Some of the links on the Website may be "affiliate links". This means if you click on the link and sign up or purchase an item, I may receive an affiliate commission at no cost to you. Please check Disclaimer for more info.
Important Terms You Need To Know Revolving Around Domain Names (Glossary)
A (IPv4 address) records map the domain name of a host to the IP address of that host (name-to-address mapping).
AAAA (IPv6 address) records map the domain name of a host to the IP address of that host (name-to-address mapping).
Authoritative name server
A Domain Name System (DNS) server that hosts the official database of resource records (the registry) for a DNS zone. The registry identifies the Internet Protocol (IP) addresses of the host servers (e.g., web servers, mail servers) and name servers in the authoritative name server’s zone. The resource records in its registry enable an authoritative name server to respond definitively to queries about the servers and subdomains within its zone.
To enable other computers to reach host servers within a domain, the domain must have one or more authoritative name servers. The name and IP addresses of those servers must also appear in the registry of the domain’s parent domain.
A code created by a registrar to help authenticate the registrant of a domain name in a generic top-level domain. The authorization code is a security measure to help prevent fraudulent or unauthorized transfers. This code is required for a registrant to transfer a domain name from one registrar to another.
Some registrars generate authorization codes for their registrants, and some allow registrants to generate their codes through a control panel on the registrar’s website. When registrants request an authorization code from the registrar, the registrar is obligated to provide the code within five days.
This is also known as EPP code.
Auto-Renew Grace Period
A 45-day period following the expiration of a domain name. If a registrant does not explicitly consent to renew the domain name, the registrar must delete the name from the registry by the end of the AGP. Often, registrars allow registrants to renew an expired name during this period.
Brand top-level domain(brand TLD)
In the New Generic Top-Level Domain Program (New gTLD Program), a designation for a TLD that is operated by and for an entity under its trademarked name as outlined in the entity’s Registry Agreement with ICANN. To qualify as a brand TLD, a registry operator must apply for the brand TLD designation and the brand’s trademark must be recorded in the Trademark Clearinghouse.
The transfer of some or all domain name registrations from one registrar to another. Bulk transfers are used when a registrar is purchased by another company. They are also used to transfer registrations to an accredited registrar when a registrar loses its accreditation. ICANN must approve bulk transfers.
A Certification Authority Authorization (CAA) record indicates if you, the domain owner, permit a certificate authority to issue certificates for your domain using a DNS resource record.
Cache poisoning attack
An attack that inserts fraudulent data into the cache of a Domain Name System (DNS) resolver. A cache is a local storage area where name resolvers store results of the DNS lookups that they process. To speed lookups, a resolver searches for answers in its cache before forwarding queries to authoritative name servers or upstream resolvers.
In a cache poisoning attack, a cyberattacker substitutes fraudulent DNS data for a popular domain name in a name server’s cache. Once the cache has been poisoned, subsequent queries for that domain name direct the attacker’s victims to a malware-hosting or phishing website.
A Domain Name System (DNS) server that queries authoritative name servers to obtain Internet Protocol (IP) addresses for DNS clients, and then saves the query results in local storage (cache). By storing query results in cache, a resolver can quickly retrieve IP addresses for domain names that it has already resolved.
CNAME (canonical name) records map an alias domain name to a canonical (true) domain name. You can map multiple alias names to the same canonical domain (allowing you to set up A or AAAA record IP addresses in a single location).
Country code top-level domain(ccTLD)
The class of top-level domains reserved for use by countries, territories, and geographical locations identified in the ISO 3166-1 Country Codes list.
ccTLDs can base their names on the two-letter country codes defined by the ISO 3166-1 standard (e.g., .jp for Japan, .fr for France, .ke for Kenya), or they can represent a country or territory name in a script other than US-ASCII characters.
Because ccTLDs are managed locally, the rules and policies for registering domain names vary across ccTLDs.
A form of misuse in which a party intentionally registers a domain name that coincides with a commercial trademark or the name of a well-known person. After acquiring the domain name, the cybersquatter usually offers to sell the name to the legitimate owner at an inflated price.
