How time flies. Forty years ago, symbolics.com was registered as the first commercial domain in what was then a relatively new model of name-to-address mapping. Most of the Internet ran on the HOSTS.TXT file — a simple linear list of assigned IP addresses, host by host, and the name you wanted to use to find it. Domain names existed inside the UUCP framework, alongside simple unique labels (we were all still in transition from having to explicitly state how to forward messages between hosts), and also in email, with the worldwide selection of ISO two-letter codes to denote your local economy (notoriously at the time, the UK decided to select right-to-left order in domain names — a decision reversed after much confusion some time later as the Internet spread).
At the time, domains were being operated by a US entity called SRI International under contract to the US Department of Defense. Subsequently, this contract passed to Network Solutions Incorporated (NSI) in the 1990s. NSI was acquired by Verisign in the early 2000s. Having retained the domain business, NSI was spun out and sold. Verisign therefore represents the modern era of .com domain management and has done a superb job of operating this huge, highly successful domain.
A recent Verisign blog post discusses their take on the operation of this service, which is undoubtedly a huge financial and technical commitment. They have to provide backend customer management services for hundreds of millions of domain holders worldwide, produce a stable, reliable DNS zone state with DNSSEC signing, and distribute it globally to their services 24/7. They also have to deal with ongoing attacks against backend and frontend services and manage large, complex supply chain dependencies across the Internet, which cannot always guarantee the level of service they must offer. This is a high-risk, high-stakes activity.
What may not be as well understood is that Verisign also has contracts with ICANN to provide services to the ‘root’ domain — the ‘.‘ (dot) at the end of every domain name in the DNS. They manage the production of the root zone file, perform much of the work to construct and sign this zone, publish its authoritative state, and distribute it to the other 12 root zone operators. In conjunction with Verisign, these operators run over 1,400 nodes of authoritative DNS root nameservers worldwide in an anycast BGP deployment. Verisign also works extensively in DNS protocol specification within the IETF and has made highly significant contributions to the design of the DNS — some of which we’ve discussed here on the APNIC Blog and in PING recordings with Duane Wessels. Verisign technical engineers have also been working on post-quantum cryptography and recently published significant new drafts in this space, heading into IETF standards processes.
As we reflect on the 40-year journey from symbolics.com to today’s vast, interconnected domain space, Verisign’s role serves as a reminder of the critical importance of dependable infrastructure and the organizations that quietly keep it running.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.