It was pointed out to me the other day that the ICANN/NTIA/Verisign root zone file contains a previously undiscussed top level domain.

The contents of this TLD suggest that it was created by Verisign, the company that actually constructs the root zone file used by the dominant set of root servers. (The same zone file is also used by at least one of the competing root systems.)

That TLD is .root. It’s existence is as real as any other TLD such as .com or .org.

Unlike most TLDs, .root TLD is not delegated to a second tier or servers. Instead it is handled directly by the root servers themselves.

.root contains exactly one name: vrsn-end-of-zone-marker-dummy-record.root.

That name is associated with exactly one resource record: a TXT record containing the single word “plenus”, a Latin word meaning “full” or “complete”.

You can check this for yourself. Try running the following Unix/Linux/BSD command:

dig vrsn-end-of-zone-marker-dummy-record.root. any @a.root-servers.net

You’ll get an error-free, authoritative response that looks something like:

; <<>> DiG 9.2.2-P3 <<
>> vrsn-end-of-zone-marker-dummy-record.root. any
@b.root-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16573
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;vrsn-end-of-zone-marker-dummy-record.root. IN ANY

;; ANSWER SECTION:
vrsn-end-of-zone-marker-dummy-record.root. 172800 IN TXT "plenus"

... [the remaining part of response is elided] ...

You can confirm this by inspecting a copy of the root zone itself.

Where did this TLD come from? What purpose, if any, does it serve? Who authorized it?

—-
This article originally published in the CaveBear Weblog.