Analysis: What exact control over the Internet is the US giving up and is it bad or not?

Summary:The single most important question is this: what does America currently control and therefore, what would we actually be giving up?

One of the problems of being non-partisan, patriotic (but not jingoistic), and strategic is that knee-jerk reactions can't necessarily become talking points. Gut feelings can't become strategy statements. Uninformed personal preferences can't be presented to all of you as if they were considered recommendations.

In other words, smart recommendations need to be backed by doing one's homework.

This, of course, brings us to Friday's announcement that, to quote Vladimir Putin's personal propaganda organ, (Russia Today), "Amid NSA fallout, US to relinquish top internet oversight role."

My first thought, my knee-jerk reaction was a simple W-T-F. Is the US government out of its mind? How could America possibly give up a strategic resource this important? Is this another case of our weak-willed politicians jumping at every imagined shadow and trying to curry favor with everyone on the planet?

Can we keep it safe and can we keep the schmucks out?

I wanted to stand on my oh-so-beloved leather couch and shout, "What the hell is wrong with you people?" Except, well, my wife doesn't let me stand on my couch (I broke one, once), and no one really listens when I shout back at the TV (which is, fundamentally, why I became a blogger and wound up writing this column). By writing rather than shouting, I don't break furniture, I don't scare my family members, and I protect my oh-so-luxuriously smooth vocal chords.

Where's the homework in all this? As it turns out, there are a few questions. The single most important question is this: what does America currently control and therefore, what would we actually be giving up?

That's what the rest of this article is about.

It's all about our roots

Although this seems like a political discussion, at the root the entire issue of Internet control are the DNS root files. Let's do a 30-second, overly general recap of DNS.

The domain name system is the component of the Internet that helps connect domain names to the actual IP addresses of the server or servers operating the domain. It's how, when you type into your browser, your browser is actually able to ask a specific machine to deliver the contents of our home page to you.

I sometimes tell people to think of the DNS as a phone book. When you look up someone's name in the phone book (back when we did such things), you'd see a phone number next to the name. So if you wanted to call Bob Smith, you'd look up his name, get a number, and dial the digits.

There are, of course, differences between the Internet and a phone book. First, of course, who uses phone books anymore? I can't recall the last time I actually saw a printed phone book (and I certainly don't miss them). Second, all the looking up goes on electronically in the "cloud" rather than thumbing through pages of paper.

But there are some things that make it a decent analogy. For example, we all know about area codes here in the US. Washington, DC is in the 202 area code and New York City is 212. If you prefix 555-5555 with 202, you ring a phone in DC. If you prefix it with 212, you're dialin' the Big Apple.

Likewise, we have the top-level domains like .com, .net, and so forth. If you go to, you might be directed to an entirely different site than The .com, .net, .uk, and so forth are what are known as top-level domains, or TLDs.

So let's say you want to go to The first thing that happens behind the scenes is your computer needs to know who owns and operates the .com TLD. In practice, this is usually one of many mirrored servers because having every single Internet user pounding on one resolver for .com would cause a meltdown.

In any case, your behind-the-scenes browser request finds out from the very tippy-top of the domain tree who "owns" .com, and then asks that server who manages the ZDNet domain. That server (usually operated by a domain registrar) then points your behind-the-scenes browser agent to a variable number of hops that will eventually result in an authoritative address for the server.

If you think about it, then, the folks who "own" .com have a heck of a lot of power, because if they happened to want to, they could -- theoretically -- route all the requests to,,, and to someplace they control. This, in fact, is how hackers sometimes hijack Web sites or generate denial of service attacks. They redirect domain traffic from its actual server cluster to someplace else.

So if .com is queried to point to all the domain name servers that resolve .com domains, you might imagine that there's some Mount Olympus-style resolver in the very upper stratosphere of the domain name system that tells the machines all over the world who operates .com (and many of the other TLDs).

Who runs this thing?

This Mount Olympus root domain resolver has been indirectly operated by the US government since the beginning of the Internet. In effect, the U.S. government has had some say in who tells the world where the .com and the other TLDs live.

This uber-top domain resolver is called the "authoritive root zone file" and is operated by an entity known as the Internet Assigned Numbers Authority (IANA). IANA is really a set of Internet management functions overseen by the NTIA (National Telecommunications and Information Administration), which, itself, is part of the US Commerce Department.

There's more. Keep reading... 

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at

Topics: Government : US, Government


In addition to hosting the ZDNet Government and ZDNet DIY-IT blogs, CBS Interactive's Distinguished Lecturer David Gewirtz is an author, U.S. policy advisor and computer scientist. He is featured in The History Channel special The President's Book of Secrets, is one of America's foremost cyber-security experts, and is a top expert on savi... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.