digging-dns-logo
https://commons.wikimedia.org/

Image by https://commons.wikimedia.org/

ICANN, IANA, Registries & Registrars

Last updated: May 15, 2025

Introduction

As much as the Internet appears to be anarchy in its purest form, I do like to joke that there's actually a group who oversee parts of it.

This section takes a look at the entities that help plan, govern, and generally make the Internet as we know it possible.

Internet Corporation of Assigned Names and Numbers (ICANN)

The Internet Corporation for Assigned Names and Numbers (ICANN)) is basically in charge of the Internet... when it comes to the global systems of domain names and IP addresses that make the Internet run. You can think of them a bit like a global coordinator or a specialized regulator that helps create and enforce the rules, policies, and contracts for these unique identifiers. How do these rules come about? Through ICANN's multistakeholder model, which is a fancy way of saying registrars, registries, technical experts, non-profits, governments, and businesses from all over the world get together to draft changes, make recommendations, and give feedback.

Additionally, ICANN also oversees the IANA functions (which we'll get to next) and works to coordinate the security and stability of these global systems, including coordinating the DNS root zone with the independent operators of the root nameservers, and more.

Internet Assigned Numbers Authority (IANA)

The Internet Assigned Numbers Authority (IANA) functions are actually performed by Public Technical Identifiers (PTI), which is a non-profit affiliate of ICANN. While ICANN focuses on the overarching policy development and consensus-building, the IANA functions handle the day-to-day technical coordination tasks essential for the Internet to, you know, actually function smoothly.

You can think of IANA as the Internet's ultimate record-keeper and resource coordinator for certain critical identifiers. Their main tasks include:

  • Domain Name System (DNS) Root Zone Management: This is a big one. IANA performs the technical coordination for the DNS root zone, which is literally the top of the entire DNS hierarchy. They maintain the authoritative data for this root zone, including the delegation details for each Top-Level Domain (TLD) (like .com, .org, etc.). When ICANN policy leads to the approval of a new TLD, IANA is responsible for the technical steps to add it to the root zone.
  • IP Address Allocation: IANA allocates large blocks of IP addresses (both IPv4 and IPv6) to the five Regional Internet Registries (RIRs). These RIRs then distribute those addresses further to Internet Service Providers (ISPs), businesses, and other organizations in their specific geographic regions. (So, when you get an IP address from your ISP, it's part of this hierarchical system)
  • AS Number Allocation: Autonomous System (AS) numbers are unique IDs used by large networks (like ISPs or big tech companies) to identify themselves and exchange routing information with other networks on the Internet using the Border Gateway Protocol (BGP). IANA allocates blocks of these AS numbers to the RIRs, who then assign them to organizations operating these networks.
  • Protocol Parameter Assignment: Ever wonder how your computer knows what port 80 means for web traffic (HTTP) or port 443 for secure web traffic (HTTPS)? IANA's coordination makes this possible. They maintain registries of unique identifiers for many Internet protocols, from port numbers for network services to various other protocol numbers. This ensures that different systems can communicate without misunderstanding each other.

Basically, the IANA functions ensure that the fundamental identifiers and addresses that make the global Internet work are unique, coordinated, and available. Without this careful management, the Internet could quickly devolve into a confusing mess of conflicting addresses and protocols, making reliable communication impossible.

Don't worry if you feel a little overwhelmed by some of this. IANA's functionality is very technical in nature and most everything else going forward won't go these details.

Registries

A registry (or Registry Operator) is the entity that manages and operates a Top-Level Domain (TLD). Registries can be governments, businesses, non-profits, or other non-governmental organizations. They generally come in two flavors: those that run generic TLDs (gTLDs) like .com or .blog, and those that run country-code TLDs (ccTLDs) like .us (United States) or .ca (Canada). For gTLDs, each registry signs a pretty hefty agreement with ICANN after a whole lot of applications, due diligence, and various fees just to be able to manage their TLD. While a gTLD registry has significant operational freedom with their TLD, they're all bound by the terms and requirements set by ICANN. For ccTLDs, it's usually up to the respective country or governing body to decide how they'll run their registry, often with more autonomy.

