I understand that domain name registrars, for each domain they manage, register the authoritative name servers for that domain with its top-level root name server.
My question is: how do they do this? Is there a special protocol they use? How do top-level root name servers authenticate queries from registrars to change authoritative name servers for a given domain? Is that even public knowledge?
For example, say you own example.com. You want to change the authoritative name servers for it. You give your registrar the addresses of the new name servers. So far, so good. They, in turn, echo that change with the top-level root name server (the one responsible for .com). What protocol is used for the query from your registrar? How does that root name server authenticate it? How does it know it's legit?
Migrated from SuperUser (https://superuser.com/questions/910123/how-do-registrars-register-authoritative-name-servers-with-root-name-servers)
Best Answer
Many registries use the Extensible Provisioning Protocol (EPP) to facilitate their registrar interactions.
It's worth noting that this is a whole separate protocol from DNS itself, specifically dealing with name registration and provisioning. It only indirectly populates the relevant zone in DNS.
Unless you are either a registry or a registrar it really doesn't matter much what sort of protocols / APIs these parties use but if you do want to read up on it, here are some of the relevant specs for EPP:
As more of a sidenote, the root servers deal with the root zone (aka `.`), a TLD zone is not the same as the "root". If you register for instance `example.com` through your registrar nothing changes in the root zone, your delegation is only entered into the `com` zone.