When cybersquatting occurs in a generic top-level domain that operates under ICANN, legitimate owners may be able to initiate a Uniform Domain Name Dispute Resolution Policy (UDRP)proceeding.
A part of the Internet ecosystem where publishers can host or exchange information without revealing their identities or locations. Although the Dark Web uses the Internet Protocol (IP), it uses encryption and the Onion Router (TOR) to protect users from surveillance and traceability.
The Dark Web does not use the Domain Name System to resolve domain names. Instead it uses TOR’s hidden service names, which are delegated from .onion, a special-use top-level domain.
An incident that results in the intentional or unintentional exposure or release of personal data or sensitive information to an unauthorized party. If a data breach were to expose the credentials for a registrant’s account with a registrar, cyberattackers could access the account and hijack the registrant’s domain name.
The assignment of administrative authority for a domain to a registry operator. A registry operator to which this authority is delegated assumes the responsibility for operating and maintaining the authoritative name servers for a given domain.
A domain at any level in the Domain Name System hierarchy can optionally delegate authority to any or all its subdomains (children). To put a delegation into effect, the operator of the parent domain must update its zone file to point to the authoritative name servers for the child domains to which authority has been delegated.
This term is commonly used for pointing subdomain to another Name servers using an NS record.
A process that can be used to resolve a conflict, dispute, or complaint. ICANN has policies to address various types of disputes involving the registration and use of domain names. Under these policies, claimants can file complaints with one of the approved Dispute Resolution Service Providers instead of taking the dispute to the court system for adjudication.
It’s the process of connecting or linking a domain name to a website. This is recommended for SEO rather than Web forwarding.
This is also known as domain and website integration.
A unique name that forms the basis of the uniform resource locators (URLs) that people use to find resources on the Internet (e.g., web pages, email servers, images, and videos). The domain name itself identifies a specific address on the Internet that belongs to an entity such as a company, organization, institution, or individual. For example, in the URL https://www.icann.org/public-comments, the domain name icann.org directs a browser to the ICANN organization’s domain. The rest of the URL directs the browser to a specific resource on the www server within ICANN’s domain (in this case, the Public Comments page on the ICANN org website).
A domain name consists of two or more textual segments separated by dots. For example, in the domain name icann.org, the first part of the name, icann, represents a second-level domain within the top-level domain org. Domain names can also have more than two segments, as in bbc.co.uk. In this example, bbc represents a subdomain within the second-level domain co, which resides in the top-level domain uk.
Domain name holder
An individual or entity who registers a domain name. Also known as Registrant.
Domain name registration
The process of selecting a domain name and registering it in a top-level domain. Domain name registration typically involves a:
- Registrant: the individual or entity who wants to register a domain name
- Registrar: an entity that processes domain name registrations
- Registry operator: the entity that maintains the master database (the registry) of domain names registered in a particular top-level domain (TLD)
To complete a domain name registration, the registrant registers the domain name with a registrar. The registrar verifies that the domain name is available in the requested TLD and submits the registration request to the registry operator for that TLD. The registry operator then adds the new domain to the TLD’s registry.
A registrant can optionally register a domain name through a reseller. Resellers are third-party companies that offer domain name registration services through a registrar.
Domain Name Registration Data(DNRD)
Data that is accessible to the public through a directory service known as WHOIS. DNRD refers to the information that registrants submit when they register a domain name. Registrars or registry operators collect this data and make some of it available for public display or for use by applications. The data elements that registrants must submit are specified in the Registrar Accreditation Agreement.
This is also known as WHOIS contact information.
Domain name registration hijacking
A form of Domain Name System (DNS) abuse in which a cyberattacker gains control over how a registered domain name is resolved. Sometimes attackers hijack a domain name by gaining control of an authoritative name server and altering the domain name’s DNS configuration in that server. In other cases, attackers hijack a domain name by gaining control of a registrant’s account with a registrar. Once the attackers have access to the account, they alter the domain name’s DNS configuration or transfer the domain name to another registrar.
