Root name server




Name server for the DNS root zone




A Cisco 7301 router and a Juniper M7i, part of the K root-server instance at AMS-IX.


A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in translating (resolving) human readable host names into IP addresses that are used in communication between Internet hosts.


A combination of limits in the DNS and certain protocols, namely the practical size of unfragmented User Datagram Protocol (UDP) packets, resulted in a decision to limit the number of root servers to thirteen server addresses.[1][2] The use of anycast addressing permits the actual number of root server instances to be much larger, and is 937 as of 19 September 2018[update].[3]




Contents






  • 1 Root domain


  • 2 Resolver operation


  • 3 Root server addresses


  • 4 Root server supervision


  • 5 Root zone file


  • 6 See also


  • 7 Notes


  • 8 References


  • 9 Further reading


  • 10 External links





Root domain


The DNS is a hierarchical naming system for computers, services, or any resource participating in the Internet. The top of that hierarchy is the root domain. The root domain does not have a formal name and its label in the DNS hierarchy is an empty string. All fully qualified domain names (FQDNs) on the Internet can be regarded as ending with this empty string for the root domain, and therefore ending in a full stop character (the label delimiter), e.g., "www.example.com.". This is generally implied rather than explicit, as modern DNS software does not actually require that the terminating dot be included when attempting to translate a domain name to an IP address.


The root domain contains all top-level domains of the Internet. As of July 2015[update], it contains 1058 TLDs, including 730 generic top-level domains (gTLDs) and 301 country code top-level domains (ccTLDs) in the root domain.[4] In addition, the ARPA domain is used for technical name spaces in the management of Internet addressing and other resources. A TEST domain is used for testing internationalized domain names.



Resolver operation


When a computer on the Internet needs to resolve a domain name, it uses resolver software to perform the lookup. A resolver breaks the name up into its labels from right to left. The first component (TLD) is queried using a root server to obtain the responsible authoritative server. Queries for each label return more specific name servers until a name server returns the answer of the original query.


In practice, most of this information does not change very often over a period of hours and therefore it is cached by intermediate name servers or by a name cache built into the user's application. DNS lookups to the root name servers may therefore be relatively infrequent. A survey in 2003 [5] reports that only 2% of all queries to the root servers were legitimate. Incorrect or non-existent caching was responsible for 75% of the queries, 12.5% were for unknown TLDs, 7% were for lookups using IP addresses as if they were domain names, etc. Some misconfigured desktop computers even tried to update the root server records for the TLDs. A similar list of observed problems and recommended fixes has been published in RFC 4697.


Although any local implementation of DNS can implement its own private root name servers, the term "root name server" is generally used to describe the thirteen well-known root name servers that implement the root name space domain for the Internet's official global implementation of the Domain Name System.



Root server addresses


There are 13 logical root name servers specified, with logical names in the form letter.root-servers.net, where letter ranges from a to m. The choice of thirteen name servers was made because of limitations in the original DNS specification, which specifies a maximum packet size of 512 bytes when using the User Datagram Protocol (UDP).[6] Technically however, fourteen name servers fit into an IPv4 packet. The addition of IPv6 addresses for the root name servers requires more than 512 bytes, which is facilitated by the EDNS0 extension to the DNS standard.[7]


This does not mean that there are only 13 physical servers; each operator uses redundant computer equipment to provide reliable service even if failure of hardware or software occurs. Additionally, all operate in multiple geographical locations using a routing technique called anycast addressing, providing increased performance and even more fault tolerance. An informational homepage exists for every logical server (except G-Root) under the Root Server Technical Operations Association domain with web address in the form http://letter.root-servers.org/, where letter ranges from a to m.


