DNS Root Servers Most Critical Infrastructu

Search Articles ...
Search
HOME PAGE ABOUT US CONTACT US ARCHIVE ARCHIVES SECURITY NOTES TECHNICAL NEWS
NETWORKING
Home Archives DNS Root Servers: The most critical infrastructure on the internet DNS Root Servers: The most critical infrastructure
on the internet
DNS Root Servers: The most critical

infrastructure on the internet
Submitted by Sarath Pillai on Tue, 10/15/2013 - 04:07
open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
All System administrators have their own
favorite topics, which they enjoy working with.
Its always a nice thing to have a favorite topic
of yours because that helps to understand
that particular thing in a little more detail,
simply because you
are interested. Learning more about a topic
that we like is always easier, because its
much easier to stick with that topic
and persevere for a long time because we
love doing that.
In this article/blog post, i will be discussing an evergreen interesting topic of mine with you guys. Slashroot
always welcomes your comments and suggestions because that will help us and others reading the article. In
this post we will be discussing "DNS ROOT SERVERS", during the entire discussion we will uncover some
of the famous myths that exists in technology circles even today. If you find any mistake or wrong information
in this post, please let us know, so that we can correct it from time to time.
DNS root servers are the most critical component for a successful working of internet. This is majorly due to
following reasons.
DNS root server's are the first step in resolving any domain name.
If something happens to them at large, the whole of internet will be affected
Folks in technical industry do forget the last . (DOT) in an FQDN because DNS server software's did not
make it mandatory to include the last . in an FQDN (for example www.google.com. ).
Its always a good thing to find out how large and critical infrastructures work together, because understanding
them will always increase your interest to learn things and its internal working. Here in this article i will be
sharing my findings on DNS root server's, some of the widely accepted myths about them, and who manages
this critical thing for us normal people. Some of the major things that we will be discussing in this article is
mentioned below.
1. Why are there only 13 DNS root servers (or is it a completely wrong information)
2. Where are these servers located, are all of them located in United States
3. Which organizations are responsible for handling and managing them
4. Who allocates the TLD names (names such as COM, ORG, NET etc)
5. When will we get more TLD names like something new .SOFTWARE, .DOCTOR, .Anything.
6. Does my country have a DNS root server, that's functional?
DNS was made, just because we humans are not capable enough to remember numbers, or i must say we
can remember names better than numbers. But computer's and network addresses are always numbers. So
there must be some technology in between that will sit and translate names to number's. But as i just said,
computers are named only in number's, and even if there is a computer that will sit and translate you or give
you the number associated with a name, you first need to know the number of that particular computer that will
help you translate names to numbers.
And there is no solution other than at least remembering the number of that particular computer who will do
the job of translation for you. That initial number that every DNS software needs to know are referred to as
DNS root servers. In fact these root servers never does the complete job of translation, but its only a starting
point of the entire translation procedure.
www. example.com.
Although we humans will read it like www dot example dot com. The computer(your local DNS server) that will
initiate the job of translation will start reading it from right to left rather than left to right. It will be something like
dot com example www(yeah i understand that's gibrish but that's how it works). If you are a system
administrator, then the below articles about DNS might prove helpful to you.
Read: How DNS resolution works
Read: Difference between Iterative and recursive DNS queries
Read: Dns Zone file and its contents
Read: Zone transfer and its security
So the translating computer will begin its job from right to left, with dot com example www. The first dot,
indicates root servers. DNS server computer/software must know the number(numerical IP address) of them,
because they are the starting point, as i told before in the job of the entire translation procedure. There are 13
IP addresses/number of these DOT server's that every DNS software's already know by default. Read
carefully..i said 13 IP addresses and not 13 servers. (Don't even think that there are 13 DNS root servers. Its
a big technical joke..:) ). Now you might be thinking that why that number is 13 and not not more.
The main reason is because when you plan a big architecture like DNS root server's, you need to go into
several depths to analyse performance issues. So as i said there are 13 IP addresses. If you are a
networking guy or a system administrator, you might already know that UDP is better than TCP where
performance is the requirement. And due to performance issues, a UDP packet used for DNS is limited
to 512 bytes, if your payload goes above 512 bytes, then TCP will be used.
TCP involves very high overhead, because it includes multiple steps and procedures to establish a TCP
connection, that can slow the entire process.
Read: Why is TCP slow compared to UDP
1. TCP (Transmission Control Protocol)

