Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
|
||
|
||
As the Internet approaches its eighth decade, the Domain Name System (DNS) root remains one of its most durable yet least understood institutions. It is a technical and organizational construct that quietly sustains the global Internet’s coherence, mapping names to addresses and thereby ensuring that the network remains a single, interoperable space. Yet, for all its centrality, the root of the DNS continues to operate within a private-law framework—governed by contracts, memoranda of understanding, and policies administered by ICANN, Verisign, and other entities—rather than under any public international legal regime.
This structural paradox is about to become more consequential. The forthcoming round of the New gTLD Program will reopen the DNS root for expansion for the first time in over a decade. Alongside long-awaited policy refinements, ICANN has revived its Applicant Support Program (ASP), designed to facilitate participation from entities in developing regions. Yet this initiative, laudable as it is, exposes a deeper normative question: can a global public resource continue to be governed as a private registry without public-law duties of fairness, inclusion, and accountability?
As Geoff Huston has aptly noted here, the governance of the DNS root has historically rested on a foundation of trust and habit rather than law. In the late 1980s, Jon Postel’s stewardship of the root system reflected an era of collegial consensus among a small community of technical experts. That informal model has since been institutionalized through ICANN’s multistakeholder framework, the Root Zone Management Agreement with Verisign, and the post-IANA transition arrangements.
Yet despite its global impact, the root remains legally situated within the private domain of U.S. non-profit law. ICANN’s incorporation under California law, its contractual relationships with registries and registrars, and its policy-making authority delegated by the community all form a web of private agreements that stand in for public legitimacy. No treaty, charter, or international legal instrument enshrines states’ or communities’ rights regarding participation in, or access to, the root zone.
This arrangement has served the Internet’s early growth well—flexible, adaptive, and insulated from geopolitical paralysis. However, as the Internet’s infrastructure now underpins critical public services, national economies, and global AI ecosystems, a purely private model appears increasingly inadequate. The governance of the root has quietly become a matter of global constitutional importance.
ICANN’s forthcoming round of new generic top-level domains represents both continuity and change. On the one hand, it is the natural continuation of a policy process that began with the 2012 expansion, aimed at fostering competition and innovation. On the other, it reopens the question of who has the capacity and right to participate in the namespace at the very top of the Internet’s addressing hierarchy.
The Applicant Support Program seeks to mitigate disparities by providing financial and procedural assistance to entities from less developed economies. Yet, crucially, this support is a policy choice, not a legal entitlement. Applicants from the Global South, small community-based organizations, and indigenous groups must still navigate a process defined by private contractual norms, where access depends on resources, not rights.
This highlights the enduring asymmetry in the DNS system: participation in a global public resource is mediated by private law and market capacity, not by principles of equality, due process, or distributive fairness. ICANN’s rhetoric of serving the “global public interest” thus risks remaining aspirational unless translated into binding governance obligations.
If the DNS root is the Internet’s shared constitutional foundation, then the next round of gTLDs is not merely a technical or administrative process—it is a constitutional moment in which the principles of access, fairness, and accountability must be re-examined.
The legal character of the DNS root has long rested on the fiction that private contracts can adequately manage what is, in essence, a public global utility. ICANN’s agreements with Verisign and its policy development processes have created a sophisticated, quasi-constitutional ecosystem. Yet the absence of public-law mechanisms—such as procedural due process, independent review rooted in legal obligation, and enforceable rights of participation—remains a structural weakness.
The limitations of this model are not hypothetical. Recent controversies surrounding AFRINIC’s governance crisis, ICANN’s NomCom independence debate, and root zone change procedures demonstrate the fragility of a system that relies on procedural norms rather than legal guarantees. Each episode underscores the same tension: when global governance is exercised through private contracts, remedies for affected parties are limited to internal review rather than external adjudication.
In this sense, the DNS root sits at the intersection of technical sovereignty and legal invisibility. It functions globally, yet belongs legally nowhere. The Applicant Support debate merely brings this contradiction into sharper focus: if the root is genuinely global, why should participation depend on the benevolence of private institutions rather than on rights grounded in public law?
A “public-law turn” in DNS governance need not mean intergovernmental control or the erosion of the multistakeholder model. Rather, it entails recognizing that global technical infrastructure must be administered with the duties and standards of public trusteeship.
Such a framework could include:
These measures would not only enhance fairness but also protect the multistakeholder model itself by insulating it from accusations of corporate capture or geopolitical bias. Public-law reasoning—emphasizing transparency, reviewability, and the public interest—is not antithetical to technical governance. It is what enables it to endure amid political and technological change.
