ICANN and IANA

Someone has to manage the root

The Domain Name System is decentralized by design — anyone can run a DNS server, anyone can register a domain. But someone has to manage the root zone, allocate IP address blocks, and decide which top-level domains exist. That someone is ICANN.

ICANN: the Internet Corporation for Assigned Names and Numbers

ICANN was incorporated on September 30, 1998 in California, with entrepreneur Esther Dyson as founding chairwoman. It was created to take over management of domain names, IP addresses, and protocol parameters from the US government — functions that had previously been handled informally by individuals like Jon Postel.

ICANN coordinates:

• Root zone management — overseeing the root DNS zone file that delegates all top-level domains
• TLD delegation — approving and managing top-level domains (.com, .org, country codes, the 1,200+ new gTLDs)
• IP address allocation — coordinating through five Regional Internet Registries (RIRs)
• Protocol parameter assignment — managing technical identifiers used by internet protocols

IANA: the Internet Assigned Numbers Authority

IANA (Internet Assigned Numbers Authority) is the function within ICANN that performs the core technical work. Jon Postel founded IANA and ran it voluntarily for decades. Today, IANA is a department of ICANN responsible for:

• Maintaining the root zone — the master list of all TLDs and their name servers
• Allocating IP address space to the five RIRs (ARIN, RIPE NCC, APNIC, AFRINIC, LACNIC)
• Managing protocol parameter registries (port numbers, DNS record types, etc.)

The multistakeholder model

ICANN operates under a multistakeholder governance model — governments, civil society, the private sector, and the technical community all participate in decision-making. This is deliberate. The alternative — a multilateral model where only nation-states make decisions through bodies like the UN or the International Telecommunication Union (ITU) — has been repeatedly proposed by some governments and repeatedly rejected by the internet community.

The multistakeholder model means that a domain registrar, a human rights organization, a government, and a network engineer all have seats at the table when ICANN makes policy. The process is slow, sometimes frustrating, but designed to prevent any single government from controlling the internet’s naming system.

The IANA transition (2016)

For the first 18 years of ICANN’s existence, the US government maintained a contract to oversee IANA functions — giving the United States unique authority over the DNS root. This arrangement was a source of longstanding irritation for other governments.

The 2013 Snowden revelations about NSA mass surveillance intensified global concerns about US dominance over internet infrastructure. In March 2014, the US announced its intention to transition IANA stewardship to the global multistakeholder community.

On October 1, 2016, the contract between ICANN and the US government officially expired. Stewardship passed to the global internet community through new accountability mechanisms built into ICANN’s bylaws.

The transition was completed without the radical restructuring some governments had sought — no transfer to the ITU, no new UN body. The multistakeholder model survived intact.

Ongoing governance tensions

ICANN versus the ITU

The ITU, a UN specialized agency where only governments have voting rights, has repeatedly sought a greater role in internet governance. Countries including Russia, China, Saudi Arabia, and Iran have pushed for internet governance to move to the ITU or a similar multilateral body — where they would have more influence.

The WSIS+20 review

In December 2025, the UN General Assembly reviewed the World Summit on the Information Society (WSIS) outcomes, reexamining foundational principles of internet governance. ICANN warned that any erosion of the multistakeholder model risks “introducing geopolitical influence and motivation into technical decision-making.”

OFAC sanctions and ICANN

ICANN, incorporated in California, is subject to US Office of Foreign Assets Control (OFAC) sanctions. This prevents ICANN from contracting with domain registries or registrars in sanctioned countries (Iran, Syria, North Korea, Cuba), limiting their participation in the domain name economy.

Critics argue this demonstrates that despite the IANA transition, the US retains significant de facto control over DNS through jurisdictional authority over ICANN and the registries that operate major TLDs.

Internet fragmentation

The combination of national DNS sovereignty projects (Russia’s NSDI, China’s Great Firewall), court orders forcing DNS resolvers to block content in specific jurisdictions, and governance disputes creates growing risks of internet fragmentation — sometimes called the “splinternet.” If countries build parallel DNS infrastructure that diverges from the global root, the internet’s universal namespace — the property that example.com means the same thing everywhere — could fracture.

The root zone trust chain

The ultimate expression of ICANN’s role is the root zone DNSSEC key — the cryptographic key that anchors the entire DNSSEC chain of trust. The first root zone KSK (Key Signing Key) was generated in 2010 and rolled over in 2018.

Root key ceremonies occur quarterly. During each ceremony, Trusted Community Representatives from around the world gather in secure facilities (one in Culver City, California; one in El Segundo, California) to generate and sign the root zone’s cryptographic keys. The ceremonies are public, audited, and livestreamed — a deliberate choice to make the most sensitive part of DNS governance as transparent as possible.

The root key is, in a real sense, the master key to the internet’s naming system. The governance structures around it — multistakeholder, globally distributed, publicly audited — reflect a 25-year effort to ensure that no single entity controls DNS.