There are 13 logical root name servers specified, with logical names in the form letter.root-servers.net, where letter ranges from a to m. The choice of thirteen name servers was made because of limitations in the original DNS specification, which specifies a maximum packet size of 512 bytes when using the User Datagram Protocol (UDP).[7] Technically however, fourteen name servers fit into an IPv4 packet. The addition of IPv6 addresses for the root name servers requires more than 512 bytes, which is facilitated by the EDNS0 extension to the DNS standard.[8]
This does not mean that there are only 13 physical servers; each operator uses redundant computer equipment to provide reliable service even if failure of hardware or software occurs. Additionally, all operate in multiple geographical locations using a routing technique called anycast addressing, providing increased performance and even more fault tolerance. An informational homepage exists for every logical server (except G-Root) under the Root Server Technical Operations Association domain with web address in the form http://letter.root-servers.org/, where letter ranges from a to m.
Ten servers were originally in the United States; all are now operated using anycast addressing. Three servers were originally located in Stockholm (I-Root), Amsterdam (K-Root), and Tokyo (M-Root) respectively. Older servers had their own name before the policy of using similar names was established. With anycast, most of the physical root servers are now outside the United States, allowing for high performance worldwide.
Letter | IPv4 address | IPv6 address | AS-number[9] | Old name | Operator | Location & Nr. of sites (global/local)[10] | Software |
---|---|---|---|---|---|---|---|
A | 198.41.0.4 | 2001:503:ba3e::2:30 | AS19836,[9][note 1] AS36619, AS36620, AS36622, AS36625, AS36631, AS64820[note 2][11] | ns.internic.net | Verisign | Distributed using anycast 14/2 | NSD and Verisign ATLAS |
B | 199.9.14.201[note 3][12][13] | 2001:500:200::b[14] | AS394353[15] | ns1.isi.edu | USC–ISI | Distributed using anycast 6/0 | BIND |
C | 192.33.4.12 | 2001:500:2::c | AS2149[9][16] | c.psi.net | Cogent Communications | Distributed using anycast 10/0 | BIND |
D | 199.7.91.13[note 4][17] | 2001:500:2d::d | AS27[9][18] | terp.umd.edu | University of Maryland | Distributed using anycast 22/127 | NSD[19] |
E | 192.203.230.10 | 2001:500:a8::e | AS21556[9][20] | ns.nasa.gov | NASA Ames Research Center | Distributed using anycast 117/137 | BIND and NSD |
F | 192.5.5.241 | 2001:500:2f::f | AS3557[9][21] | ns.isc.org | Internet Systems Consortium | Distributed using anycast 119/119 | BIND[22] |
G[note 5] | 192.112.36.4[note 6] | 2001:500:12::d0d[note 6] | AS5927[9][23] | ns.nic.ddn.mil | Defense Information Systems Agency | Distributed using anycast 6/0 | BIND |
H | 198.97.190.53[note 7][24] | 2001:500:1::53[note 8][24] | AS1508[24][note 9][25] | aos.arl.army.mil | U.S. Army Research Lab | Distributed using anycast 8/0 | NSD |
I | 192.36.148.17 | 2001:7fe::53 | AS29216[9][26] | nic.nordu.net | Netnod | Distributed using anycast 63/2 | BIND |
J | 192.58.128.30[note 10] | 2001:503:c27::2:30 | AS26415,[9][27] AS36626, AS36628, AS36632[27] | N/A | Verisign | Distributed using anycast 63/55 | NSD and Verisign ATLAS |
K | 193.0.14.129 | 2001:7fd::1 | AS25152[9][28][29] | N/A | RIPE NCC | Distributed using anycast 70/3 | BIND, NSD and Knot DNS[30] |
L | 199.7.83.42[note 11][31] | 2001:500:9f::42[note 12][32] | AS20144[9][33][34] | N/A | ICANN | Distributed using anycast 165/0 | NSD and Knot DNS[35] |
M | 202.12.27.33 | 2001:dc3::35 | AS7500[9][36][37] | N/A | WIDE Project | Distributed using anycast 4/1 | BIND |
A map of the thirteen logical name servers, including anycasted instances, at the end of 2006.
There are also several alternative namespace systems with an alternative DNS root using their own set of root name servers that exist in parallel to the mainstream name servers. The first, AlterNIC, generated a substantial amount of press.[citation needed]
The function of a root name server may also be implemented locally, or on a provider network. Such servers are synchronized with the official root zone file as published by ICANN, and do not constitute an alternate root.
This section is missing information about 2010 and 2012 China GFW issues with anycast endpoints. Please expand the section to include this information. Further details may exist on the talk page. (July 2020) |
As the root name servers are an important part of the Internet, they have come under attack several times, although none of the attacks have ever been serious enough to severely affect the performance of the Internet.
Root server supervision[edit]
The DNS Root Server System Advisory Committee is an ICANN committee. ICANN’s bylaws[38] assign authority over the operation of the root name servers of the Domain Name System to the DNS Root Server System Advisory Committee.
Root zone file[edit]
The root zone file is a small (about 2 MB) data set[6] whose publication is the primary purpose of root name servers. This is not to be confused with the root.hints file used to bootstrap a resolver.
The root zone file is at the apex of a hierarchical distributed database called the Domain Name System (DNS). This database is used by almost all Internet applications to translate worldwide unique names such as www.wikipedia.org into other identifiers such as IP addresses.
The contents of the root zone file is a list of names and numeric IP addresses of the authoritative DNS servers for all top-level domains (TLDs) such as com, org, edu, and the country code top-level domains. On 12 December 2004, 773 different authoritative servers for the TLDs were listed. Later the number of TLDs increased greatly. As of July 2020, the root zone consisted of 1511 TLDs (that does not include 55 domains that are not assigned, 8 that are retired and 11 test domains). Other name servers forward queries for which they do not have any information about authoritative servers to a root name server. The root name server, using its root zone file, answers with a referral to the authoritative servers for the appropriate TLD or with an indication that no such TLD exists.[39]