The Internet’s continued unity depends on the credibility of its core institutions. As AI-driven systems, sovereign digital policies, and competing national regulations reshape cyberspace, the DNS root stands as a reminder that the infrastructure of trust cannot remain legally invisible.
The forthcoming round of new gTLDs offers an opportunity—and a responsibility—to align governance of the root with the values it purports to serve. Embedding public-law principles in ICANN’s framework would not signify a retreat from multistakeholderism but its maturation: a recognition that global stewardship entails obligations, not merely agreements.
If the DNS root is indeed the Internet’s unwritten constitution, then its next amendment—through the addition of new gTLDs—should affirm not only innovation and competition but equity, transparency, and the rule of law. Only by embracing this public dimension can ICANN ensure that the expansion of the namespace reflects a truly global public interest, not merely the contractual will of those already empowered to shape it.
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byVerisign
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byVerisign
A World-Renowned Source for Internet Developments. Serving Since 2002.
I noticed that you used the phrase “the Domain Name System”. That word “the” reflects a common misunderstanding that there is and must be exactly one DNS hierarchy.
The only “the” about DNS is that most of us have tacitly (and some explicitly) chosen to adopt a domain name hierarchy based on a particular set of root server anycast clusters (or not-really root, but resolving proxies, such as Google’s 8.8.8.8, or whatever is at the far end of a browser’s DoH or DoT DNS lookup machinery.)
About two decades ago many of us explored competing root systems.
Competing root systems work and can be completely transparent and inclusive of the existing TLD and even lower level DNS hierarchy of names and servers, including DNSSEC. However, many of the early competing root systems were not well run or otherwise made themselves unattractive to users. But that need not be the case.
Perhaps the big reason that people have been slow to change to competing roots is that the main system is run extremely well and there is no pressure to change.
However, change is possible. And the forces that may drive people to competing root systems are increasing, particularly as national and cultural concerns are slowly becoming aware that control of a DNS root can bring considerable power.
For instance 20 years back I wrote “What Could You Do With Your Own Root Server?” https://www.cavebear.com/old_cbblog/000232.html
And as the US, as seen by many in other nations, drifts politically, there will be increasing awareness that of the 13 root server anycast group operators, many are part of the US government or US corporations that might, in these days of tension, be seen as form of continuing US hegemony over the net.
Nearly 25 years ago in my note to the National Research Council, “Thoughts on Internet Naming Systems” ( https://www.cavebear.com/archive/rw/nrc_presentation_july_11_2001.pdf ), I considered some of the attributes we want of an internet naming system.
DNS has some of those attributes but not all. And cloud/mobile systems are stressing even those things that DNS does do. (See, for instance my 2010 note “On Entity Associations In A Cloud Network” - https://www.cavebear.com/archive/public/cloud-entities.pdf )
In that NRC submission I considered three aspects:
+ Location invariance
+ Client invariance
+ Temporal invariance
DNS fails on all three of these points.
I do see the net slowly Balkanizing - See my note “Internet: Quo Vadis (Where are you going?)” - https://www.cavebear.com/cavebear-blog/internet_quo_vadis/
This evolution of the net, particularly the fading of domain names into the underlying machinery, rarely seen by users (much like MAC and IP addresses have submerged out of view of most users), is opening the door to changes in our network naming systems. We see that change in the way we, as users, now tend to use application specific identifiers (e.g. Mastodon handles) rather than domain names.
To a smaller or larger extent, DNS services have been shaped by some rather arbitrary rules issued by ICANN. Why, for instance, are names typically available only in one year increments for a ten year maximum? An entire industry has grown up to help long-lived companies and institutions remember to dance to that jig that was composed by fiat and without any public consultation.
The DNS design and deployment has been an enormous success. But it is not perfect and, although designed with foresight, could become an anchor that constrains the internet yet to be.
(As an example, just look at the contortions we had to make to squeeze multi-language names into DNS.)
Karl (if I may),
I’ve long been a fan of your work, both on this platform and beyond, and deeply appreciate you chiming in. We’re not in disagreement. As a long-time ICANN community member, I’ve internalised the “one world, one Internet” mantra, though, as you (and others) rightly note, it may no longer reflect the reality of a splintering cyberspace.
Still, I’m not yet ready to admit that the system we’ve worked so hard to preserve is merely 'a' DNS rather than 'the' DNS. Perhaps that’s an idealistic belief, but is it time to abandon it? As I noted in my comment to President Curran below, my concern is for the durability and stability of the multistakeholder model built on that very premise, especially as geopolitical pressures and splinternet scenarios become more real.
