DNS root zone
From Wikipedia, the free encyclopedia
A DNS root zone is the top level of the DNS hierarchy for a given DNS system. The term, when not otherwise qualified, is generally used to refer to the root zone of the largest global DNS system deployed on the Internet. This "official" DNS system is by far the largest deployment of DNS in the world. The zone is managed by the Internet Assigned Numbers Authority, a role performed by ICANN.
The combination of limits in the DNS and IP protocols means that there is a limit of thirteen root server names that can be accommodated within a root zone.
Contents |
[edit] Parent zones
Responsible for defining its points of delegation (sub-zones), ensuring the availability of a server to respond with the appropriate referrals (NS records) for those sub-zones, updating the referral information upon request from the child sub-zone in a timely fashion, and ensuring the child honors its responsibilites.
[edit] Technical details of root server lookup
There are thirteen root server names that are authoritative for queries to the global DNS root zone, the maximum number possible. The root servers hold the list of addresses for the authoritative servers for the top-level domains. Every name lookup must either start with an access to a root server, or use information that was once obtained from a root server.
The root servers have the official names a.root-servers.net to m.root-servers.net. However, to look up the IP address of a root server from these names, you must first be able to look up a root server, to find the address of an authoritative server for the .net DNS zone. Clearly this creates a paradox, so the address of at least one root server needs to be known by a host in order to bootstrap access to the DNS system. This is usually done by shipping the addresses of all known root DNS servers as a file with the computer operating system: the IP addresses of some root servers will change over the years, but only one correct address is needed for the lookup process to complete. This file is called named.cache when distributed with the BIND nameserver.
Once the address of a single functioning root server is known, the rest of the DNS information can be discovered recursively, and the address of any machine on the Internet can be looked up in this way.
An additional level of redundancy is provided by the fact that a single root server name, and its corresponding IP address, may correspond with many physical servers around the world, using a method called anycast.
[edit] Redundancy and diversity
The root DNS servers are essential to the function of the Internet, as so many protocols use DNS, either directly or indirectly. They are potential points of failure for the entire Internet. For this reason, there are 13 named root servers worldwide. There are no more root servers because a single DNS reply can only be 512 bytes long; while it is possible to fit 15 root servers in a datagram of this size, the variable size of DNS packets makes it prudent to only have 13 root servers.
They are housed in multiple sites with high bandwidth access, to try to prevent attacks such as distributed denial-of-service attacks. Most of these single-site installations are still in the United States. Usually each DNS server in a given site is actually a cluster of servers behind a load-balancing set of routers.
However, a number of root servers lie outside the United States:
- i.root-servers.net is in Stockholm and many other locations using anycast
- k.root-servers.net has globally visible nodes in Amsterdam, London, Miami, Delhi and Tokyo
- m.root-servers.net is in Tokyo, Paris and Seoul using anycast
The modern trend is to use anycast to give resilience and to balance load across a wide geographic area. For example, j.root-servers.net, f.root-servers.net and k.root-servers.net are served using anycast from a number of sites worldwide. The use of anycast has allowed the growth of non-U.S. root DNS servers until most DNS root instances are outside the U.S.
Details of all the root servers can be seen at the root-servers.org website.