Handshake Decentralized the Root. Everything Below It Is Still Ungoverned.

Handshake made a precise and ambitious bet: the root zone is the right place to start decentralizing the internet's naming infrastructure. Not DNS as a whole, not registrars, not the full resolution stack. The root. Replace ICANN's control of the root zone file with a decentralized peer-to-peer network where every participant validates and manages the root zone. No foundation, no committee, no corporation in permanent control.

That bet is correct as far as it goes. ICANN's control of the root zone is a genuine structural vulnerability. Handshake addresses it directly. The protocol is designed specifically for that purpose and nothing else.

The problem is that the internet's naming infrastructure is not just the root. The root is one layer of a system that extends through TLDs, through registries, through authoritative nameservers, through subdomains, through the resolution and cache coordination that happens across millions of nodes. Decentralizing the root leaves all of those layers unchanged.

Handshake's own documentation is explicit about this. The protocol has "no concept of namespacing or subdomains at the consensus layer." Its purpose is to replace the root zone file and the root servers. That is both the protocol's strength and its structural boundary.

What Handshake actually governs

Handshake is a UTXO-based blockchain that manages three operations for top-level domains: registration, renewal, and transfer. A name on Handshake is a TLD. You bid for it using HNS coins in an on-chain auction, you win it, you register it, you renew it every two years or it expires.

The protocol governs those operations through global consensus. Every peer in the network validates the root zone. A name's ownership is secured by the blockchain. No single party can revoke it, transfer it without authorization, or manipulate the auction. That security model is sound.

What the protocol does not govern is anything below the TLD. The namespace under a Handshake TLD is not managed by the protocol. There is no consensus layer mechanism for a TLD owner to define mutation policy for subdomains, coordinate cache state across resolution nodes, or make governed structural decisions about how the namespace below their TLD evolves. Those decisions happen off-chain, outside the protocol, through whatever infrastructure the TLD owner chooses to run.

The two structural gaps

The first gap is at the subdomain layer. A TLD owner on Handshake can point their name at any nameserver infrastructure they choose. That infrastructure resolves subdomains. But the resolution and governance of those subdomains is not decentralized by Handshake. It is delegated to off-chain systems, which means it depends on whoever operates those systems, under whatever governance model they choose to implement. Handshake secured the root. The rest of the tree is as centralized or decentralized as the TLD owner makes it.

The second gap is mutation governance. Updating a Handshake name requires an on-chain transaction. That transaction costs HNS and requires global consensus before the update propagates. For TLD-level operations — registration, transfer, renewal — global consensus is the right model. For cache coordination, subdomain policy updates, or structural changes below the TLD level, global consensus is expensive overhead with no structural benefit. The protocol has one governance mechanism and it applies uniformly regardless of the scope or nature of the change.

What scoped governance below the root requires

Decentralizing the root is a necessary condition for a genuinely decentralized naming system. It is not a sufficient one.

The layers below the root — TLD registries, subdomain namespaces, resolution infrastructure, cache coordination — all require governance too. Not global governance. Scoped governance: the nodes responsible for a given segment of the namespace holding the policy for that segment, with mutations validated through local consensus among the nodes governing that scope.

This is architecturally distinct from what Handshake provides. Handshake provides global consensus for root-level operations. Scoped governance requires that each level of the namespace hierarchy be independently governable: a subdomain namespace can define its own mutation policy without requiring a global transaction, a cache entry can be invalidated by the nodes governing that scope rather than waiting for a global signal, a namespace region that grows can split into child scopes governed by the anchors responsible for them.

The practical difference is concrete. A TLD on Handshake whose subdomain namespace grows to millions of entries has no protocol-level mechanism for partitioning that namespace, distributing governance across the nodes that handle it, or coordinating cache state without off-chain infrastructure. The Handshake protocol solved the root. The namespace below the root is left to solve itself.

The architecture that extends what Handshake started

Handshake's contribution is real: a decentralized root zone where every peer validates, no single entity controls, and name ownership is secured by consensus rather than institutional trust. The adaptive index does not replace that. It extends below it.

An anchor-governed adaptive index sitting below a Handshake TLD provides what the Handshake protocol explicitly does not: a consensus layer for namespacing and subdomains. Each scope in the namespace is governed by the anchor nodes responsible for it. Resolution traverses the hierarchy stepwise through local anchor groups. Mutations are proposed and validated locally. Cache coordination happens within the scope. The structure can split and merge as the namespace evolves, without requiring global transactions.

The root is decentralized by Handshake. Everything below it is governed by the adaptive index. The two architectures are not in competition. They address different layers of the same problem.