Root name server

Last updated

A Cisco 7301 router and a Juniper M7i, part of the K root-server instance at AMS-IX Ams-ix.k.root-servers.net.jpg
A Cisco 7301 router and a Juniper M7i, part of the K root-server instance at AMS-IX

A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in resolving human-readable host names into IP addresses that are used in communication between Internet hosts.

Contents

A combination of limits in the DNS and certain protocols, namely the practical size of unfragmented User Datagram Protocol (UDP) packets, resulted in a decision to limit the number of root servers to thirteen server addresses. [1] [2] The use of anycast addressing permits the actual number of root server instances to be much larger, and is 1,733 as of March 4,2024. [3]

Root domain

The DNS is a hierarchical naming system for computers, services, or any resource participating in the Internet. The top of that hierarchy is the root domain. The root domain does not have a formal name and its label in the DNS hierarchy is an empty string. All fully qualified domain names (FQDNs) on the Internet can be regarded as ending with this empty string for the root domain, and therefore ending in a full stop character (the label delimiter), e.g., "www.example.com.". This is generally implied rather than explicit, as modern DNS software does not actually require that the terminating dot be included when attempting to translate a domain name to an IP address.

The root domain contains all top-level domains of the Internet. As of July 2015, it contained 1058 TLDs, including 730 generic top-level domains (gTLDs) and 301 country code top-level domains (ccTLDs) in the root domain. [4] In addition, the ARPA domain is used for technical name spaces in the management of Internet addressing and other resources. A TEST domain is used for testing internationalized domain names.

Resolver operation

When a computer on the Internet needs to resolve a domain name, it uses resolver software to perform the lookup. A resolver breaks the name up into its labels from right to left. The first component (TLD) is queried using a root server to obtain the responsible authoritative server. Queries for each label return more specific name servers until a name server returns the answer of the original query.

In practice, most of this information does not change very often over a period of hours and therefore it is cached by intermediate name servers or by a name cache built into the user's application. DNS lookups to the root name servers may therefore be relatively infrequent. A survey in 2003 reported that only 2% of all queries to the root servers were legitimate. Incorrect or non-existent caching was responsible for 75% of the queries, 12.5% were for unknown TLDs, 7% were for lookups using IP addresses as if they were domain names, etc. [5] Some misconfigured desktop computers even tried to update the root server records for the TLDs. A similar list of observed problems and recommended fixes has been published in RFC 4697.

Although any local implementation of DNS can implement its own private root name servers, the term "root name server" is generally used to describe the thirteen well-known root name servers that implement the root name space domain for the Internet's official global implementation of the Domain Name System. Resolvers use a small 3 KB root.hints file published by Internic [6] to bootstrap this initial list of root server addresses; in other words, root.hints is necessary to break the circular dependency of needing to know the addresses of a root name server to lookup the same address.

Root server addresses

There are 13 logical root name servers specified, with logical names in the form letter.root-servers.net, where letter ranges from a to m. The choice of thirteen name servers was made because of limitations in the original DNS specification, which specifies a maximum packet size of 512 bytes when using the User Datagram Protocol (UDP). [7] Technically however, fourteen name servers fit into an IPv4 packet. The addition of IPv6 addresses for the root name servers requires more than 512 bytes, which is facilitated by the EDNS0 extension to the DNS standard. [8]

This does not mean that there are only 13 physical servers; each operator uses redundant computer equipment to provide reliable service even if failure of hardware or software occurs. Additionally, all operate in multiple geographical locations using a routing technique called anycast addressing, providing increased performance and even more fault tolerance. An informational homepage exists for every logical server (except G-Root) under the Root Server Technical Operations Association domain with web address in the form http://letter.root-servers.org/, where letter ranges from a to m.

Ten servers were originally in the United States; all are now operated using anycast addressing. Three servers were originally located in Stockholm (I-Root), Amsterdam (K-Root), and Tokyo (M-Root) respectively. Older servers had their own name before the policy of using similar names was established. With anycast, most of the physical root servers are now outside the United States, allowing for high performance worldwide.