It's super important to remember that you, as an end-user, don't typically buy domain names directly from registries. A registry might keep a few domain names for its own operational use (or sometimes for special allocation programs), but otherwise, you have to get your domain name from a registrar.

Of Note: Backend Providers

Many registry operators, especially for newer TLDs, use a backend provider to handle the technical infrastructure required to run their TLD. This means the backend provider supplies the DNS servers, the systems for registrars to connect and register domains (often called a Shared Registration System or SRS), and other 1s and 0s work. Backend providers may also offer additional services like financial management, marketing support, and policy compliance assistance.

While it's possible to outsource a vast majority of the technical operations to a backend provider, the entity that holds the TLD contract with ICANN (the Registry Operator) still bears the ultimate responsibility for ensuring the TLD is run according to all contractual and policy obligations. So, while you can get a lot of help, staying informed and accountable is key. CentralNic, Identity Digital, and Tucows Registry are some examples of companies that offer backend registry services.

Registrars

Registrars are the entities who sell domain names to us, the consumers (or businesses, or anyone who wants one). They're the ICANN-accredited companies that interface with the various registry systems to check if a domain name is available and then handle all the digital paperwork to get that domain registered for you. The person or entity actually registering the domain name is known as the registrant.

If there's ever a problem with a domain name registration—say, an issue related to domain hijacking, inaccurate registration data, or certain types of abuse like phishing originating from a domain—the registrar is generally your first point of contact. They have contractual obligations to both the registry and ICANN to manage registrations responsibly and address such issues according to established policies.

Think of it as a Car

To make all of this stick, let's use a car analogy (minus the Teslas, because their sales model is a bit different). Imagine a domain name is like a specific car model, say a "Ford Explorer."

  • You, the registrant, want to get an Explorer. You go to a dealership to buy or lease it.
  • The registrar is your dealership. They have agreements with various manufacturers to sell their cars.
  • The registry is the manufacturer (like Ford). They make the "Explorer" model (the TLD, like .com or .org). They don't sell directly to you but provide cars to all their dealerships.
  • ICANN is a bit like the international body that sets safety and manufacturing standards that manufacturers agree to follow, and ensures there's a system so that each car has a unique Vehicle Identification Number (VIN). They also ensure dealerships are properly accredited to sell these cars.

If you have an issue with your car, your first stop is usually the dealership (registrar). If they can't solve it and it's a manufacturing defect, you might escalate to the manufacturer (registry). And if the problem is really bad or widespread, the standards body (ICANN) might get involved to ensure the manufacturer or dealership addresses systemic issues.

That's pretty much how you, as an individual or entity, interact with the domain name system and the different players involved.

Of Note: Nobody "Owns" a Domain Name Registration in Perpetuity

When you register a domain name like example.com at a registrar, you're essentially acquiring the right to use that specific name for a set period, usually 1 to 10 years at a time. It's more like a lease or a license than outright ownership. It's not something you get to keep forever automatically, but you can theoretically renew it indefinitely as long as the TLD it's in continues to exist and you abide by the terms of service.

If you miss a renewal payment (even after grace periods) or simply decide not to renew, that domain name eventually becomes available for someone else to register. Similarly, if a registrar or gTLD registry seriously fails to keep up with their contractual obligations to ICANN, ICANN has processes that could, in extreme cases, lead to the registrar losing accreditation or an entire TLD being reassigned to another operator after a very lengthy process. Sometimes, registries even choose to retire a TLD, and after a managed wind-down, it might just get removed from the domain name system entirely.

Footnote

multistakeholder model: This is a collaborative governance approach, a bit like a specialized United Nations (UN) but focused strictly on Internet coordination matters. In ICANN's context, governments, non-profits, technical community groups, academics, individuals, businesses, and investors all get to weigh in and help direct ICANN's policy development and strategic direction through various working groups, public comments, consensus-building efforts, and recommendations to the board or executives at the respective organizations.