My students - 19 or 20 years old - are often surprised to learn there’s just one Domain Name System behind all the devices they use. In a way, that surprise echoes what you describe as 'our tacit collective choice' to rely on a single, shared hierarchy of root servers that many are no longer aware of. It's the reason why I always invite fellow ICANN volunteers from the technical community to speak with them – because I believe it’s still our job to keep the ARPANET story and its success alive. I’m not ready to think of the DNS as just an option. Are you?
Professor Kulesza –
I don’t have enough direct interaction with ICANN’s decisional processes to judge their overall adequacy in areas like transparency or due process, but I would like to clarify one specific point – your assertion that there is no external review mechanism for substantial objections.
You wrote that “remedies for affected parties are limited to internal review rather than external adjudication,” which makes it sound as though ICANN remains a closed, self-reviewing system. That might have been true many years ago, but I don’t believe that’s the case today.
Since the 2016 IANA Stewardship Transition, ICANN’s Empowered Community (EC) has provided a binding, community-based check on the Board and organization. The EC isn’t an internal advisory group – it’s my understanding (admittedly as a layperson) that it was created as the legal embodiment of the multistakeholder community itself in that it designates ICANN’s directors, and acts, under California nonprofit law, as ICANN’s single statutory ‘member’ in exercising the community’s collective oversight powers. It can reject budgets or bylaws, remove individual directors, or even the entire Board, and those powers are enforceable under law, not merely matters of internal policy.
I agree that ICANN’s model isn’t public-law governance – it’s constitutional and contractual rather than sovereign. But it’s also not fair to describe its accountability as merely “internal” or “non-binding,” given that the Empowered Community serves as a real, legal layer of oversight that gives the community binding control over ICANN’s actions. This is important, because if the community identifies processes that could be strengthened to better align with ICANN’s stewardship duties, the Empowered Community structure established as part of the IANA Stewardship Transition already provides the tools necessary to establish them – if such improvements don’t happen organically through the existing community-based policy mechanisms.
As a California lawyer I have long had serious doubts about the validity of ICANN's use of (or in my view, abuse of) California's Public-Benefit/Non-Profit laws about members.
My history with this stuff goes deep - Jon Postel wanted me to help him figure out this stuff in the pre NEWCO/ICANN era, I was part of the Boston Working Group that submitted a modified proposal to NTIA when ICANN was being formed, I ran in and won the year 2000 election for ICANN board, and I've successfully sued ICANN.
Of interest is that in the year 2000 election ICANN asserted that it was not an "election" at all but merely "selection". That juggling of words was for the express and stated purpose of evading the outside oversight that comes via California's laws, of having elected directors.
ICANN's structural and cultural resistance to oversight was made even more clear when, as a sitting board member, I had to bring an 18 month long, expensive, legal action in order to exercise my extremely clear statutory right to take a look at the financial ledgers. (I won my case although some ICANN insiders, to this day, refuse to accept the judge's quite clear decision.)
Basically, even under California's laws, an outside group of members, whether called an EC or something else, has only limited legal ability to call a corporate board onto the carpet or replace board members, but that outside entity has little to no ability to overturn or modify a choice made by the board of directors. It is not at all clear to me the degree to which powers or limitations can be extended by corporate acts, articles of incorporation, or bylaws.
It is a fairly bedrock principle of corporations law that the buck or responsibility and accountability is vested in and stops at the Directors.
There must always be a clear locus of ultimate corporate responsibility.
The existence of an EC makes it unclear where that locus of ultimate responsibility lies within ICANN.
In addition, I am skeptical about the legitimacy of the single member approach of the EC.
Clearly some degree of external control can be given to members. In our Boston Working Group (BWG) submission to NTIA back when ICANN was "NEWCO" we did put various forms of membership review and oversight (as well as certain super-majority obligations) into our proposals. Those BWG proposals are still visible at https://www.cavebear.com/archive/bwg/
There are questions, however, regarding are how far an oversight body (the EC) can overrule or channel the Board of Directors and to what degree does this muddy the the locus of responsibility for acts of the corporation?
As a consequence I see the ICANN legal foundation to be weak - that the presence of a body superior to the Board of Directors is a crack that could be used in a legal context to support a claim that ICANN is not a proper, legal corporation under California law but is merely a committee of the EC, whatever legal form that has, or of the individuals forming the EC.
Some years back I was designing a house in New Hampshire. The builder and I agreed that the useful lifetime could be be as long as 300 years. (Not an unreasonable estimate, given that my nearest neighbor's house had been occupied for more than 250 years.) So we designed in a very conservative manner, using only well tested techniques and materials. We were not willing to take risks on new methods that had not withstood the test of times.
