our transit and customer edges.
Overall, we were thrilled to participate in ICANN’s informative, exciting multi-day event. ICANN is such an important organization, overseeing a massive and complicated interconnected network of unique identifiers. They work to ensure the “universal resolvability” of the Internet, meaning that no matter where in the world you are, you can expect the same results when you type in any URL. Without it, the Internet would work entirely differently region by region, which would make life infinitely more difficult.