Root nameserver
|
|
A root nameserver is a DNS server that answers requests for the root namespace domain, and redirects requests for a particular top-level domain to that TLD's nameservers.
All domain names on the Internet actually end in a . (period) character -- that is, technically, Wikipedia is actually hosted on the domain "www.wikipedia.org." (try it.) This final dot is implied, and modern DNS software does not actually require that the final dot be included when attempting to translate a domain name to an IP address. The empty string after the final dot is called the root domain, and all other domains (i.e. .com, .org, .net, .uk, etc.) are contained within the root domain.
When a computer on the Internet wants to resolve a domain name, it works from right to left, asking each nameserver in turn about the element to its left. The root nameservers (which have responsibility for the . domain) know about which servers are responsible for the top-level domains. Each top-level domain (such as .org) has its own set of servers, which in turn delegate to the nameservers responsible for individual domain names (such as wikipedia.org), which in turn answer queries for IP addresses of subdomains (such as www).
In practice, most of this information doesn't change very often and gets cached, and necessary DNS lookups to the root nameservers are relatively rare. However, there are a lot of incorrectly configured routers on the Internet that cause most of the traffic to the root servers. For example, queries with the source address 0.0.0.0 (corresponding to anywhere and everywhere) make it to the root servers. Also, misconfigured desktop computers sometimes try to update the root server records for the TLD domains, which is incorrect. See the Bogus Queries in the external links for more amusing stories.
There are currently 13 root name servers, with names in the form letter.root-servers.net where letter ranges from A to M:
| Letter | Old name | Operator | Location |
|---|---|---|---|
| A | ns.internic.net | VeriSign | Dulles, Virginia, USA |
| B | ns1.isi.edu | ISI | Marina Del Rey, California, USA |
| C | c.psi.net | Cogent (http://www.cogent.com/) | Herndon, Virginia, USA |
| D | terp.umd.edu | University of Maryland | College Park, Maryland, USA |
| E | ns.nasa.gov | NASA | Mountain View, California, USA |
| F | ns.isc.org | ISC (http://www.isc.org/) | Palo Alto, California, USA |
| G | ns.nic.ddn.mil | U.S. DoD NIC | Vienna, Virginia, USA |
| H | aos.arl.army.mil | U.S. Army Research Lab (http://www.arl.army.mil/) | Aberdeen Proving Ground, Maryland, USA |
| I | nic.nordu.net | Autonomica (http://www.autonomica.se/) | Stockholm |
| J | VeriSign | Dulles, Virginia, USA | |
| K | RIPE | London | |
| L | ICANN | Los Angeles | |
| M | WIDE Project | Tokyo |
Older servers had their own name before the policy of using similar names was established.
No more names can be used because of protocol limitations, but the C, F, I, J and K servers exist in multiple locations on different continents, using anycast announcements to provide a decentralized service. As a result most of the physical, rather than nominal, root servers are now outside the United States.
Recent studies from CAIDA and WIDE show that 98% of queries to the root DNS servers are unnecessary. Often, this is due to misconfigured packet filters or firewalls. For instance, firewalls allowing DNS queries to go out, but not allowing the responses to come in. Also, non-stop repeated queries, bogus A-queries, bogus TLD's, internal names and private address space leaking out to the Internet. Root and TLD server operators are forced to over-provision their services to handle the queries they receive.
There are quite a few alternate namespace systems with their own set of root nameservers that exist in opposition to the mainstream nameservers. The first, AlterNIC, generated a substantial amount of press. See Alternative DNS root for more information.
See also:
External links
- Root Server Technical Operations Association (http://www.root-servers.org/)
- DNS Root Server System Advisory Committee (http://www.rssac.org/)
- Bogus Queries received at the Root Servers (http://www.bind9.net/dnshealth/)
- RFC 2826 - IAB Technical Comment on the Unique DNS Root
de:Root-Server fi:Juurinimipalvelin ja:ルートサーバ nl:DNS root servers