Letter IPv4 address IPv6 address AS-number [9] Old nameOperatorOperator originLocation & no. of
sites (global/local) [10] 		Software
A 198.41.0.42001:503:ba3e::2:30AS19836, [9] [note 1] AS36619, AS36620, AS36622, AS36625, AS36631, AS64820 [note 2] [11] ns.internic.net Verisign Flag of the United States (23px).png  United States Distributed using anycast
14/2		 NSD and Verisign ATLAS
B 170.247.170.2 [12] [note 3] 2801:1b8:10::b [12] AS394353 [17] ns1.isi.edu USC-ISI Flag of the United States (23px).png  United States Distributed using anycast
6/0		 BIND and Knot DNS [18]
C 192.33.4.122001:500:2::cAS2149 [9] [19] c.psi.net Cogent Communications Flag of the United States (23px).png  United States Distributed using anycast
10/0		 BIND
D 199.7.91.13 [note 4] [20] 2001:500:2d::dAS10886 [note 5] [9] [21] terp.umd.edu University of Maryland Flag of the United States (23px).png  United States Distributed using anycast
22/127		 NSD [22]
E 192.203.230.102001:500:a8::eAS21556 [9] [23] ns.nasa.gov NASA Ames Research Center Flag of the United States (23px).png  United States Distributed using anycast
117/137		 BIND and NSD
F 192.5.5.2412001:500:2f::fAS3557 [9] [24] ns.isc.org Internet Systems Consortium Flag of the United States (23px).png  United States Distributed using anycast
119/119		 BIND [25]
G [note 6] 192.112.36.4 [note 7] 2001:500:12::d0d [note 7] AS5927 [9] [26] ns.nic.ddn.mil Defense Information Systems Agency Flag of the United States (23px).png  United States Distributed using anycast
6/0		 BIND
H 198.97.190.53 [note 8] [27] 2001:500:1::53 [note 9] [27] AS1508 [27] [note 10] [28] aos.arl.army.mil U.S. Army Research Lab Flag of the United States (23px).png  United States Distributed using anycast
8/0		 NSD
I 192.36.148.172001:7fe::53AS29216 [9] [29] nic.nordu.net Netnod Flag of Sweden.svg  Sweden Distributed using anycast
63/2		 BIND
J 192.58.128.30 [note 11] 2001:503:c27::2:30AS26415, [9] [30] AS36626, AS36628, AS36632 [30] Verisign Flag of the United States (23px).png  United States Distributed using anycast
63/55		 NSD and Verisign ATLAS
K 193.0.14.1292001:7fd::1AS25152 [9] [31] [32] RIPE NCC Flag of the Netherlands.svg  Netherlands Distributed using anycast
70/3		 BIND, NSD and Knot DNS [33]
L 199.7.83.42 [note 12] [34] 2001:500:9f::42 [note 13] [35] AS20144 [9] [36] [37] ICANN Flag of the United States (23px).png  United States Distributed using anycast
165/0		 NSD and Knot DNS [38]
M 202.12.27.332001:dc3::35AS7500 [9] [39] [40] WIDE Project Flag of Japan.svg  Japan Distributed using anycast
4/1		 BIND
A map of the thirteen logical name servers, including anycasted instances, at the end of 2006 Root-current.svg
A map of the thirteen logical name servers, including anycasted instances, at the end of 2006

There are also several alternative namespace systems with an alternative DNS root using their own set of root name servers that exist in parallel to the mainstream name servers. The first, AlterNIC, generated a substantial amount of press.[ citation needed ]

The function of a root name server may also be implemented locally, or on a provider network. Such servers are synchronized with the official root zone file as published by ICANN, and do not constitute an alternate root.

As the root name servers are an important part of the Internet, they have come under attack several times, although none of the attacks have ever been serious enough to severely affect the performance of the Internet.