Domain name renewal
The process of extending the registration of a domain name when the registration reaches its expiration date. When individuals register domain names, they obtain the right to use the name for a specified length of time. To continue using the name, a registrant must renew the registration. If a domain name is not renewed, the registrant may lose the right to use the name.
Domain name reseller
A person or entity that participates in a registrar’s distribution channel for domain name registrations. Resellers contract with registrars to provide some or all registrar services. Services that resellers provide can include collecting registration data from registrants, submitting registration data to registrars, and facilitating registration agreements between registrars and registrants.
Domain name status
Information that indicates certain properties of a domain name registration.
Codes called Extensible Provisioning Protocol domain status codes indicate the current state of the domain name in the registry. These codes are defined on the EPP Status Code page of the ICANN website. Registrants can check the status of their domain names using WHOIS Lookup on the ICANN website or through their registrar’s WHOIS search tool.
Domain Name System(DNS)
The Domain Name System (DNS) helps users to find their way around the Internet. Every computer on the Internet has a unique address – just like a telephone number – which is a complicated string of numbers called its IP address (IP stands for Internet Protocol). IP addresses can be hard to remember. The DNS makes using the Internet easier by allowing a familiar string of letters – the domain name – to be used instead of the arcane IP address. For instance, you only need to type https://icann.org to reach our website, instead of the IP address 188.8.131.52.
Domain Name System abuse(DNS abuse)
Any malicious activity aimed at disrupting the DNS infrastructure or causing the DNS to operate in an unintended manner. Abusive activities include corrupting DNS zone data, gaining administrative control of a name server, and flooding the DNS with thousands of messages to degrade name-resolution services.
Domain Name System covert channel attack(DNS covert channel attack)
A form of attack in which a cyberattacker uses the DNS channel to evade an organization’s network security systems. In an attack through the DNS channel, attackers use specially crafted DNS queries to download malware onto infected computers. They can also use this technique to extract sensitive information from infected computers inside one or more organizations.
Domain Name System misuse(DNS misuse)
Any activity that uses the DNS protocol or the domain name registration process to carry out malicious or illegal activity. Misuse activities include hijacking domain names, registering domain names to sell counterfeit merchandise, using the DNS to distribute spam, and exploiting the DNS protocol to launch denial-of-service attacks.
Domain Name System query(DNS query)
A request that a DNS client (usually a resolver) submits to a name server to obtain information from the Domain Name System.
A DNS query often contains a request for the Internet Protocol (IP) address of a specific host or domain name. For this type of query, the name server responds with either 1) the requested IP address, 2) the IP address of the next name server in the path of authority, or 3) an NXDOMAIN error code, which signals that the requested host or domain name does not exist.
Domain Name System reflection attack(DNS reflection attack)
A technique in which an attacker sends a request to a name server using a falsified (spoofed) source Internet Protocol (IP) address. The spoofed IP address not only conceals the location of the attacker, it also causes the name server to direct responses to the attacker’s intended target.
Attackers often use this technique in denial-of-service attacks to flood a targeted name server with query traffic.
Domain Name System resource exhaustion attack(DNS resource exhaustion attack)
An attack in which the attacker continuously queries a name server with the intent of depleting a resource that is essential to the server’s operation. In one type of exhaustion attack, the attacker continuously opens connections on a name server, but does not complete the connection process for any of them. The incomplete connections eventually consume available memory on the name server, preventing it from opening any legitimate connections.
Domain Name System response modification attack(DNS response modification attack)
An attack on the DNS in which the operator of a name server manipulates response messages to queries for nonexistent domain names. Instead of delivering the response message to the Internet user, the name server delivers a synthesized message that contains an Internet Protocol (IP) address selected by the operator.
Operators that manipulate DNS response messages in this way often redirect users to sites that provide a search engine or sites that display pay-per-click advertising.
Domain Name System Security(DNSSEC)
A technology that helps secure domain name lookups by incorporating a chain of digital signatures into the lookup process. Using DNSSEC, resolvers can determine whether the query responses they receive have been generated by authenticated DNS servers. By accepting only authenticated query results, resolvers can prevent attackers from hijacking the lookup process and directing Internet users to deceptive websites. Full deployment of DNSSEC ensures that users are connected to the Internet Protocol (IP) address that genuinely corresponds to the domain name specified in a uniform resource locator (URL).
