为什么世界上只有13个root域名解析服务器

为什么世界上只有13个根域名服务器

这个故事比较久远，且听我慢慢道来

1.Why are there only 13 DNS root servers (or is it a completely wrong information)

2. Where* are these servers located, are all of them located in United States

3.Which organizations are responsible for handling and managing them

4.Who allocates the TLD names (names such as COM, ORG, NET etc)

5.When will we get more TLD names like something new .SOFTWARE, .DOCTOR, .Anything.

6.Does my country have a DNS root server, that’s functional?

The first one is better suited for reliability and the second one is suited for performance. Things like DNS should never be slow, hence it by default works on UDP. And a single UDP packet should contain all this 13 IP addresses along with other UDP protocol information (416 bytes of 13 ip addresses and remaining protocol information of UDP). Yeah sure you can easily have 30 or 40 DNS root server IP addresses, but you will not be able to send all of them in one UDP packet (you will have to send them in multiple packets, that will reduce the performance). Hence for performance and low network overhead the root servers are limited to 13 IP addresses.

As i told before there are many more servers but are accessed by 13 ip addresses, globally. Multiple server instances will be handling a single IP DNS root server, and is also geographically distributed. Geographical distribution of DNS servers is very important because this will localize the servers, so for example, if am in india its faster for me to reach a DNS root server near me rather than reaching a root server located in US.

But yeah in the beginning all of them were located in US. But recent improvements have made them available in different countries and continents. According to Wikipedia, there are more than 370 root servers distributed in different continets. Below shown is a map of DNS root server locations. I have took the below map from google maps created by paf.

Saw that? it’s saying my local DNS server gave me 512 bytes of UDP packet that contained the address details of 13 root servers. This is the reason, there are only 13 root servers. For performance reasons we need to include all root server addresses inside one single UDP packet.

If you see the subsequent reply given by TLD, and authoritative name servers, its always less than 512 bytes.

Hope this article was helpful for understanding some of the concepts related to DNS root servers

对根服务器为何是13个做的解释，以下是补充内容

View Root Servers in the World in a larger map

Zoom inside the above shown DNS root server map, that shows geographical locations of the servers. Click on each location it will tell you the name of that particular server. Oh yeah the 13 root servers are named from A to M. They are named like a.root-servers.net to m.root-servers.net.

I was amazed to know the fact that even India had 3 DNS root servers. One in Bangalore, Chennai, and New Delhi.

There are multiple servers for one server for example a.root-servers.net is handled by many servers at different places. You might be thinking how is this being handled with 13 ip addresses.

Now there is a technology called as Anycasting that plays a major role in achieving this distributed architecture of DNS root servers. In simple terms anycasting is a technology that makes multiple servers, in fact many servers in different locations to share a single IP address. Which means, many servers will be available at that one address. Whenever a request is send to an anycast IP address, then networking routers will route that request to the nearest server possible. This means if i want to reach f.root-servers.net from India the nearest possible location is Chennai (which is shown in the map), rather than reaching some other location in the world. This is the reason why DNS root servers rely heavily on IP anycasting technology.

Some advantages of anycasting are mentioned below.

High speed and low latency
Anycasting is Resilient. Because even if the f.root-serves.net in Chennai goes down, the network will take me to the next nearest location in the map.
Strong protection against biggest DDOS attacks.
You might be thinking who handles and manages these 13 DNS root servers. There are 13 organizations that manages these different servers distributed in different locations geographically. They are mentioned below.

Root Server Name Managed By
a.root-servers.net VeriSign, Inc.
j.root-servers.net VeriSign, Inc.
b.root-servers.net University of Southern California
c.root-servers.net Cogent Communications
d.root-servers.net University of Maryland
e.root-servers.net NASA
f.root-servers.net Internet Systems Consortium, Inc.
g.root-servers.net US Department of Defence
h.root-servers.net US Army
i.root-servers.net Netnod
k.root-servers.net RIPE NCC
l.root-servers.net ICANN
m.root-servers.net WIDE
There are 12 organizations that handles and manages DNS root servers. It should have been 13 organizations, but Verisign handles 2 DNS root servers ( when i say two servers, never think that they are two physical server instances…two is logical). But yeah as i told there are 13 root servers with 13 different IP addresses. You might think that these IP addresses never change, yeah correct in ideal cases these IP addresses will not change. However it can be changed without impacting anything, provided you are changing a couple of them (which happened multiple times in the past decade.). As i have previously told every DNS server will have these 13 IP addresses inbuilt into them, so they can run without any problem even though the new IP address is not updated (because the change of ip address will only happen to hardly one among them, which can be manually updated by you, or will get updated in the next release cycle of your DNS server software)

