What are TLDs? Top-Level Domains Explained

A Top-Level Domain (TLD) is the last segment of a domain name — the part after the final dot. In google.com, the TLD is .com. In bbc.co.uk, it is .uk. TLDs sit at the top of the DNS hierarchy, just below the root zone.

Types of TLDs

• Generic TLDs (gTLDs) — .com, .org, .net, .info, and newer ones like .io, .dev, .app. Originally restricted in purpose, most are now open to anyone.
• Country Code TLDs (ccTLDs) — two-letter codes for countries: .us, .uk, .de, .jp, .ad. Some, like .io and .tv, are marketed beyond their countries.
• Infrastructure TLD — .arpa is used for reverse DNS lookups and other infrastructure purposes.
• Sponsored TLDs — restricted to specific communities: .edu (education), .gov (US government), .mil (US military).

The Root Zone and Root Servers

At the very top of DNS sits the root zone, managed by IANA (part of ICANN). The root zone contains the authoritative list of all TLDs and which name servers handle them. Thirteen root server identities (A through M) serve this zone, operated by organizations like Verisign, NASA, the US Army, and RIPE NCC.

These root servers are reached via BGP anycast — the same IP address is announced from hundreds of locations worldwide, so queries go to the nearest instance. You can look up their routes:

• 198.41.0.4 — A root server (Verisign)
• 199.7.83.42 — L root server (ICANN)
• 202.12.27.33 — M root server (WIDE Project, Japan)

How TLD Resolution Works

When you look up github.com, your resolver first asks a root server "who handles .com?" The root server responds with the .com TLD servers (operated by Verisign). Your resolver then asks the .com TLD server "who handles github.com?" and gets back GitHub's authoritative name servers. Finally, those name servers return the actual IP address.

This hierarchical delegation is what makes DNS scalable — no single server needs to know every domain. Each level only needs to know the next level down.

TLDs and Routing

TLD name servers are critical infrastructure with dedicated autonomous systems and heavy peering. Verisign, which operates the .com and .net TLDs, runs AS26415 — you can see its routing table and peering relationships.