2. UDP (User Data gram Protocol)
The first one is better suited for reliability and the second one is suited for performance. Things like DNS
should never be slow, hence it by default works on UDP. And a single UDP packet should contain all this 13
IP addresses along with other UDP protocol information (416 bytes of 13 ip addresses and remaining
protocol information of UDP). Yeah sure you can easily have 30 or 40 DNS root server IP addresses, but you
will not be able to send all of them in one UDP packet (you will have to send them in multiple packets, that will
reduce the performance). Hence for performance and low network overhead the root servers are limited to 13
IP addresses.
As i told before there are many more servers but are accessed by 13 ip addresses, globally. Multiple server
instances will be handling a single IP DNS root server, and is also geographically distributed. Geographical
distribution of DNS servers is very important because this will localize the servers, so for example, if am in
india its faster for me to reach a DNS root server near me rather than reaching a root server located in US.
But yeah in the beginning all of them were located in US. But recent improvements have made them available
in different countries and continents. According to Wikipedia, there are more than 370 root servers
distributed in different continets. Below shown is a map of DNS root server locations. I have took the below
map from google maps created by paf.
Root Servers in the World
Map data 2017 Terms 1,000 mi
View Root Servers in the World in a larger map
Zoom inside the above shown DNS root server map, that shows geographical locations of the servers. Click
on each location it will tell you the name of that particular server. Oh yeah the 13 root servers are named from
A to M. They are named like a.root-servers.net to m.root-servers.net.
I was amazed to know the fact that even India had 3 DNS root servers. One in Bangalore, Chennai, and New
Delhi.
There are multiple servers for one server for example a.root-servers.net is handled by many servers at
different places. You might be thinking how is this being handled with 13 ip addresses.
Now there is a technology called as Anycasting that plays a major role in achieving this distributed
architecture of DNS root servers. In simple terms anycasting is a technology that makes multiple servers, in
fact many servers in different locations to share a single IP address. Which means, many servers will be
available at that one address. Whenever a request is send to an anycast IP address, then networking routers
will route that request to the nearest server possible. This means if i want to reach f.root-servers.net from
India the nearest possible location is Chennai (which is shown in the map), rather than reaching some other
location in the world. This is the reason why DNS root servers rely heavily on IP anycasting technology.
Some advantages of anycasting are mentioned below.
High speed and low latency

Anycasting is Resilient. Because even if the f.root-serves.net in Chennai goes down, the network will
take me to the next nearest location in the map.
Strong protection against biggest DDOS attacks.
I recommend reading the below article to grab some more info about anycasting.
Read: What is Anycast And How does it work?
You might be thinking who handles and manages these 13 DNS root servers. There are 13 organizations that
manages these different servers distributed in different locations geographically. They are mentioned below.
Root Server Name Managed By

a.root-servers.net VeriSign, Inc.
j.root-servers.net VeriSign, Inc.

b.root-servers.net University of Southern California
c.root-servers.net Cogent Communications

d.root-servers.net University of Maryland
e.root-servers.net NASA
f.root-servers.net Internet Systems Consortium, Inc.
g.root-servers.net US Department of Defence
h.root-servers.net US Army
i.root-servers.net Netnod
k.root-servers.net RIPE NCC