Ten servers were originally in the United States; some are now operated using anycast addressing. Three servers were originally located in Stockholm (I-Root), Amsterdam (K-Root), and Tokyo (M-Root) respectively.
Older servers had their own name before the policy of using similar names was established. With anycast, most of the physical root servers are now outside the United States, allowing for high performance worldwide.















































































































































Letter

IPv4 address

IPv6 address

AS-number[8]
Old name
Operator
Location & Nr. of
sites (global/local)[9]
Software

A

198.41.0.4

2001:503:ba3e::2:30
AS19836,[8][note 1] AS36619, AS36620, AS36622, AS36625, AS36631, AS64820[note 2][10]
ns.internic.net

Verisign
Distributed using anycast
5/0

NSD and Verisign ATLAS

B

199.9.14.201[note 3][11][12]

2001:500:200::b[13]
AS394353[14]
ns1.isi.edu

USC-ISI
Distributed using anycast
2/0

BIND

C

192.33.4.12

2001:500:2::c
AS2149[8][15]
c.psi.net

Cogent Communications
Distributed using anycast
8/0

BIND

D

199.7.91.13[note 4][16]

2001:500:2d::d
AS27[8][17]
terp.umd.edu

University of Maryland
Distributed using anycast
50/67

NSD[18]

E

192.203.230.10

2001:500:a8::e
AS21556[8][19]
ns.nasa.gov

NASA Ames Research Center
Distributed using anycast
95/97

BIND and NSD

F

192.5.5.241

2001:500:2f::f
AS3557,[8][20] AS1280, AS30132[20]
ns.isc.org

Internet Systems Consortium
Distributed using anycast
57/0

BIND [21]

G[note 5]

192.112.36.4[note 6]

2001:500:12::d0d[note 6]
AS5927[8][22]
ns.nic.ddn.mil

Defense Information Systems Agency
Distributed using anycast
6/0

BIND

H

198.97.190.53[note 7][23]

2001:500:1::53[note 8][23]
AS1508[23][note 9][24]
aos.arl.army.mil

U.S. Army Research Lab

Aberdeen Proving Ground, Maryland & San Diego, California
2/0

NSD

I

192.36.148.17

2001:7fe::53
AS29216[8][25]
nic.nordu.net

Netnod
Distributed using anycast
58/0

BIND

J

192.58.128.30[note 10]

2001:503:c27::2:30
AS26415,[8][26] AS36626, AS36628, AS36632[26]
N/A

Verisign
Distributed using anycast
61/13

NSD and Verisign ATLAS

K

193.0.14.129

2001:7fd::1
AS25152[8][27][28]
N/A

RIPE NCC
Distributed using anycast
5/23

BIND, NSD and Knot DNS[29]

L

199.7.83.42[note 11][30]

2001:500:9f::42[note 12][31]
AS20144[8][32][33]
N/A

ICANN
Distributed using anycast
161/0

NSD and Knot DNS[34]

M

202.12.27.33

2001:dc3::35
AS7500[8][35][36]
N/A

WIDE Project
Distributed using anycast
6/1

BIND



A map of the thirteen logical name servers, including anycasted instances, at the end of 2006.


There are also several alternative namespace systems with an alternative DNS root using their own set of root name servers that exist in parallel to the mainstream name servers. The first, AlterNIC, generated a substantial amount of press.[citation needed]


The function of a root name server may also be implemented locally, or on a provider network. Such servers are synchronized with the official root zone file as published by ICANN, and do not constitute an alternate root.


As the root name servers are an important part of the Internet, they have come under attack several times, although none of the attacks have ever been serious enough to severely affect the performance of the Internet.



Root server supervision


The DNS Root Server System Advisory Committee is an ICANN committee. However, the root zone is controlled by the United States Department of Commerce who must approve all changes to the root zone file requested by ICANN[needs update]. ICANN's bylaws[37] assign authority over the operation of the root name servers of the Domain Name System to the DNS Root Server System Advisory Committee.



Root zone file


The root zone file is a small (about 2MB) data set[38] whose publication is the primary purpose of root name servers.


The root zone file is at the apex of a hierarchical distributed database called the Domain Name System (DNS). This database is used by almost all Internet applications to translate worldwide unique names such as www.wikipedia.org into other identifiers such as IP addresses.