Domain Name System traffic amplification attack(DNS traffic amplification attack)
A technique that attackers use to magnify the effect of a cyberattack on a name server or resolver. With this technique, attackers amplify DNS traffic by issuing queries that deliver huge response messages to the targeted name server or resolver.
Domain Name System vulnerability exploitation attack(DNS vulnerability exploitation attack)
An attack in which the attacker takes advantage of a vulnerability (e.g., a bug or a security hole) in the DNS server software. Some attackers use this form of attack to disable a name server. For example, they might craft an unorthodox DNS message to cause a targeted name server to fail. Other attackers exploit vulnerabilities that allow them to gain administrative control over a name server.
Domain Name System zone(DNS zone)
A segment of the DNS namespace to which administrative authority has been delegated. For example, when sections of the root zone are delegated as top-level domains (TLDs), each TLD becomes an independently administered DNS zone. Likewise, when a TLD divides its namespace into second-level domains, it generally delegates administrative authority to each of those domains, thus creating additional DNS zones.
A parent domain at any level in the DNS hierarchy can optionally delegate administrative authority to any or all its subdomains (children). A zone always starts at a domain boundary and includes a zone file identifies the host servers over which it has administrative authority. A zone ends at the boundary of another independently administered zone.
It’s the act of transferring a domain name from one account to another within the same Registrar.
Also known as Internal transfer.
In the New Generic Top-Level Domain Program (New gTLD Program), a fee due from each applicant to obtain consideration of an application for a gTLD. The evaluation fee consists of a partial deposit and payment of the full fee amount for each application submitted. A deposit allows the applicant access to the Top-Level Domain (TLD) Application System.
Extended Evaluation period
In the New Generic Top-Level Domain Program (New gTLD Program), a period in the evaluation process for a new gTLD. The Extended Evaluation period applies to applications that do not pass the Initial Evaluation but are eligible for further review. This period follows the Initial Evaluation period.
Extensible Provisioning Protocol(EPP)
A protocol used for electronic communication between a registrar and a registry for provisioning (creating, amending, and removing) domain name registrations.
In the transfer of a domain name from one registrar to another, the gaining registrar is the registrar that will become the registrar of record after the transfer is complete…
General Data Protection Regulation(GDPR)
The General Data Protection Regulation was adopted by the European Union (EU) on 14 April 2016 and takes effect on 25 May 2018 uniformly across the EU countries. According to the European Commission, the aim of the GDPR is to protect all EU residents from privacy and data breaches. It applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of a company’s location.
Generic top-level domain(gTLD)
The class of top-level domains that includes general-purpose domains such as .com, .net, .edu, and .org. This class also includes domains associated with the New Generic Top-Level Domain Program (New gTLD Program), which includes names such as .futbol, .istanbul, and .pizza, and names in other alphabets and languages.
ICANN coordinates the development of the rules and policies that govern the registration of domain names within gTLDs.
Some gTLDs, known as sponsored gTLDs, represent a specific community of Internet users. In these cases, the community’s sponsor develops the rules and policies specific to the gTLD. Examples include .aero, .coop, and .museum.
A resource record in a zone file that provides the Internet Protocol (IP) address of an authoritative name server for a subdomain. When a parent domain delegates administrative authority to a subdomain, the parent’s zone file must include:
- An NS record that identifies the name of an authoritative name server for that subdomain.
- A glue record (an A record, an AAAA record, or both), that supplies the IP address of that server.
A registrar that has entered into a Registrar Accreditation Agreement with ICANN. ICANN-accredited registrars can act as registrars for one or more generic top-level domains (gTLDs). A listing of ICANN-accredited registrars appears in the Accredited Registrar Directory on the ICANN website.
ICANN does not manage accreditation for county code top-level domains (ccTLDs). Instead, ccTLD managers determine how registration services are provided within the ccTLDs they manage.