l.root-servers.net ICANN
m.root-servers.net WIDE
There are 12 organizations that handles and manages DNS root servers. It should have been 13
organizations, but Verisign handles 2 DNS root servers ( when i say two servers, never think that they are two
physical server instances...two is logical). But yeah as i told there are 13 root servers with 13 different IP
addresses. You might think that these IP addresses never change, yeah correct in ideal cases these IP
addresses will not change. However it can be changed without impacting anything, provided you are
changing a couple of them (which happened multiple times in the past decade.). As i have previously told
every DNS server will have these 13 IP addresses inbuilt into them, so they can run without any problem even
though the new IP address is not updated (because the change of ip address will only happen to hardly one
among them, which can be manually updated by you, or will get updated in the next release cycle of your DNS
server software)
The best example of DNS root server anycasting can be proved by taking the example of j.root-servers.net,
which is handled by Verisign, Inc. That single j.root-servers.net is having 70 servers in different locations,
and all of those 70 servers are queried with a single IP address with the help of anycasting (query goes to the
nearest server possible)
DNS root server's has a DNS root zone file. This DNS root zone file contains the names and IP addresses of
all TLD's. Now TLD stands for Top level Domain. Which are some of the well know names that we know and
use in our day to day lives. Some of the common TLD's are COM, NET, ORG, MIL, GOV, EDU etc.
ROOT ZONE DATABASE
The above link of root zone database, from IANA, contains the entire list of TLD's and organizations that
manages them, or say authoritative for these TLD's. The DNS root zone contains the IP address of the
servers that manages these TLD's (The total number of TLD is pretty large, coz of country code TLD's. Each
country has its own specific TLD's. For example .US, .IN, .UK, .SE etc)
Still there is a main confusion. As there are 12 different organizations that manages these root servers. How
is the root zone file updated, who authorizes the updates and who initially takes care of the
modification/update. The management part of DNS root zone is shown below.
1. ICANN controls the content of the root zone file

2. US Department of Commerce approves the changes that needs to be done on the root zone
3. Verisign Inc( who handles two DNS root server's ) modifies the zone and distributes the updates to
other DNS root servers.
If you interested in having a look at DNS root zone file, that contains all the DNS servers responsible for all
TLD's like COM, ORG, EDU etc, then you can have a look at the below link, which contains the latest root
zone file updates. The below shown zone file is a sample zone file of a.root-servers.net server, from verisign.
DNS ROOT ZONE FILE (With Latest Updates)
The above link contains the complete list of DNS servers responsible for each TLD's. The file is very latest,
and was last updated on 15th of October 2013. The last update time can be verified from the DNS serial
number represented as shown below.
1 . 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013101501 1800 900 604800 86400
?
The last modification time in the above SOA of a.root-servers.net is mentioned by the number 2013101501
(YYYYMMDDno of times modified on that date)
So as mentioned before in the beginning of this article, the complete name to number translation procedure
starts with root servers, for which we took an example of translating www.example.com. (read by DNS
servers as DOT COM EXAMPLE WWW). So the initial step is to send a query to the nearest possible DNS
root server.
The DNS root server queried will reply back with a referral to DNS servers that handles COM TLD's, which
once again is controlled by Verisign Inc. Below shown is a snippet of COM TLD server's which i took from the
root zone file link.
1 com. 172800 IN NS a.gtld-servers.net. ?