Root server supervision

The DNS Root Server System Advisory Committee is an ICANN committee. ICANN's bylaws [41] say the committee provides advice to ICANN but the committee claims no authority over the servers or server operators.

Root zone file

The root zone file is a small (about 2 MB) data set [6] whose publication is the primary purpose of root name servers. This is not to be confused with the root.hints file used to bootstrap a resolver.

The root zone file is at the apex of a hierarchical distributed database called the Domain Name System (DNS). This database is used by almost all Internet applications to translate worldwide unique names such as www.wikipedia.org into other identifiers such as IP addresses.

The contents of the root zone file is a list of names and numeric IP addresses of the root domain authoritative DNS servers for all top-level domains (TLDs) such as com, org, edu, and the country code top-level domains (it also includes that info for root domain, the dot). On 12 December 2004, 773 different authoritative servers for the TLDs were listed. Later the number of TLDs increased greatly. As of July 2020, the root zone consisted of 1511 useful TLDs (excluded are: 55 domains that are not assigned, 8 that are retired, and 11 test domains). Other name servers forward queries for which they do not have any information about authoritative servers to a root name server. The root name server, using its root zone file, answers with a referral to the authoritative servers for the appropriate TLD or with an indication that no such TLD exists. [42]

See also

Notes

  1. AS19836 is not listed by the RIPEstat tool, though one can see it in https://stat.ripe.net/AS19836#tabId=at-a-glance
  2. AS64820 is listed as "private use" in RIPE's RISwhois tool
  3. Originally it was 128.9.0.107; on 29 January 2004, it was changed to 192.228.79.201. [13] On 24 October 2017, it was changed to 199.9.14.201. [12] [14] On 27 November 2023 it was changed to 170.247.170.2, which is the current address. [15] [16]
  4. Since 3 January 2013; originally was 128.8.10.90.
  5. Since November 2017; originally was AS27.
  6. Formerly http://www.nic.mil/ (Internet Archive link); unlike all other DNS root servers, G-Root does not implement a homepage under root-servers.org, i.e. http://g.root-servers.org/ [ permanent dead link ].
  7. 1 2 Unlike all other DNS root servers, G-Root does not respond to pings.
  8. Since 1 December 2015; originally was 128.63.2.53.
  9. Since 1 December 2015; originally was 2001:500:1::803f:235.
  10. Since 1 December 2015; originally was AS13.
  11. Since November 2002; originally was 198.41.0.10.
  12. Since 1 November 2007; originally was 198.32.64.12.
  13. Since 23 March 2016; originally was 2001:500:3::42.

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">ICANN</span> American nonprofit organization that coordinates several Internet address databases

The Internet Corporation for Assigned Names and Numbers is a global multistakeholder group and nonprofit organization headquartered in the United States responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the Internet's stable and secure operation. ICANN performs the actual technical maintenance work of the Central Internet Address pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract. The contract regarding the IANA stewardship functions between ICANN and the National Telecommunications and Information Administration (NTIA) of the United States Department of Commerce ended on October 1, 2016, formally transitioning the functions to the global multistakeholder community.

A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last non-empty label of a fully qualified domain name. For example, in the domain name www.example.com, the top-level domain is .com. Responsibility for management of most top-level domains is delegated to specific organizations by the ICANN, an Internet multi-stakeholder community, which operates the Internet Assigned Numbers Authority (IANA), and is in charge of maintaining the DNS root zone.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

<span class="mw-page-title-main">Domain name</span> Identification string in the Internet

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

<span class="mw-page-title-main">Internet Assigned Numbers Authority</span> Standards organization overseeing IP addresses

The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Internet Protocol–related symbols and Internet numbers.

A domain name registry is a database of all domain names and the associated registrant information in the top level domains of the Domain Name System (DNS) of the Internet that enables third party entities to request administrative control of a domain name. Most registries operate on the top-level and second-level of the DNS.