ICANN's corporate structure, right from the beginning, was flight of fancy. It used methods and forms not well established in law, particularly California law. Even the lawyer who set up ICANN was not licensed in California and, from my dealings with him, was not beyond making clear mistakes about California corporations law.
In other words, the legal structure of ICANN, right from the beginning, was based not so much on law as it is, but law as one lawyer in a DC law firm wished it to be.
Or to put it more directly: ICANN's structure is not built on well tested, sound, broadly accepted legal foundations. It is rather, more ad hoc.
One example of this is ICANN's lifetime inability to bring the public's voice into what is a "public benefit" organization.
A driving principle of ICANN, right from the start, and continuing to this day, was (and still is) to preserve a kind of insider-picks-insider closed structure. Fear and resistance to the voice of the public is built deep into the structure of ICANN.
ICANN will have it's 30th birthday in a few years. Yet in that span I am aware of no other entity that has adopted its structure. Indeed, in the circles in which I travel, ICANN is viewed more as a regulatory body that has been captured by those it purports to regulate and viewed less as a body that pursues and vindicates the public interest.
The Internet (or as I prefer "internet" or "internet technology") has need of many more bodies of oversight. For example, the increasing problem of security measures impeding network management, fault detection, isolation, and repair is going to need a guiding hand so that the net can become the lifeline grade utility that many users blithely, but incorrectly, assume it to be.
So we are going to need more ICANN-like bodies. But should they take the structure of ICANN? The silence of support for that over the last 25+ years does not speak positively in support of a belief that ICANN's structure should be used again, as a model, in these new contexts.
Karl –
I agree ICANN’s corporate structure and governance have had a colorful history – and may not be suitable as a general model for emulation elsewhere – but my point was specifically about the Empowered Community (EC) mechanism established during the 2016 IANA Stewardship Transition.
The EC provides oversight of ICANN through the designation and removal of directors and the approval of fundamental bylaws.
There were several legal reviews of this structure during the transition, and it’s my understanding that California law permits third-party designation of directors. The EC mechanism doesn’t eclipse directors’ fiduciary duties – it simply provides a mechanism for holding the community’s authority to designate and remove directors and to approve or reject fundamental bylaws.
I observe that ICANN and its directors certainly believe those powers are extant and enforceable – so they function as a valid oversight mechanism regardless – but obviously the community should be informed if there’s a defect in their structure.
Are you of the opinion that the EC structure does not provide the EC with those stated powers, or that those powers are not enforceable for some reason?
Clearly California law allows restrictions to be placed on the acts of Boards of Directors. For example, statutes put limits on a board's ability to alienate (sell) all of a corporations assets in order to deprive creditors. And it is not infrequent for Articles of Incorporation to require certain acts of a board to be passed by a supermajority or be confirmed by stockholders, or at least some classes of shareholders.
The ICANN EC is unique in that it is a "membership" of exactly one. To my mind that is a highly suspect structure, one that undermines the notion of "public" in what is a "public benefit" corporation and substitutes something more akin to a cross-breeding of corporate and sole proprietorship forms. I consider "membership" to be a plural noun, not a singular one.
One can go back to the legislative history behind the California law that enacted membership based public benefit corporations. I presume that the mental model in the legislators' minds was that of a church with a body of members or a sailing club with a body of members. I would be surprised if any of those legislators had in mind a membership of one, particularly a one that represented the myriad interests of the actual public being served by that public benefit corporation.
To me the touchstone test is that with ICANN+EC an injured party now has uncertainly about who to name on a legal complaint. Does that injured person bring action against ICANN the corporation or against the EC?
It can be very nasty and difficult when a corporate form is penetrated. And ICANN's rather unique declarations - such as that an election is not an election (year 2000) or that a "membership" has exactly one member - weaken the corporation's ability to resist a "piercing the veil" based lawsuit.
(I will resist also delving into the notion that such concerns also weaken ICANN's ability to retain its grasp on its Federal 501(c)(3) tax exemption.)
In a broader sense, I think you and ARIN in general have done a rather better job of blending the public with non-profit and 501(c)(6) status. And I do like how ARIN, and apparently the other RIRs, have drawn rather clear lines around their realm of responsibility; ICANN seems to be more intent (whether tacitly or explicitly) on expansion into new areas.
President Curran,
Thank you for taking the time to respond in such detail and for giving me the chance to elaborate on this brief call to action. Please note it comes not from ignorance but from deep concern.