2 com. 172800 IN NS b.gtld-servers.net.
3 com. 172800 IN NS c.gtld-servers.net.
4 com. 172800 IN NS d.gtld-servers.net.
5 com. 172800 IN NS e.gtld-servers.net.
6 com. 172800 IN NS f.gtld-servers.net.
7 com. 172800 IN NS g.gtld-servers.net.
8 com. 172800 IN NS h.gtld-servers.net.
9 com. 172800 IN NS i.gtld-servers.net.
10 com. 172800 IN NS j.gtld-servers.net.
11 com. 172800 IN NS k.gtld-servers.net.
12 com. 172800 IN NS l.gtld-servers.net.
13 com. 172800 IN NS m.gtld-servers.net.
172800 shown in the above snippet is the TTL value. COM TLD servers comes among the highly used TLD's
on the internet. Hence keeping a TTL value of 172800 (48 hours) is quite normal. Keeping higher TTL values
will reduce the number of queries to the server. Because most of the DNS server's used by ISP's are caching
name servers which will cache the result for 48 hours.
Now these TLD name servers will reply back with a list of name servers that are responsible for example
domain. Now the final step in our translation procedure is to send a DNS query asking the IP address for the
host WWW, to the name servers returned by the COM TLD servers (authoritative name servers for
example.com domain, which will be managed by the owner.).
During the Domain registration process, the registrar will send the NS record (DNS server's responsible for
the domain you registered), to that particular TLD registry operator (for example Verisign if you are
registering a COM domain name). This NS record that's present in TLD name servers are sometimes
referred to as glue records.
Recently ICANN opened bidding and applications for inclusion of new TLD names that will be available in the
coming days. Similar to COM, ORG, EDU we will be having a lot of new TLD's for anything you can imagine
of.
For example .APP, .SOFTWARE, .CLOUD, .FASHION, and much more...The entire list of applicants that
bidded for the new TLD's can be viewed by the below ICANN link.
New ICANN TLD application list
These applicants if approved by ICANN will become responsible for their respective TLD's and their name
servers. So in the near future we will be having a lot of new names to register (The company for which i was
working previously, also bidded for several new TLD names. Its called Radix registry)
Before completing this article, let me give you a proof of what i told about why there are only 13 root servers.
For understanding this let's run a DIG dns query command with trace option, and see what's the result.
expand source
Dig with trace option is used to query DNS for trouble shooting purposes. It can be used to find how the entire
DNS address translation is working. The first part of the result shows that my local DNS server gave me the
list of 13 DNS root servers to me, and there is an important information given by dig, at the end of the 13 root
servers. The information is shown below.
expand source
Saw that? it's saying my local DNS server gave me 512 bytes of UDP packet that contained the address
details of 13 root servers. This is the reason, there are only 13 root servers. For performance reasons we
need to include all root server addresses inside one single UDP packet.
If you see the subsequent reply given by TLD, and authoritative name servers, its always less than 512 bytes.
Hope this article was helpful for understanding some of the concepts related to DNS root servers.
Rate this article:
Average: 4.9 (58 votes)
13 Comments
Add a comment...
Kiran C Nalawade Pune, Maharashtra

Nice information. Thanks.
Like Reply 1 Feb 3, 2014 1:40am
Manjunath Gowda Bangalore, India

Isnt the root servers in Chennai, mumbai and Delhi??? I wish there was one in Bangalore
From APNIC:
http://www.apnic.net/community/support/root-servers
2005 :
August: Three root nameservers installed in India:
F-Root (Chennai)
I-Root (Mumbai)
K-Root (Delhi)
Like Reply 4 May 4, 2014 1:05pm
Lajpat Bishnoi Pune, Maharashtra

Thanks for pointer .. also that site is official..
Like Reply Apr 28, 2015 3:30am
Like Reply Apr 28, 2015 3:30am
Erandha Harshapriya Ananda College

Many Thanks. !!!!!!!!
Like Reply 1 Jun 6, 2014 10:22am
Roni KB Works at Citrus Informatics

Nice tutorial.Thanks
Like Reply 1 Jun 26, 2014 6:03am
Prathap Ptp Web Developer at Guindy Campus

Huge thanks for your information ...
Like Reply 1 Aug 30, 2014 5:41am
Bi Kin Hc vin Cng ngh Bu chnh Vin thng

Are there exactly 13 IP addresses of the root servers in a DNS packet?
Like Reply 1 Dec 4, 2014 9:20am
Rajeshwari Gurunathan Solution Architect at Akamai Technologies India Pvt. Ltd.

very very informative article for beginners
Like Reply 1 Dec 20, 2015 12:25pm
Andrew Darko Lead IAM & Security Systems Engineer at Weatherford

You Rock. This is the best DNS information I have ever learnt
Like Reply 1 Feb 17, 2016 6:21pm
Shubham Shrivastava Works at Red Hat - APAC

This tutorial resolves every knot of DNS in my brain thanks a ton.
Like Reply 1 Mar 7, 2016 6:03am
Boyka Ashraf Lahore, Pakistan
Why there are only 13 Root Name Servers and not more? What and where is the constraint
that limits this number to 13?
Like Reply 1 Mar 14, 2016 7:48am
Load 3 more comments
Facebook Comments Plugin
Add new comment
Comments
Thank you for this

Permalink Submitted by Siddharth on Fri, 10/18/2013 - 21:10
Thank you for this information
reply
Very Very informative...
Permalink Submitted by Ayappa K N on Wed, 04/23/2014 - 09:29
Very Very informative... thanks a lot!!
reply
Best Article I have ever read

Permalink Submitted by Yogesh on Mon, 05/05/2014 - 05:18
Great!!!!!!!!
reply
Best Explaination about DNS Root Servers

Permalink Submitted by Jett F.Salvador on Mon, 05/12/2014 - 21:15
You explained it very clearly!
reply
Excellent article
Permalink Submitted by Pushpraj on Tue, 05/27/2014 - 20:28
Excellent article. Please write more such articles.
reply
This is what I was searching for !!

