A joke in networking circles is that the switch from IPv4 to IPv6 is always a few years away. Although IPv6 was introduced in the early 90s as a result of the feared imminent IPv4 address drought courtesy of the blossoming Internet. Many decades later, [Geoff Huston] in an article on the APNIC blog looks back on these years to try to understand why IPv4 is still a crucial foundation of the modern Internet while IPv6 has barely escaped the need to (futilely) try to tunnel via an IPv4-centric Internet. According to a straight extrapolation by [Geoff], it would take approximately two more decades for IPv6 to truly take over from its predecessor.

Although these days a significant part of the Internet is reachable via IPv6 and IPv6 support comes standard in any modern mainstream operating system, for some reason the ‘IPv4 address pool exhaustion’ apocalypse hasn’t happened (yet). Perhaps ironically, this might as [Geoff] postulates be a consequence of a lack of planning and pushing of IPv6 in the 1990s, with the rise of mobile devices and their use of non-packet-based 3G throwing a massive spanner in the works. These days we are using a contrived combination of TLS Server Name Indication (SNI), DNS and Network Address Translation (NAT) to provide layers upon layers of routing on top of IPv4 within a content-centric Internet (as with e.g. content distribution networks, or CDNs).

While the average person’s Internet connection is likely to have both an IPv4 and IPv6 address assigned to it, there’s a good chance that only the latter is a true Internet IP, while the former is just the address behind the ISP’s CG-NAT (carrier-grade NAT), breaking a significant part of (peer to peer) software and services that relied on being able to traverse an IPv4 Internet via perhaps a firewall forwarding rule. This has now in a way left both the IPv4 and IPv6 sides of the Internet broken in their own special way compared to how they were envisioned to function.

Much of this seems to be due to the changes since the 1990s in how the Internet got used, with IP-based addressing of less importance, while giants like Cloudflare, AWS, etc. have now largely become ‘the Internet’. If this is the path that we’ll stay on, then IPv6 truly may never take over from IPv4, as we will transition to something entirely else. Whether this will be something akin to the pre-WWW ‘internet’ of CompuServe and kin, or something else will be an exciting revelation over the coming years and decades.

The Domain Name System (DNS) is a major functional component of the modern Internet. We rely on it for just about everything! It’s responsible for translating human-friendly domain names into numerical IP addresses that get traffic where it needs to go. At the heart of the system are the top-level domains (TLDs)—these sit atop the whole domain name hierarchy.

You might think these TLDs are largely immutable—rock solid objects that seldom change. That’s mostly true, but the problem is that these TLDs are sometimes linked to real-world concepts that are changeable. Like the political status of various countries! Then, things get altogether more complex. The .io top level domain is the latest example of that.

A Brief History

Before we get into the current drama, we should explain some background around top level domains. Basically, as the Internet started to grow out of its early nascent form, there was a need to implement a proper structured naming system for online entities. In the mid-1980s, the Internet Assigned Numbers Authority (IANA) introduced a set of original top level domains to categorize domain names. These were divided into two main types—generic top-level domains, and country code top-level domains. The generic TLDs are the ones we all know and love—.com, .org, .net, .edu, .gov, and .mil. The country codes, though, were more complex.

Initially, the country codes were based around the ISO 3166-1 alpha-2 standard—two letter codes to represent all necessary countries. These were, by and large, straightforward—the United Kingdom got .uk, Germany got .de, the United States got .us, and Japan got .jp.

Eventually, management of TLDs was passed from IANA to a new organization called ICANN—Internet Corporation for Assigned Names and Numbers. Over time, ICANN has seen fit to add more TLDs to the official list. That’s why today, you can register a domain with a .biz, .info, or .name registration. Or .horse, .Dad, .Foo, or so many others besides. 

What’s With .io?

Over the past 20 years or so, the .io domain has become particularly popular with the tech set—the initialism recalls the idea of input/output. Thus, you have websites like Github.io or Hackaday.io using a country-code TLD for vanity purposes. It’s pretty popular in the tech world.