Initial Evaluation period
In the New Generic Top-Level Domain Program (New gTLD Program), the first stage in ICANN’s review of an application for a gTLD. During this stage, ICANN reviews the applied-for string, assesses the applicant’s technical and financial capabilities, and evaluates the applicant’s proposed registry services.
An intangible creation of human intellect that is protected by law from unauthorized use. Examples of intellectual property include inventions, processes, works of art, trademarks, and trade names. Within the ICANN community, intellectual property owners are represented by the Intellectual Property Constituency within the Commercial Stakeholder Group.
International Organization for Standardization(ISO)
An international nongovernmental organization that develops and publishes international standards that are voluntary and consensus-based. The Domain Name System uses the two-letter names defined in ISO 3166-1 as identifiers for country code top-level domains.
Internationalized Domain Name(IDN)
A domain name in which one or more of its labels contain characters other than ASCII letters, digits, or hyphens. Because IDNs support the use of Unicode characters, they can include characters from local languages and scripts. For example, [실례.테스트], is a domain name composed entirely of Hangul characters.
IDNs are implemented using the Internationalized Domain Names in Applications (IDNA) protocol.
Internet Assigned Numbers Authority(IANA)
The suite of Internet coordination functions relating to ensuring the assignment of globally unique protocol parameters, including management of the root of the Domain Name System and the Internet Protocol (IP) address space.
The IANA functions are delivered by Public Technical Identifiers (PTI), an affiliate of ICANN.
Internet Corporation for Assigned Names and Numbers(ICANN)
ICANN’s mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.
The set of rules that govern how devices communicate over the Internet. The Internet Protocol specifies the format of the packets that devices use to transmit messages through the network. It also specifies the addressing scheme that routers use to transmit messages to their destinations.
Two versions of the Internet Protocol are currently in popular use: Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6).
Internet Protocol address(IP address)
A numeric value that uniquely identifies a device attached to the Internet. The Internet Protocol (IP) uses IP addresses to route message packets to their intended destinations.
The Internet Protocol has two addressing schemes.
- Internet Protocol version 4 (IPv4) addresses have a length of 32 bits, which allows for just over four billion unique identifiers. IPv4 addresses are written as a sequence of four decimal values ranging from 0 through 255, separated by dots. A typical IPv4 address looks like this: 184.108.40.206.
- Internet Protocol version 6 (IPv6) addresses have a length of 128 bits, which allows for 340 undecillion unique identifiers. IPv6 addresses are written using sequences of hexadecimal values, separated by colons. A typical IPv6 address looks like this: 2620:0:2d0:200::7.
An Internet device can have both types of addresses simultaneously. Having both address types enables the device to send and receive messages using IPv4 or IPv6.
Internet Protocol version 4(IPv4)
The first version of the Internet Protocol (IP) to gain popular use. The Defense Advanced Research Projects Agency developed IPv4 in the early 1980s. With an address length of 32 bits, IPv4 has a capacity of just over four billion unique IP addresses. After years of rapid Internet expansion, its pool of available addresses has been fully allocated to Internet services providers and users.
IPv4 addresses are written as a sequence of four decimal values between 0 and 255, separated by dots. A typical IPv4 address looks like this: 192.0.2.67.
Internet Protocol version 6(IPv6)
The latest version of the Internet Protocol (IP). The Internet Engineering Task Force developed IPv6, and the protocol became an IP standard in 1996. With an address length of 128 bits, IPv6 has a capacity for 340 undecillion unique IP addresses.
IPv6 addresses are written using sequences of hexadecimal values, separated by colons. A typical IPv6 address looks like this: fd84:69e1:1ce7::25.
Internet service provider(ISP)
A company that primarily provides Internet access for organizations and individuals. Besides Internet access, ISPs often provide services such as web hosting, email, and voice over Internet Protocol (VoIP).
Limited Registration Period(LRP)
In the New Generic Top-Level Domain Program (New gTLD Program), any registration period in which a registry operator (RO) imposes registration restrictions beyond the restrictions imposed by the gTLD’s general registration policy.
