ISOC Logo

DNS Root Name Servers Explained For Non-Experts

MEMBER BRIEFING 19 < Main Index
February, 2006, Version 1 By Daniel Karrenberg

Dear non-Experts,

This is for you who always wanted to know what the DNS root name servers actually do and how they are operated. These servers are a small but esential part of the Internet Domain Name System (DNS), a part that is often talked about these days but little understood and sometimes even mysticised. After reading this briefing DNS root name servers will be no mystery to you any more and you will also understand what these servers are not involved in.

Dear DNS Experts,

This is not for you. For the sake of explaining the principles we will not mention technical or engineering details. You can find these elsewhere. We will also not mention any details that could be used by an adversary to disrupt DNS root name server operations.

What They Serve

Essentially the DNS root name servers reliably publish the contents of one small file to the Internet. The file is called the root zone file. On 12-Dec-2004 there were 5335 lines of text in the file which had a size of 119KB; you can find this particular version here: www.isoc.org/briefings/020/zonefile.shtml

This file is smaller than the ISOC home page http://www.isoc.org/. The root zone file also does not change very frequently; it changed only 7 times between 11-Nov-2004 and 12-Dec-2004 and only 90 times in the year preceeeding 12-Dec-2004. The individual changes are all localized and relatively small.

Compared to many other services on the Internet this service is rather unspectacular. The function and content of the root zone file are what make it special and cause it to be at the focus of increased attention. The root zone file is at the apex of a hierarchical distributed database called the Domain Name System (DNS). This database is used by almost all Internet applications to translate worldwide unique names like www.isoc.org into other identifiers; the web, e-mail and many other services make use of the DNS.

The root zone file lists the names and numeric IP addresses of the authoritative DNS servers for all top-level domains (TLDs) such as ORG, COM, NL and AU. On 12-Dec-2004 there were 258 TLDs and 773 different authoritative servers for those TLDs listed. Other name servers forward queries for which they do not have any information about authoritative servers to a root name servers. The root name server answers with a referral to the authoritative servers for the appropriate TLD or with an indication that no such TLD exists. For a more detailed description of how the DNS works, see the companion ISOC Member Briefing #16 (The Internet Domain Name System Explained for Non-Experts) which can be found here: www.isoc.org/briefings/016/index.shtml.

The Operators

Root servers are operated by twelve organisations often referred to as the "root server operators". They are

A - VeriSign Global Registry Services

B - Information Sciences Institute

C - Cogent Communications

D - University of Maryland

E - NASA Ames Research Center

F - Internet Systems Consortium, Inc.

G - U.S. DOD Network Information Center

H - U.S. Army Research Lab

I - Autonomica/NORDUnet

J - VeriSign Global Registry Services

K - RIPE NCC

L - ICANN

M - WIDE Project

The letters A-M represent the 13 numeric IPv4 addresses at which the service is provided. Each operator is repsonsible for providing reliable DNS service to the Internet at large from their address. Some operators still provide the service from one location with one or more physical machines. Other operators provide the service from multiple locations using a method called "anycast" which is explained in the FAQ referenced below. The actual root name servers machines are located at more than 80 locations in 34 countries, most of them outside the United States of America (December 2004).

More information about most operators can be found via www.root-servers.org/ /, or specifically via http://X.root-servers.org/ where X stands for one of the letters listed above.

Some Common Misconceptions

The root name server operators do not determine the content of the root zone file. The file is edited by the IANA according to a process described on the IANA web site. The root name server operators publish the file as received from the IANA. See: www.iana.org/root-management.htm

No Internet traffic passes through the root name servers at all. They have nothing to do with routing, note the difference in spelling. Name servers just answer queries from other parts of the DNS.

The root name servers do not store all the information in the DNS. Storing all the information in one place would be totally infeasible today. This is exactly why the DNS was developed as a distributed database. So if you register thatnewdomain.org the root zone file will not change and the root name servers will not give different answers. The ORG zone file will be changed.

The root name servers are not queried every time you browse the web or send mail. Information is cached in the DNS. Your computer will query a caching DNS server to resolve domain names. A well behaved DNS server needs to query the root name servers only once every 48 hours for each particular TLD.

In the meantime it can resolve names for that TLD without involvement of the root name servers. Because of this caching almost all DNS queries are answered without involvement of the root name servers.

Diversity

While the root zone file represents the apex of a hierarchical naming system, the root name servers that publish this zone file are organised in a distributed and diverse fashion. No single entity has authority or control over the operation of these servers. This diversity and the distributed authority has been a key element of the reliability of the root name service. Therefore this diversity should be maintained in the face of increasing pressure for more hierarchical "Internet Governance".

For More Information

For those seeking more detailed information about the root name servers I have compiled an extensive FAQ on the subject. It tries to answer questions I have received from outside the technical community over the last few years. While it repeats some material from this briefing the FAQ is much more extensive than the briefing; it is also a living document that will be updated as new questions arise and better answers become available. You can find this FAQ here: http://www.isoc.org/briefings/020/

This article is also available in PDF and ASCII

Expanded Coverage from ISOC

In-depth articles, papers, links and other resources on a variety of topics are available from the ISOC site at: www.isoc.org/internet/issues

About the Author

Daniel Karrenberg currently serves the RIPE NCC as Chief Scientist. His interests include Internet measurements, the development of the DNS and the evoloution of what others often call "Internet Governance".

Daniel is one of the founders of RIPE In the 1990s Daniel led the establishment of the RIPE NCC, the first of the Regional Internet Registries. He has helped to shape Internet address space distribution policy, transferring both policy development and implementation to the region.

Daniel helped to design NSD, designed and implemented dnsmon and deployed the initial K-root server.

In the 1980s Daniel helped to build EUnet and led the effort to transition it to Internet protocols, making EUnet the first pan-European ISP and bringing Internet connections to many places in and around Europe.

Acknowledgments

The ISOC Member Briefing series is made possible through the generous assistance of ISOC's Platinum Program Sponsors: Afilias, APNIC, ARIN, Microsoft, and the RIPE NCC, Sida. More information on the Platinum Sponsorship Program...

About the Background Paper Series

Published by:
The Internet Society
1775 Wiehle Avenue, Suite 102
Reston, Virginia 20190 USA
Tel: +1 703 326 9880
Fax: +1 703 326 9881

4, rue des Falaises
CH-1205 Geneva
Switzerland
Tel: +41 22 807 1444
Fax: +41 22 807 1445

Email: info@isoc.org
Web: www.isoc.org

Series Editor: Martin Kupres

Copyright C Internet Society 2005.
All rights reserved.