The contents of the root zone file is a list of names and numeric IP addresses of the authoritative DNS servers for all top-level domains (TLDs) such as com, org, edu, and the country code top-level domains. On 12 December 2004, 773 different authoritative servers for the TLDs were listed. Later the number of TLDs increased greatly. As of July 2015[update], the root zone consisted of 1058 TLDs. Other name servers forward queries for which they do not have any information about authoritative servers to a root name server. The root name server, using its root zone file, answers with a referral to the authoritative servers for the appropriate TLD or with an indication that no such TLD exists.[39]



See also



  • Distributed denial of service attacks on root nameservers


  • EDNS0 (Extended DNS, version 0)

  • Internet backbone

  • Open Root Server Network

  • Blackhole server



Notes





  1. ^ AS19836 is not listed by the RIPEstat tool


  2. ^ AS64820 is listed as "private use" in RIPE's RISwhois tool


  3. ^ Originally it was 128.9.0.107; It was changed to 192.228.79.201 from January 2004 to October 2017.


  4. ^ Since 3 January 2013; originally was 128.8.10.90.


  5. ^ Formerly http://www.nic.mil/ (Internet Archive link); unlike all other DNS root servers, G-Root does not implement a homepage under root-servers.org, i.e. http://g.root-servers.org/[permanent dead link].


  6. ^ ab Unlike all other DNS root servers, G-Root does not respond to pings.


  7. ^ Since 1 December 2015; originally was 128.63.2.53.


  8. ^ Since 1 December 2015; originally was 2001:500:1::803f:235.


  9. ^ Since 1 December 2015; originally was AS13.


  10. ^ Since November 2002; originally was 198.41.0.10.


  11. ^ Since 1 November 2007; originally was 198.32.64.12.


  12. ^ Since 23 March 2016; originally was 2001:500:3::42.




References





  1. ^ Mark Andrews, ISC (2011-11-11). "Reason for Limited number of Root DNS Servers". bind-users (Mailing list). Retrieved 8 January 2016..mw-parser-output cite.citation{font-style:inherit}.mw-parser-output .citation q{quotes:"""""""'""'"}.mw-parser-output .citation .cs1-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/6/65/Lock-green.svg/9px-Lock-green.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .citation .cs1-lock-limited a,.mw-parser-output .citation .cs1-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/d/d6/Lock-gray-alt-2.svg/9px-Lock-gray-alt-2.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .citation .cs1-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/a/aa/Lock-red-alt-2.svg/9px-Lock-red-alt-2.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration{color:#555}.mw-parser-output .cs1-subscription span,.mw-parser-output .cs1-registration span{border-bottom:1px dotted;cursor:help}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/12px-Wikisource-logo.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output code.cs1-code{color:inherit;background:inherit;border:inherit;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;font-size:100%}.mw-parser-output .cs1-visible-error{font-size:100%}.mw-parser-output .cs1-maint{display:none;color:#33aa33;margin-left:0.3em}.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration,.mw-parser-output .cs1-format{font-size:95%}.mw-parser-output .cs1-kern-left,.mw-parser-output .cs1-kern-wl-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right,.mw-parser-output .cs1-kern-wl-right{padding-right:0.2em}


  2. ^ "DNS root server FAQ". Netnod. Retrieved 2016-01-18.


  3. ^ "www.root-servers.org". Retrieved 2018-09-19.


  4. ^ "Root Zone Database". IANA.


  5. ^ Duane Wessels, Marina Fomenkov (2003). "Wow, That's a Lot of Packets" (PDF). Retrieved 2013-11-07.CS1 maint: Uses authors parameter (link)


  6. ^ RFC 1035 Domain names - implementation and specification


  7. ^ ICANN: Accommodating IP Version 6 Address Resource Records for the Root of the Domain Name System


  8. ^ abcdefghijkl AS-numbers and IP-addresses from Root-servers.org homepage checked 9 January 2014


  9. ^ Location and sites from Root-servers.org homepage checked 10 October 2014


  10. ^ "RIS — RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 2014-01-23.


  11. ^ "B-Root's IPv4 address to be renumbered 2017-10-24".


  12. ^ "New IPv4 address for b.root-servers.net".