ROs can offer an LRP between the end of the Sunrise Period and the start of general registration. If an RO offers an LRP, all registrations during the LRP must be subject to the Claims Service in the same manner as registrations registered or allocated during the Trademark Claims Period.
In the transfer of a domain name from one registrar to another, the losing registrar is the current registrar of record.
Any software that, when installed, performs unwanted or malicious activity, often for the benefit of a third party. Adware, spyware, and viruses are some well-known forms of malware.
A scheme in which cyberattackers conceal malicious software files (malware) on a website to infect computers that visit the site. Often, the attackers place these files on legitimate websites without the site owner’s knowledge. When victims click a link that leads to the malicious software files, their computers are infected. In some cases, attackers distribute links to the malicious files through spam, adware, or mobile in-app advertising. In other cases, they rely on the site’s popularity to attract victims.
MX (mail exchange) records map a domain name to a mail server receiving email for that domain. MX records identify which mail servers others use to send email to a domain.
The process of transforming a domain name or hostname to its corresponding Internet Protocol (IP) address. When a user requests a domain or host server by name (e.g., www.icann.org), the Domain Name System resolves the requested name to its assigned IP address (e.g., 220.127.116.11).
A type of resource record in a zone file that identifies the name servers that are authoritative for a zone. A zone file contains one NS record for each of the zone’s own authoritative names servers. It also includes an NS record for each subdomain that has been delegated to other authoritative name servers. If a subdomain’s authoritative name server resides within the subdomain’s namespace, the zone file must include a glue record that provides the name server’s Internet Protocol (IP) address.
A form of fraud in which an attacker masquerades as a trusted entity to infect a computer with malware or obtain sensitive information (e.g., login credentials or credit card numbers). Often attackers deceive victims by sending emails (or other types of electronic messages) that appear to be from a trusted person or a reputable entity. Phishing messages often include a link that leads victims to a fraudulent website where they are duped into revealing their login credentials or other private information.
Private Domain Registration
Private Domain Registration keeps the Registrant’s personal contact information hidden from public while still allows interested parties to reach the Registrant.
Any DNS change in a domain may take up to 48 hours to fully take effect in the entire internet, this delay is called DNS propagation. The cache in the authoritative name servers will be refreshed automatically on x amount of time, but it cannot be flushed or purged on a Registrant, Registrar not even on a Registry level.
PTR (pointer) records map the IP address of a host to the canonical (true) domain name for a host (address-to-name mapping). Known as reverse DNS lookup, the IP address is written in reverse and appended with the Address and Routing Parameter Area (arpa) top-level domain.
PTR records are used as a security device and anti-spam measure; mail and other types of servers can do reverse DNS lookups to verify the identities of hosts.
The standard for transforming a Unicode string into an ASCII string as specified in Request for Comments (RFC) 3492.
A form of malware in which the attacker disables or disrupts a victim’s computer and demands payment to undo the damage. Often attackers threaten to disable the computer permanently or destroy the user’s data unless they receive payment within 24 hours. Attackers frequently demand payment in cryptocurrencies such as bitcoin to make their identities and the transactions difficult to trace.
Redemption Grace Period(RGP)
A 30-day period following the deletion of a domain name, during which a deleted domain name is placed on hold and removed from the zone. During the RGP, a registrant can redeem an expired registration through the sponsoring registrar.
An individual or entity who registers a domain name. Upon registration of a domain name, a registrant enters into a contract with a registrar. The contract describes the terms under which the registrar agrees to register and maintain the requested name.
After registration, registrants manage their domain name settings through their registrar. To modify a setting, a registrant submits the changes to the registrar, and the registrar sends the change to the registry.
An organization through which individuals and entities (registrants) register domain names. During the registration process, a registrar verifies that the requested domain name meets registry requirements, and submits the name to the appropriate registry operator. Registrars are also responsible for collecting required information from registrants and making the information available through WHOIS. After registration, registrants can make updates to their domain name settings through their registrars.