This was never supposed to be the case, however. The domain was originally designated for the British Indian Ocean Territory, all the way back in 1997. This is a small overseas territory of the United Kingdom, which occupies a collection of islands of the Chagos Archipelago. Total landmass of the territory is just 60 square kilometers. The largest island is Diego Garcia, which plays host to a military facility belonging to the UK and the United States. Prior to their removal by British authorities in 1968, the island played host to a population of locals known as Chagossians.

The territory has been the subject of some controversy, often concerning the Chagossians and their wish to return to the land. More recently, the Mauritian government has made demands for the British government to relinquish the islands. The East African nation considers that the islands should have been handed back when Mauritius gained independence in 1968.

Recent negotiations have brought the matter to a head. On October 3, the British and Mauritius governments came to an agreement that the UK would cede sovereignty over the islands, and that they would hence become part of Mauritius. The British Indian Ocean Territory would functionally cease to exist, though the UK would maintain a 99-year lease over Diego Garcia and continue to maintain the military facility there.

The key problem? With the British Indian Ocean Territory no longer in existence, it would thus no longer be eligible for a country-code TLD. According to IANA, ccTLDs are based on the ISO 3166-1 standard. When a country ceases to exist, it is removed from the standard, and thus, the ccTLD is supposed to be retired in turn. IANA states protocol is to notify the manager of the ccTLD and remove it after five years by default. Managers can ask for an extension, limited to another five years for a total of ten years maximum. Alternatively, a ccTLD manager may allow the domain to be retired early at their own discretion.

However, as per The Register, the situation is more complex. The outlet spoke to ICANN, which is the organization actually in charge of declaring valid TLDs. A spokesperson provided the following comment:

ICANN relies on the ISO 3166-1 standard to make determinations on what is an eligible country-code top-level domain. Currently, the standard lists the British Indian Ocean Territory as ‘IO’. Assuming the standard changes to reflect this recent development, there are multiple potential outcomes depending on the nature of the change.

One such change may involve ensuring there is an operational nexus with Mauritius to meet certain policy requirements. Should ‘IO’ no longer be retained as a coding for this territory, it would trigger a 5-year retirement process described at [the IANA website], during which time registrants may need to migrate to a successor code or an alternate location.

We cannot comment on what the ISO 3166 Maintenance Agency may or may not do in response to this development. It is worth noting that the ISO 3166-1 standard is not just used for domain names, but many other applications. The need to modify or retain the ‘IO’ encoding may be informed by needs associated with those other purposes, such as for Customs, passports, and banking applications.

Basically, ICANN passed the buck, putting the problem at the feet of the International Standards Organization which maintains ISO 3166-1. If the ISO standard maintains the IO designation for some reason, it appears that ICANN would probably follow suit. If ISO drops it for some reason, it could be retired as a ccTLD.

The Register notes that the .io record in ISO 3166-1 has not changed since a minor update in 2018. Any modification by ISO would be unlikely before the treaty between the UK and Mauritius is ratified in 2025. At that point, the five year clock could start ticking.

However, history is a great educator in this regard. There’s another grand example of a country that functionally ceased to exist. In 1991, the Soviet Union was no longer a going concern. And yet, the .su designation remains “exceptionally reserved” in the ISO 3166-1 standard at the request of the Foundation for Internet Development. However, the entry notes it was “removed from ISO 3166-1 in 1992” when the USSR broke up into its constituent states. Those states were all given their own country codes, except for Ukraine and Belarus, which had already entered ISO 3166 before this point.

But can you still get a .su domain? Well, sure! Netim.com will happily register one for you. A number of websites still use the TLD, like this one, and it has reportedly become a popular TLD for cybercriminal activity. The current registry is the Russian Institute for Public Networks, and .su domains persist despite efforts by ICANN to end its use in 2007.

Given .io is so incredibly popular, it’s unlikely to disappear just because of some geopolitical changes. Even if it were to be designated for retirement, it would probably stick around for another five to ten years based on existing regulations. More likely, though, special effort will be made to officially reserve .io for continued use. Heck, even if ISO drops it, it could become a regular general TLD instead. If .pizza can be a domain, surely .io can be as well.

Long story short? There are questions around the future of .io, but nothing’s been decided yet. Expect vested interests to make sure it sticks around for the foreseeable future.