Fascinated by the success of the IANA transition, I’ve been volunteering with the ICANN community since ICANN 58 in Copenhagen, contributing many hours to policy work and capacity building. I strongly believe in the multistakeholder model and its promise while recognising there’s room for improvement. The time is now, and the upcoming meeting in Dublin may be the right place to act.
I fully acknowledge the significant progress made since the 2016 transition, especially through the Empowered Community, which, as you note, provides a binding, community-based check on ICANN’s Board and organisation. More significantly, I deeply value the volunteers who’ve made the Empowered Community a reality. Still, some valid criticism around the transparency of its processes, to say the least, should not be ignored. This note is a call to ensure ICANN protects this unique model of governance it’s been established upon, possibly by embracing WSIS+20 and keeping the ASP true to its core values amid growing geopolitical pressures.
Again, I deeply appreciate your thoughtful response. If you see a way we might work together to advance ICANN’s “constitutional” model, I’d be glad to continue the conversation.
Professor Kulesza –
Thank you for the kind follow-up — and for your many contributions since joining the community in Copenhagen!
By the way, as a fellow practitioner of the multistakeholder model, I’m happy to be addressed simply as “John.” (I’ll admit I still do a double-take every time I see “President Curran” and wonder who that might be…)
I continue to believe the Empowered Community remains a remarkable example of binding, community-based accountability implemented without slipping into intergovernmental control. Like most aspects of multistakeholder governance, it benefits from steady attention to transparency and clarity in how those powers are exercised, since legitimacy depends on the community’s confidence in its proper functioning.
On public-interest accountability, I’d suggest that ICANN already addresses this in a manner that preserves the strengths of the model. Because ICANN’s coordination of the DNS affects individuals everywhere, governments quite reasonably have an interest in ensuring that public-policy implications are understood. That is precisely the function of the Governmental Advisory Committee: to provide a structured channel for governments to offer advice on matters of public interest. The Board must give such advice due consideration, explain in writing if it diverges, and work in good faith toward mutually acceptable solutions. The GAC thereby enables governments to collaborate on common approaches — invaluable to both ICANN and the global Internet community, since the alternative could easily lead to fragmentation.
As such, ICANN’s design already strikes a well-reasoned balance between accountability to its community and due consideration of public-interest advice.
You mentioned the Applicant Support Program, and I’ll admit I don’t have direct insight into the pressures it faces. Still, I would hope that any concerns about equity and inclusion can be addressed within ICANN’s existing framework, since that provides the greatest potential for globally coordinated solutions.
I’ll also admit to a healthy trepidation about the potential consequences of rights-based public-law interventions in our globally coordinated systems. When you wrote that “recent controversies surrounding AFRINIC’s governance crisis … demonstrate the fragility of a system that relies on procedural norms rather than legal guarantees,” I would have actually cited the same example as evidence of the converse — that ad hoc legal determinations can themselves create fragility in systems that otherwise function smoothly through well-established, consensus-based norms.
John,
Thank you for your thoughtful note — I deeply appreciate your optimism and the way you look at the model. While people in our community often see things differently, I tend to share your view that it’s worth focusing on where the system has shown real strength. I completely agree that the Empowered Community and the volunteers behind it are the real guardians of the model. Their dedication keeps the system both accountable and alive.
As for AFRINIC, it might perhaps not be my favorite example — mostly because of the ongoing challenges it faces, even after showing real staying power. Looking back, we might have designed that part of the model differently to make stability and accountability easier. But it does remind us that improvement is an ongoing process. Personally, I often think back to those early days of Russia’s full-scale invasion of Ukraine when, among numerous challenges that still persist, both the structures and the community behind them proved resilient under enormous pressure. That moment reminded me how much our system can adapt and hold together when it truly matters.
I also share your appreciation for the GAC. It’s a great forum, and I feel lucky to be able to volunteer alongside so many talented colleagues there. Still, many carry broad portfolios that may make it difficult to engage directly with their counterparts in relevant departments within ministries of defense or foreign affairs. That, in turn, makes it hard to stay involved in related UN discussions, beyond WSIS+20 — like those within UNODA on a new permanent mechanism for responsible state behavior, or within the UNODC on the proposed Hanoi Convention, coming up for signatures in a few days. These are big global issues, directly impacting both the DNS and the multistakeholder model behind it, and it’s a lot to keep up with while managing ICANN’s own agenda.
Thanks again for continuing this exchange — I really value the conversation. It’s a good reminder that our shared commitment to the multistakeholder model is still strong and evolving.