A registrar that has entered into a Registrar Accreditation Agreement with ICANN is referred to as an ICANN-accredited registrar. A listing of ICANN-accredited registrars appears on the ICANN website.
An authoritative master database of the domain names registered in a top-level domain (TLD). Each TLD is associated with a registry that contains a record for each domain name that exists in its domain. The Domain Name System consults the TLD registry to obtain the authoritative name servers for the domain names registered in that TLD.
A domain name that is not available for registration in a generic top-level domain (gTLD). Reserved names include:
- Names of country code top-level domains
- Names related to ICANN
- Names related to the Internet Assigned Numbers Authority (IANA) functions (such as example)
- Names of countries and territories
- Names of international and intergovernmental organizations
- Names that a registry operator uses in operating the gTLD
The Registry Agreement defines the reserved names for a gTLD. The reserved names vary according to the gTLD.
A Domain Name System (DNS) server that resolves host names on behalf of Internet users and applications (clients). Distributed throughout the Internet, a resolver performs iterative queries, starting at the root zone, to obtain the Internet Protocol (IP) address of a host computer requested by a client. Resolvers typically cache their query results so they can quickly retrieve the IP addresses for host names they have already resolved.
An entry in a zone file that enables the Domain Name System to resolve the names of host servers within a domain. Types of RRs commonly found in a zone file are:
- NS records, which identify authoritative name servers for the domain itself and for any subdomains to which administrative authority has been delegated.
- MX records, which identify servers that handle email messages on behalf of the domain.
- A and AAAA records, which provide the IPv4 and IPv6 addresses (respectively) for a specified hostname.
The topmost, all-encompassing authority in any hierarchical naming or numbering system. Within ICANN, this term is often used to refer to the root zone in the Domain Name System.
More generally, root can refer to the central authority for a hierarchical system. In this sense, it is sometimes used to refer to the Internet Assigned Numbers Authority (IANA) functions, which maintain the root for many of the Internet’s naming and numbering systems.
The IANA functions are delivered by Public Technical Identifiers (PTI), an affiliate of ICANN.
An authoritative name server that responds to queries about the contents of the root zone.
A domain name that has been registered in a top-level domain. For example, in the icann.org domain name, icann is the second-level name and icann.org is the full name.
SOA (start of authority) records are used by the Google DNS Servers to store information about your domain to help manage traffic between the name servers. They typically include the name server, name server administrator account, name server serial number, zone file refresh rate and update retry wait period, and zone file expiry.
A technique in which attackers attempt to exploit people’s natural inclinations to trust others and be helpful. For example, in a phishing scheme, attackers exploit their victims’ sense of trust using emails that appear to be from trusted person (e.g., a friend, family member, or coworker) or entity (e.g., a bank, reputable e-commerce site, or credit card company).
Social engineers also exploit other human inclinations such as curiosity, vanity, fear, or greed. Although social engineering often plays a role in cybercrime, the technique is frequently used in other types of crime.
SPF (sender policy framework) is an open standard technical method. SPF specifies the mail servers that can send email from a domain.
When a mail server sends out an email, the receiving server looks at the SPF of the domain. If the email was sent by a mail server listed in the SPF, then the receiving server will accept the email.
To some extent, SPF prevents email spam caused by forged sender addresses: emails from a domain will not be accepted unless the sending server is included in the domain’s SPF list.
SPF uses TXT (text) records to map a domain name to one or more mail servers. The TXT record will include the SPF tag v=spf1 and other SPF qualifiers, mechanisms, and modifiers (see www.openspf.org).
SRV (service) records map a specific service or server to a domain name. The SRV record makes it possible to locate a service without having to know which host the service is running on.
Standardized Form of Authorization(FOA)
The forms that the two registrars involved in a domain name transfer use to obtain the authorizations necessary to perform the transfer. The FOAs help prevent the unauthorized transfer of a domain name.
To initiate a transfer, the gaining registrar uses the Initial Authorization for Registrar Transfer FOA to obtain authorization from one of the domain name’s transfer contacts. The gaining registrar is responsible for authenticating the identity of the individual who authorizes the transfer request.