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

The Internet uses the Domain Name System (DNS) to associate numeric computer IP addresses with human-readable names. The top level of the domain name hierarchy, the DNS root, contains the top-level domains that appear as the suffixes of all Internet domain names. The most widely used DNS root is administered by the Internet Corporation for Assigned Names and Numbers (ICANN). In addition, several organizations operate alternative DNS roots, often referred to as alt roots. These alternative domain name systems operate their own root name servers and commonly administer their own specific name spaces consisting of custom top-level domains.

<span class="mw-page-title-main">Anycast</span> Network addressing and routing methodology

Anycast is a network addressing and routing methodology in which a single IP address is shared by devices in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops. Anycast routing is widely used by content delivery networks such as web and name servers, to bring their content closer to end users.

The domain name arpa is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. It is used predominantly for the management of technical network infrastructure. Prominent among such functions are the subdomains in-addr.arpa and ip6.arpa, which provide namespaces for reverse DNS lookup of IPv4 and IPv6 addresses, respectively.

example.com Domain name reserved for documentation purposes and as an example of the use of domain names

The domain names example.com, example.net, example.org, and example.edu are second-level domain names in the Domain Name System of the Internet. They are reserved by the Internet Assigned Numbers Authority (IANA) at the direction of the Internet Engineering Task Force (IETF) as special-use domain names for documentation purposes. The domain names are used widely in books, tutorials, sample network configurations, and generally as examples for the use of domain names. The Internet Corporation for Assigned Names and Numbers (ICANN) operates web sites for these domains with content that reflects their purpose.

<span class="mw-page-title-main">DNS zone</span> Part of the Internets Domain Name System (DNS) organization system

A DNS zone is a specific portion of the DNS namespace in the Domain Name System (DNS), which a specific organization or administrator manages. A DNS zone is an administrative space allowing more granular control of the DNS components, such as authoritative nameserver. The DNS is broken up into different zones, distinctly managed areas in the DNS namespace. DNS zones are not necessarily physically separated from one another; however, a DNS zone can contain multiple subdomains, and multiple zones can exist on the same server.

Distributed denial-of-service attacks on root nameservers are Internet events in which distributed denial-of-service attacks target one or more of the thirteen Domain Name System root nameserver clusters. The root nameservers are critical infrastructure components of the Internet, mapping domain names to IP addresses and other resource record (RR) data.

<span class="mw-page-title-main">Open Root Server Network</span>

Open Root Server Network (ORSN) was a network of Domain Name System root nameservers for the Internet. ORSN DNS root zone information was kept in synchronization with the "official" Domain Name System root nameservers coordinated by ICANN. The networks were 100% compatible, though ORSN was operated independently. The ORSN servers were primarily placed in Europe. ORSN is also used by public name servers, providing Domain Name System access freely for everyone, without any limitation until the project closed in May 2019. ORSN was primarily started to reduce the over-dependence of Internet users on the United States and Department of Commerce/IANA/ICANN/VeriSign, limit the control over the Internet that this gives, while ensuring that domain names remain unambiguous. It also helps avoid the technical possibility of global "Internet shutdown" by one party. They also expect their network to make domain name resolutions faster for everyone.

RIPE NCC is the regional Internet registry (RIR) for Europe, the Middle East and parts of Central Asia. Its headquarters are in Amsterdam, Netherlands, with a branch office in Dubai, UAE.

WHOIS is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912.

Blackhole DNS servers are Domain Name System (DNS) servers that return a "nonexistent address" answer to reverse DNS lookups for addresses reserved for private use.

<span class="mw-page-title-main">IPv6 address</span> Label to identify a network interface of a computer or other network node

An Internet Protocol version 6 address is a numeric label that is used to identify and locate a network interface of a computer or a network node participating in a computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks.

