The Secret Keys That Hold the Power to Restart the Global Internet

Have you ever wondered what would happen if the entire internet suddenly went down? Who would have the power to restart it and how? This article will uncover the mysterious keys that hold the power to restart the internet if it were ever compromised.

The Internet Corporation for Assigned Names and Numbers (ICANN) is the nonprofit organization responsible for coordinating and managing the identifiers and systems that allow computers to connect to each other. Part of their role includes overseeing the Domain Name System (DNS) that translates domain names like to IP addresses. To secure the DNS, ICANN uses a public and private encryption key pair known as the “trust anchor.” The private key that could reboot the global DNS is divided into fragments and protected by seven key holders stationed across the world. This article will provide an in-depth look at how DNS security works and the purpose of these special keys.

How Does DNS Work?

The DNS is like an address book for the internet. It translates easy-to-remember domain names to numeric IP addresses. For example, when you type into your browser, DNS converts it to so your computer can route your request.

Every device connected to the internet needs to be assigned a unique IP address. Without DNS converting domains, we’d have to remember strings of numbers for every website and server. DNS makes the internet useable.

The process starts when your device queries the DNS resolver, which asks a DNS root nameserver for the location of the .com top-level DNS server. The .com TLD server then finds the IP address for’s name server. Finally, Facebook’s DNS server replies with the right IP address, allowing you to connect.

How Does DNSSEC Authenticate DNS Information?

DNS wasn’t built with security in mind. Hackers could redirect DNS queries to spoofed servers to steal data. DNSSEC was created to cryptographically authenticate DNS information using digital signatures and public-private key pairs.

With DNSSEC, zone operators like Facebook have a private key they use to “sign” or encrypt their DNS data. This signature can be validated with their public key which is available globally in the DNS hierarchy. To trust Facebook’s public key, it must be signed by the .com TLD’s private key, and so on up to the DNS root.

ICANN’s Trust Anchor Key

At the top level, ICANN uses their private and public key pair known as the trust anchor to authenticate the entire DNS. The trust anchor’s private key digitally signs the public keys of the root DNS servers, which sign the keys of TLDs like .com, and so on down to domain owners like Facebook.

Relying on ICANN’s public key, DNS resolvers can verify the authenticity of DNS data all the way from the root. This prevents man-in-the-middle attacks. The trust anchor secures the DNS globally using one master key pair controlled by ICANN.

The Private Key is Divided into Parts

Given its importance, ICANN doesn’t simply store the trust anchor’s private key in one place. Instead, it’s divided into multiple fragments which increases security. Fragments are kept in tamper-resistant Hardware Security Modules (HSMs) across multiple secure facilities thousands of miles apart.

The HSMs are guarded and require multiple levels of physical access control. To reconstruct or use the private key, you’d need concurrent access to multiple facilities guarded by armed security personnel, biometric scanners, smart cards, PINs, and physical keys.

Who are the Seven Key Holders?

ICANN has designated seven key holders who possess physical keys that provide access to the HSMs housing parts of the root private key. However, no single key holder alone can access or reconstruct the full private key. A minimum of five of seven key holders must come together in an official ceremony to unlock the fragments.

The key holders aren’t publicly named for security reasons, but they are security experts entrusted by ICANN across the US, UK, China, Kenya, Trinidad and Tobago, and Czech Republic. The key holders play a critical role as the last line of defense to restart or resecure the DNS if needed.

Using the Keys to Reset the Internet

In an extreme situation like a catastrophic cyberattack, ICANN and key holders could coordinate an intentional shutdown and rollback of DNS to clear out corruption and re-secure the roots of the internet before restarting. However, the impact of even a brief internet outage could be widespread.

Before using the keys, ICANN has an obligation to resolve issues using layered DNS security measures. But regardless of how resilient networks become, the trust anchor key’s holders remain entrusted with the nuclear option to reboot DNS as an absolute last resort.


In summary, the Domain Name System is essential infrastructure that makes the internet useable. DNSSEC secures DNS data using digital signatures linked back to ICANN’s trust anchor key. To protect it, ICANN divides control between seven key holders who could reboot DNS worldwide in an emergency. While their role is largely ceremonial, these individuals hold tremendous responsibility at the heart of internet security.