DNS root zone
A DNS root zone is the top level of the DNS hierarchy for a given DNS system. The term, when not otherwise qualified, is generally used to refer to the root zone of the largest global DNS system deployed on the Internet. This "official" DNS system is by far the largest deployment of DNS in the world.
The combination of limits in the DNS and IP protocols means that there is a limit of thirteen root server names that can be accommodated within a root zone.
Technical details of root server lookup
There are thirteen root server names that are authoritative for queries to the global DNS root zone, the maximum number possible. The root servers hold the list of addresses for the authoritative servers for the top-level domains. Every name lookup must either start with an access to a root server, or use information that was once obtained from a root server.
The root servers have the official names a.root-servers.net to m.root-servers.net. However, to look up the IP address of a root server from these names, you must first be able to look up a root server, to find the address of an authoritative server for the .net DNS zone. Clearly this creates a paradox, so the address of at least one root server needs to be known by a host in order to bootstrap access to the DNS system. This is usually done by shipping the addresses of all known root DNS servers as a file with the computer operating system: the IP addresses of some root servers will change over the years, but only one correct address is needed for the lookup process to complete. This file is called named.cache when distributed with the BIND nameserver.
Once the address of a single functioning root server is known, the rest of the DNS information can be discovered recursively, and the address of any machine on the Internet can be looked up in this way.
An additional level of redundancy is provided by the fact that a single root server name, and its corresponding IP address, may correspond with many physical servers around the world, using a method called anycast.
Redundancy and diversity
The root DNS servers are essential to the function of the Internet, as so many protocols use DNS, either directly or indirectly. They are potentially points of failure for the entire Internet. For this reason, there are 13 named root servers worldwide: the maximum possible using the DNS protocol with the minimum guaranteed IP datagram size.
They are housed in multiple sites with high bandwidth access, to try to prevent attacks such as distributed denial-of-service attacks. Most of these single-site installations are still in the United States. Usually each DNS server in a given site is actually a cluster of servers behind a load-balancing set of routers.
However, a number of root servers lie outside the United States:
The modern trend is to use anycast to give resilience and to balance load across a wide geographic area. For example, both f.root-servers.net and k.root-servers.net are served using anycast from a number of sites worldwide. The use of anycast has allowed the growth of non-U.S. root DNS servers until most DNS root instances are outside the U.S.
Details of all the root servers can be seen at the website
Politics of the DNS root zone
- to be written
- mention IANA, ICANN
Alternative DNS root proposals
- to be written
possible starting point
and
Proposed alternative systems to DNS
- directories vs. name resolution
- mention AS112