The best example of DNS root server anycasting can be proved by taking the example of j.root-servers.net, which is handled by Verisign, Inc. That single j.root-servers.net is having 70 servers in different locations, and all of those 70 servers are queried with a single IP address with the help of anycasting (query goes to the nearest server possible)

DNS root server’s has a DNS root zone file. This DNS root zone file contains the names and IP addresses of all TLD’s. Now TLD stands for Top level Domain. Which are some of the well know names that we know and use in our day to day lives. Some of the common TLD’s are COM, NET, ORG, MIL, GOV, EDU etc.

ROOT ZONE DATABASE

The above link of root zone database, from IANA, contains the entire list of TLD’s and organizations that manages them, or say authoritative for these TLD’s. The DNS root zone contains the IP address of the servers that manages these TLD’s (The total number of TLD is pretty large, coz of country code TLD’s. Each country has its own specific TLD’s. For example .US, .IN, .UK, .SE etc)

Still there is a main confusion. As there are 12 different organizations that manages these root servers. How is the root zone file updated, who authorizes the updates and who initially takes care of the modification/update. The management part of DNS root zone is shown below.

ICANN controls the content of the root zone file
US Department of Commerce approves the changes that needs to be done on the root zone
Verisign Inc( who handles two DNS root server’s ) modifies the zone and distributes the updates to other DNS root servers.
If you interested in having a look at DNS root zone file, that contains all the DNS servers responsible for all TLD’s like COM, ORG, EDU etc, then you can have a look at the below link, which contains the latest root zone file updates. The below shown zone file is a sample zone file of a.root-servers.net server, from verisign.

DNS ROOT ZONE FILE (With Latest Updates)

The above link contains the complete list of DNS servers responsible for each TLD’s. The file is very latest, and was last updated on 15th of October 2013. The last update time can be verified from the DNS serial number represented as shown below.

?
1
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013101501 1800 900 604800 86400
The last modification time in the above SOA of a.root-servers.net is mentioned by the number 2013101501 (YYYYMMDDno of times modified on that date)

So as mentioned before in the beginning of this article, the complete name to number translation procedure starts with root servers, for which we took an example of translating www.example.com. (read by DNS servers as DOT COM EXAMPLE WWW). So the initial step is to send a query to the nearest possible DNS root server.

The DNS root server queried will reply back with a referral to DNS servers that handles COM TLD’s, which once again is controlled by Verisign Inc. Below shown is a snippet of COM TLD server’s which i took from the root zone file link.

?
1
2
3
4
5
6
7
8
9
10
11
12
13
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
172800 shown in the above snippet is the TTL value. COM TLD servers comes among the highly used TLD’s on the internet. Hence keeping a TTL value of 172800 (48 hours) is quite normal. Keeping higher TTL values will reduce the number of queries to the server. Because most of the DNS server’s used by ISP’s are caching name servers which will cache the result for 48 hours.

Now these TLD name servers will reply back with a list of name servers that are responsible for example domain. Now the final step in our translation procedure is to send a DNS query asking the IP address for the host WWW, to the name servers returned by the COM TLD servers (authoritative name servers for example.com domain, which will be managed by the owner.).

During the Domain registration process, the registrar will send the NS record (DNS server’s responsible for the domain you registered), to that particular TLD registry operator (for example Verisign if you are registering a COM domain name). This NS record that’s present in TLD name servers are sometimes referred to as glue records.

Recently ICANN opened bidding and applications for inclusion of new TLD names that will be available in the coming days. Similar to COM, ORG, EDU we will be having a lot of new TLD’s for anything you can imagine of.

For example .APP, .SOFTWARE, .CLOUD, .FASHION, and much more…The entire list of applicants that bidded for the new TLD’s can be viewed by the below ICANN link.

New ICANN TLD application list

These applicants if approved by ICANN will become responsible for their respective TLD’s and their name servers. So in the near future we will be having a lot of new names to register (The company for which i was working previously, also bidded for several new TLD names. Its called Radix registry)

Before completing this article, let me give you a proof of what i told about why there are only 13 root servers. For understanding this let’s run a DIG dns query command with trace option, and see what’s the result.

expand source
Dig with trace option is used to query DNS for trouble shooting purposes. It can be used to find how the entire DNS address translation is working. The first part of the result shows that my local DNS server gave me the list of 13 DNS root servers to me, and there is an important information given by dig, at the end of the 13 root servers. The information is shown below.