To complete the transfer, the losing registrar sends the Confirmation of Registrar Transfer Request FOA to one of the transfer contacts to confirm that the registrant authorized the transfer.
A domain that resides within a higher-level domain in the Domain Name System hierarchy. For example, the domains community.icann.org and gnso.icann.org are subdomains of the second-level domain icann.org. The domain icann.org is a subdomain of the top-level domain .org.
Subdomains can be delegated to specific entities. Registrars, for example, delegate second-level domains to registrants. The registrants can then delegate subdomains within their second-level domains.
In the New Generic Top-Level Domain Program (New gTLD Program), a period of at least 30 days during the launch of a new gTLD. During this period, trademark holders have an opportunity to register domain names corresponding to their marks before domain name registration is generally available to the public.
Time to live(TTL)
A numeric value in a resource record that indicates the length of time (in seconds) a resolver can keep the resource record in its cache. If a resolver queries its cache and receives a record whose TTL has elapsed, the resolver requests a new copy of the record from an authoritative name server.
A domain at the top of the naming hierarchy of the Domain Name System. In a domain name, the TLD appears after the second-level domain. For example, in the domain name icann.org, the characters org identify the TLD.
The administrators of a TLD control which second-level domains are recognized within the TLD. TLDs fall into two classes: generic top-level domains (e.g., .com, .net, .edu) and country code top-level domains (e.g., .jp, .de, .in).
A mechanism of the New Generic Top-Level Domain (gTLD) Program designed to help protect the rights of trademark holders. The Trademark Clearinghouse verifies and records rights information from all over the world. This verified information is used during domain name registration processes, especially when new gTLDs launch.
TXT (text) records contain arbitrary information, in the form of human-readable text or machine-readable data, that can be added to a resource record.
Uniform Domain Name Dispute Resolution Policy(UDRP)
A policy for resolving disputes arising from alleged abusive registrations of domain names (for example, cybersquatting). The UDRP allows trademark holders to initiate expedited administrative proceedings by filing a complaint with an approved Dispute Resolution Service Provider. The UDRP is one of the Rights Protection Mechanisms that help safeguard intellectual property rights in the Domain Name System.
Uniform Rapid Suspension(URS)
An expedited administrative procedure that rights holders can initiate for certain types of domain name disputes. The URS procedure is a tool for quickly addressing clear-cut cases of trademark infringement. The URS is one of the Rights Protection Mechanisms that helps safeguard intellectual property rights in the Domain Name System.
Uniform resource locator(URL)
A globally unique sequence of characters that describes the location of a specific file or resource (e.g., streaming video, software application, online service) on the Internet. The URL also identifies the protocol to use to open the specified file or resource. In the URL, https://whois.icann.org/en, https identifies the protocol to use to open the resource located at whois.icann.org/en.
A resolver that uses Domain Name System Security Extensions (DNSSEC) technology to verify the cryptographic signatures for data it receives from Domain Name System servers.
This is the process of redirecting a domain name to a specific destination URL or another domain name. This doesn’t integrate your domain with your website, it only redirects your website traffic to the actual destination.
Also known as Domain Forwarding.
The public directory where the information submitted by the registrant are stored. Registrars or registry operators collect this data and make some of it available for public display or for use by applications.
World Intellectual Property Organization(WIPO)
An agency of the United Nations that provides a global forum for intellectual property services, policies, and information. WIPO enables its 191 member states to collectively shape rules associated with the international registration systems for intellectual property. WIPO also provides services for resolving international commercial disputes outside the courts.
The WIPO Arbitration and Mediation Center is one of the providers approved by ICANN for resolving domain name disputes.
A file on an authoritative name server that defines the contents of a zone in the Domain Name System. Resource records (RRs) in a zone file identify the Internet Protocol (IP) addresses of the hosts (e.g., web servers, mail servers) and name servers within the name server’s zone. A zone file can also contain other types of RRs (such as ones containing digital signatures) as determined by the zone owner. The RRs in a zone file enable an authoritative name server to respond definitively to DNS queries about the contents of a zone.Back to top