Permalink Submitted by Karthi on Fri, 08/01/2014 - 04:04
Excellent article. I knew that the FQDN just ends with (.) and DNS query starts finding the destination with (.),
but I was not sure how the stuff works and where the DNS servers have been held. Now I understood :)
Thanks for the great article !!
reply
416 bytes of 13 IP addresses ?

Permalink Submitted by A Network Engineer on Sun, 08/03/2014 - 14:40
What kind of IP addresses do these 13 root servers have? IPv32 ?
I came to this article to find an answer for 'why the number 13?" but I can't accept that numerical logic. Can
somebody please explain this in detail?
reply
416 bytes of 13 IP addresses ?

Permalink Submitted by Sarath Pillai on Mon, 08/04/2014 - 06:06
A known good size of data that can fit inside a single UDP packet is 512 bytes(This is the bytes left after
headers).
Now We know the fact that IpV4 takes 32 bytes for a single IP. now 13*32 = 416. The remaining size
was kept for additional infor and possibly add another few servers in future.
IpV6 does have a higher limit for datagram size, hence in future can accomodate more number of ip's
when we completly switch to ipv6. Hope this helps.
Thanks
reply
Good Article.
Permalink Submitted by Ravisankar K P on Mon, 08/11/2014 - 10:49
Good Article. Expecting similar artciles from You
reply
Good Article.
Permalink Submitted by Ravisankar K P on Mon, 08/11/2014 - 10:49
Good Article. Expecting similar artciles from You
reply
Very good acticle

Permalink Submitted by Moslem on Mon, 09/01/2014 - 14:53
Good article. that is very useful and practical.

Thanks a lot
reply
Informative and good read
Permalink Submitted by Mohan on Thu, 04/23/2015 - 19:17
Very neatly explained the concept of internet and behind the scenes work for common man.
reply
Informative
Permalink Submitted by Saurabh on Wed, 06/24/2015 - 14:47
Nicely put all many information. Thanks!!!
reply
One of the best link for DNS info

Permalink Submitted by Vinit Patil on Mon, 07/25/2016 - 15:57
This is one of the best link on internet which gives such a detailed info about DNS. Thank you very much for
the details.
reply
Great article
Permalink Submitted by xpl0it on Thu, 08/18/2016 - 17:33
A superb article. Could clarify several doubts I had.
One modification - There are three root name servers in India - Delhi, Mumbai and Chennai. Bangalore
doesn't seem to have any, or am I wrong?
Thanks!
reply
Add new comment
Your name
Subject
Comment *
No HTML tags allow ed. More information about text formats

Web page addresses and e-mail addresses turn into links automatically.
Lines and paragraphs break automatically.
Word verification *
(verify using audio)
Type the charac ters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.
Save Preview
Searc h Artic les ... Search
Subscribe Our Mailing List
* indicates required
Email Address
*
First Name
Last Name
Subscribe
Today's Most Popular
IPERF: How to test network

Speed,Performance,Bandwidth
Arc hives - 15 comment(s)
What is a DNS ZONE file: A Complete Tutorial on
zone file and its contents
Arc hives - 4 c omment(s)
Examples of using SAR command for system

monitoring in Linux
SAN vs NAS - Difference between a Storage Area

Network and Network Attached Storage
Most Commented Top Rated Articles
How Does Traceroute Work and Example's of using EIGRP (Enhanced Interior Gateway Routing Protocol)
traceroute command
Networking - 69 comment(s)
Average: 5 (5 votes)
SAN vs NAS - Difference between a Storage Area

Network and Network Attached Storage Introduction to git version control system
difference between iterative and recursive dns query
Arc hives - 42 comment(s) Netstat command examples and its usage
Linux Booting Process: A step by step tutorial for

understanding Linux boot sequence
how to install and configure kerberos server
LAMP configuration on rhel5
examples of using basic linux regular expressions
Dockerfile Tutorial - Building Docker Images for

