The two most important identifiers on the Internet are IP Addresses and Domain Names: without these identifiers, and the systems that manage them, “the net” as we know it would not function.
Domain Names and IP Addresses are sometimes confused, but the difference is fundamental. A Domain Name is a name: a label or brand which we use to refer to something on the Internet; while an IP Address is an address: it identifies where something is on the Internet.
What’s in a Name?
Domain Names are intended to be easy to remember, unlike IP Addresses which are lengthy numbers carrying no obvious meaning. The Domain Name System (DNS) provides the directory service which automatically translates a given Domain Name into its associated IP Address, avoiding the need to remember that address.
The DNS is a distributed database system which provides a predictable answer to any given query, no matter where in the world that query is issued. It is also hierarchical, allowing the independent, autonomous administration of its many “zones”: whether at the top-level, such as .com, .net, .np, .io, or .museum; or lower, such as “.co.jp” or “.qld.gov.au”.
Any hierarchy has a “root” which can represent a source of authority or a first point of reference for exploring that hierarchy; and the root of the DNS serves both purposes. The DNS root is critically important to the Internet, because it delegates authority to all lower-level domains, and because it directs every DNS query to the correct authority. A failure at this top level (whether administrative or technical) could make an entire DNS zone unreachable – whether that be “generic” top-level domain such as “.com” or a country’s own “ccTLD”, like “.jp”.
What’s in a Number?
If names are used by the DNS to find addresses, then addresses are used on the Internet in a completely different manner. The DNS serves as a single global database for automatically translating names to addresses. However, there is no parallel system in Internet numbering; rather, the use of IP addresses in the operating Internet is entirely distributed and depends on no central service or authority.
The closest parallel in IP addressing to the DNS root zone may be the so-called “Global Routing Tables”, however these tables are maintained separately by each network (each ISP or Autonomous System) and are entirely “subjective”: each table represents a “view” of the Internet which is unique to that network and different from every other. Finally, there is no form of external control, and no need for any such control, over these tables – they exist entirely for the use of the network concerned, to control their own routing decisions.
The Internet’s distributed routing system is at the core of the claim that the Internet is designed to endure attack: because the system is decentralized with no single point of control. As we say, the Internet can “route around” faults and failures, precisely because of the distributed nature of Internet routing.
What’s in a Registry?
A source of confusion between Domain Names and IP Addresses is that each involves a system of “registries” to facilitate their management. However, the purpose and use of these registries should not be confused with the purpose and use of the names and numbers themselves.
At the core of any Domain Name or IP Address registry is a “whois” database which provides public information about the holders of registered resources. These registries have particular importance to the operation of the Internet because they allow online problems to be located to particular people and organizations. This is a common purpose of both name and number registries.
But the common use of a “registry service” conceals a big difference between the Domain Name and IP Address registry organizations. In the case of names, the registry database also corresponds to the DNS zone file and the DNS servers which actually answer DNS queries on the Internet. Therefore, if the registry organization were to revoke any of its registered domains, then that act would cause an immediate operational impact – by disabling that domain and every domain name within it.
On the other hand, an address registry database has no corresponding operational service, and there is no corresponding zone file or directory which is critical to the real-time use of IP Addresses on the Internet. If an IP address registry revokes a registration, even for a large block of addresses, then this does NOT affect the ability of those IP Addresses to be used on the Internet.
- The Domain Naming System (DNS) has a distinct “root” which represents a top level of hierarchical authority and plays a critical role in the live, real-time operation of the DNS.
- The IP Addressing system has no such “root”. The address registries (whether at IANA or RIRs) only represent points of consensus among respective communities as to what “registry” is recognized.
- The operational model of the Internet addressing system is not hierarchical, but distributed, and address registries cannot unilaterally interfere in the operational use of IP Addresses.
- In considering the nature of operational and governance models for Internet Domain Names and IP Addresses, and also the risks that may be associated with those models, it is important to recognize the differences between these identifier systems.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.