References

  1. Mark Andrews, ISC (11 November 2011). "Reason for Limited number of Root DNS Servers". bind-users (Mailing list). Retrieved 8 January 2016.
  2. "DNS root server FAQ". Netnod . Retrieved 18 January 2016.
  3. "root-servers.org" . Retrieved 4 March 2024.
  4. "Root Zone Database". IANA.
  5. Duane Wessels; Marina Fomenkov (2003). "Wow, That's a Lot of Packets" (PDF). Retrieved 7 November 2013.
  6. 1 2 "IANA – Root Files". www.iana.org. Retrieved 10 July 2019.
  7. RFC 1035 Domain names – implementation and specification
  8. ICANN: Accommodating IP Version 6 Address Resource Records for the Root of the Domain Name System
  9. 1 2 3 4 5 6 7 8 9 10 11 12 AS-numbers and IP-addresses from Root-servers.org homepage checked 9 January 2014
  10. Location and sites from Root-servers.org homepage checked 10 October 2014
  11. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 23 January 2014.
  12. 1 2 3 "List of Root Servers".
  13. "New IPv4 address for b.root-servers.net". b.root-servers.org. 2 February 2004. Retrieved 23 October 2023.
  14. "B-Root's IPv4 address to be renumbered 2017-10-24". b.root-servers.org. 9 August 2017. Retrieved 23 October 2023.
  15. "New addresses for b.root-servers.net". b.root-servers.org. 16 May 2023. Retrieved 23 October 2023.
  16. "LACNIC asigna recursos de numeración al servidor raíz de USC/ISI" [LACNIC assigns numbering resources to the USC/ISI root server]. www.lacnic.net (in Spanish). 30 May 2023. Retrieved 23 October 2023.
  17. "Root Server Technical Operations Assn". root-servers.org. 7 August 2017. Retrieved 7 August 2017.
  18. "B-Root Software Diversity With Bind and Knot". USC-ISI. 18 February 2021. Retrieved 21 February 2021.
  19. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. 13 October 2013. Retrieved 23 January 2014.
  20. "D-Root is Changing its IPv4 Address on 3 January 2013". Archived from the original on 10 March 2013. Retrieved 16 December 2012.
  21. RISwhois, excluding less-specific AS3303 route announcement
  22. D-root History page
  23. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 30 October 2017.
  24. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 23 January 2014.
  25. "F-root | Internet Systems Consortium". Archived from the original on 25 March 2013. Retrieved 9 September 2009.
  26. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. 18 September 2013. Retrieved 23 January 2014.
  27. 1 2 3 "Advance notice – H-root address change on December 1, 2015". DNSOP. 31 August 2015. Retrieved 19 February 2018.
  28. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. 2 January 2014. Retrieved 23 January 2014.
  29. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 23 January 2014.
  30. 1 2 "RIS – RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 23 January 2014.
  31. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. 20 June 2013. Retrieved 23 January 2014.
  32. "Peering Networks Detailed View". Peeringdb.com. 21 October 2013. Retrieved 23 January 2014.
  33. K-root Homepage
  34. "Advisory — "L Root" changing IP address on 1 November". ICANN.
  35. "L-Root IPv6 Renumbering". ICANN. Archived from the original on 22 April 2016.
  36. , excluding less-specific AS3303 route announcement
  37. "Peering Networks Detailed View". Peeringdb.com. 15 April 2013. Retrieved 23 January 2014.
  38. l.root-servers.net
  39. "RIS – RIPE Network Coordination Centre". Ris.ripe.net. 21 October 2013. Retrieved 23 January 2014.
  40. "Peering Networks Detailed View". Peeringdb.com. 23 December 2013. Retrieved 23 January 2014.
  41. "BYLAWS FOR INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS | A California Nonprofit Public-Benefit Corporation – ICANN". www.icann.org. Retrieved 10 July 2019.
  42. ISOC, DNS Root Name Servers explained for the non-expert, (Available online, accessed 19 March 2010.)

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.