34

I understand that domain name registrars, for each domain they manage, register the authoritative name servers for that domain with its top-level root name server.

My question is: how do they do this? Is there a special protocol they use? How do top-level root name servers authenticate queries from registrars to change authoritative name servers for a given domain? Is that even public knowledge?

For example, say you own example.com. You want to change the authoritative name servers for it. You give your registrar the addresses of the new name servers. So far, so good. They, in turn, echo that change with the top-level root name server (the one responsible for .com). What protocol is used for the query from your registrar? How does that root name server authenticate it? How does it know it's legit?

Migrated from SuperUser (https://superuser.com/questions/910123/how-do-registrars-register-authoritative-name-servers-with-root-name-servers)

Community
  • 1
user4867444
  • 445
  • 4
  • 5
  • 3
    @MichaelHampton What's wrong with wanting to know how something works? I never said I wanted to do that myself. I'm curious. Is all. – user4867444 May 05 '15 at 23:01

2 Answers2

32

Many registries use the Extensible Provisioning Protocol (EPP) to facilitate their registrar interactions.
It's worth noting that this is a whole separate protocol from DNS itself, specifically dealing with name registration and provisioning. It only indirectly populates the relevant zone in DNS.

Unless you are either a registry or a registrar it really doesn't matter much what sort of protocols / APIs these parties use but if you do want to read up on it, here are some of the relevant specs for EPP:


As more of a sidenote, the root servers deal with the root zone (aka `.`), a TLD zone is not the same as the "root". If you register for instance `example.com` through your registrar nothing changes in the root zone, your delegation is only entered into the `com` zone.
Community
  • 1
Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90
  • 5
    Thanks for making the distinction between the root zone and the gTLD zones in your answer. A lot of people incorrectly conflate the two. – joeqwerty May 06 '15 at 01:13
0

Actually this became an issue in our environment when the registrar failed to update the IP for our name-servers and hence some providers were still querying the old IP and causing intermittent errors on our network. Very tricky to track down but also good to know how it works and that moving your DNS to another provider isn't the complete scenario. Updating the registrar with the new IP is critical.

Paraic
  • 41
  • 4
  • "hence some providers were still querying the old IP" This would happen only if you use glues. That is one of their shortcomings, you need to remember to update their IP and hence their specific registration at the registry, which needs to go through the registrar. Otherwise, just using nameservers (names) nothing happens at registry or registrar regarding IP addresses. – Patrick Mevzek Dec 23 '20 at 19:43