  13. ^ "List of Root Servers".


  14. ^ "Root Server Technical Operations Assn". www.root-servers.org. 2017-08-07. Retrieved 2017-08-07.


  15. ^ "RIS — RIPE Network Coordination Centre". Ris.ripe.net. 2013-10-13. Retrieved 2014-01-23.


  16. ^ "D-Root is Changing its IPv4 Address on 3 January 2013". Archived from the original on 10 March 2013. Retrieved 16 December 2012.


  17. ^ RISwhois, excluding less-specific AS3303 route announcement


  18. ^ D-root History page


  19. ^ "RIS — RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 2017-10-30.


  20. ^ ab "RIS — RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 2014-01-23.


  21. ^ F-root | Internet Systems Consortium


  22. ^ "RIS — RIPE Network Coordination Centre". Ris.ripe.net. 2013-09-18. Retrieved 2014-01-23.


  23. ^ abc "Advance notice - H-root address change on December 1, 2015". DNSOP. 31 August 2015. Retrieved 19 February 2018.


  24. ^ "RIS — RIPE Network Coordination Centre". Ris.ripe.net. 2014-01-02. Retrieved 2014-01-23.


  25. ^ "RIS — RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 2014-01-23.


  26. ^ ab "RIS — RIPE Network Coordination Centre". Ris.ripe.net. Retrieved 2014-01-23.


  27. ^ "RIS — RIPE Network Coordination Centre". Ris.ripe.net. 2013-06-20. Retrieved 2014-01-23.


  28. ^ "Peering Networks Detailed View". Peeringdb.com. 2013-10-21. Retrieved 2014-01-23.


  29. ^ K-root Homepage


  30. ^ "Advisory — "L Root" changing IP address on 1st November". ICANN.


  31. ^ "L-Root IPv6 Renumbering". ICANN. Archived from the original on 22 April 2016.


  32. ^ [1], excluding less-specific AS3303 route announcement


  33. ^ "Peering Networks Detailed View". Peeringdb.com. 2013-04-15. Retrieved 2014-01-23.


  34. ^ l.root-servers.net


  35. ^ "RIS — RIPE Network Coordination Centre". Ris.ripe.net. 2013-10-21. Retrieved 2014-01-23.


  36. ^ "Peering Networks Detailed View". Peeringdb.com. 2013-12-23. Retrieved 2014-01-23.


  37. ^ ICANN Bylaws XI-2.3


  38. ^ IANA: Root Files


  39. ^ ISOC, DNS Root Name Servers explained for the non-expert, (Available online, accessed 19 March 2010.)




Further reading


.mw-parser-output .refbegin{font-size:90%;margin-bottom:0.5em}.mw-parser-output .refbegin-hanging-indents>ul{list-style-type:none;margin-left:0}.mw-parser-output .refbegin-hanging-indents>ul>li,.mw-parser-output .refbegin-hanging-indents>dl>dd{margin-left:0;padding-left:3.2em;text-indent:-3.2em;list-style:none}.mw-parser-output .refbegin-100{font-size:100%}


  • Root Server Technical Operations Association

  • List of Root Servers, IANA.

  • Root Servers' Geographical Locations on Google Maps

  • DNS Root Server System Advisory Committee

  • DNS Root Name Servers Explained For Non-Experts

  • DNS Root Name Servers Frequently Asked Questions

  • Location of Root servers in Asia-Pacific

  • Bogus Queries received at the Root Servers


  • RFC 2826 - IAB Technical Comment on the Unique DNS Root


  • RFC 2870 - Root Name Server Operational Requirements


  • RFC 4697 - Observed DNS Resolution Misbehavior (from observations on the Root Servers)

  • ORSN, Open Root Server Network - an unrelated, competing DNS-based name infrastructure




External links



  • Root Server Technical Operations Association

  • Root Files, IANA

  • orsn.org Open Root Server Network


  • Root Server response times[permanent dead link]

  • DNS root nameservers explained for non-experts









這個網誌中的熱門文章

12.7 cm/40 Type 89 naval gun

Rikitea

University of Vienna