Containers
How to configure software raid10 in Linux
Jump back to navigation
Get in touch with The Authors Follow Us
Sarath Pillai
Subscribe to our RSS Feed
Ph: +917303074400
Follow us on Twitter
Email: sarath@slashroot.in
Be a fan on Facebook
Our News Letter

Satish Tiw ary
Ph: +919509452488 * indicates required

Email Address
Email: satish@slashroot.in
*
Subscribe
Recent Posts Last Viewed
Difference Between Segments, Packets and Frames inode and its structure in linux
Netw orking - 3 days 7 hours ago Archives - last view 10 sec ago
How is TCP & UDP Checksum Calculated? nice and renice command usage examples for
process priority in linux
Netw orking - 4 days 9 hours ago
Archives - last view 14 sec ago
How Does UDP Work ?

GFS - Gluster File System - A complete Tutorial
Netw orking - 5 days 10 hours ago Guide for an Administrator
Archives - last view 23 sec ago

Understanding Object Oriented Programming in
Python
Secure Zone transfer in BIND using TSIG(Transaction
Archives - 1 week 1 day ago Signatures)
Security Notes - last view 53 sec ago
Copyright Slashroot.in.All rights reserved.Privacy Policy|Term s Of Service|Sitem ap

DNS Root Servers Most Critical Infrastructu

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

DNS Root Servers Most Critical Infrastructu

Încărcat de

Drepturi de autor:

Formate disponibile

Search Articles ...

DNS Root Servers: The most critical

Submitted by Sarath Pillai on Tue, 10/15/2013 - 04:07

Read: How DNS resolution works

Read: Difference between Iterative and recursive DNS queries

Read: Dns Zone file and its contents

Read: Zone transfer and its security

Read: Why is TCP slow compared to UDP

1. TCP (Transmission Control Protocol)

Map data 2017 Terms 1,000 mi

View Root Servers in the World in a larger map

Some advantages of anycasting are mentioned below.

High speed and low latency

Root Server Name Managed By

j.root-servers.net VeriSign, Inc.

c.root-servers.net Cogent Communications

k.root-servers.net RIPE NCC

1. ICANN controls the content of the root zone file

DNS ROOT ZONE FILE (With Latest Updates)

1 com. 172800 IN NS a.gtld-servers.net. ?

New ICANN TLD application list

Kiran C Nalawade Pune, Maharashtra

Manjunath Gowda Bangalore, India

Lajpat Bishnoi Pune, Maharashtra

Erandha Harshapriya Ananda College

Roni KB Works at Citrus Informatics

Prathap Ptp Web Developer at Guindy Campus

Bi Kin Hc vin Cng ngh Bu chnh Vin thng

Rajeshwari Gurunathan Solution Architect at Akamai Technologies India Pvt. Ltd.

Andrew Darko Lead IAM & Security Systems Engineer at Weatherford

Shubham Shrivastava Works at Red Hat - APAC

Load 3 more comments

Facebook Comments Plugin

Add new comment

Thank you for this

Thank you for this information

Very Very informative... thanks a lot!!

Best Article I have ever read

Best Explaination about DNS Root Servers

You explained it very clearly!

Excellent article. Please write more such articles.

This is what I was searching for !!

416 bytes of 13 IP addresses ?

What kind of IP addresses do these 13 root servers have? IPv32 ?

416 bytes of 13 IP addresses ?

Good Article. Expecting similar artciles from You

Good Article. Expecting similar artciles from You

Very good acticle

Good article. that is very useful and practical.

Nicely put all many information. Thanks!!!

One of the best link for DNS info

A superb article. Could clarify several doubts I had.

Add new comment

No HTML tags allow ed. More information about text formats

(verify using audio)

Subscribe Our Mailing List

Today's Most Popular

IPERF: How to test network

Examples of using SAR command for system

SAN vs NAS - Difference between a Storage Area

SAN vs NAS - Difference between a Storage Area

Arc hives - 49 comment(s)

Linux Booting Process: A step by step tutorial for

LAMP configuration on rhel5