Internet Guide Logo

DNS Root Name Servers: Currently 13 Named Authorities

Last Edit: 27/03/17

The DNS root name servers are computers that serve the root zone of the Domain Name System (DNS). The Domain Name System (DNS) is a naming system for the Internet which creates a domain namespace and converts domain names to host locations (IP address). The highest level in the Domain Name System (DNS) is the root zone: a nameless zone that creates / administers a root zone file for the location of the top level domain operators (registries). The root name servers store this root zone file and provide it to other DNS name servers and DNS resolvers who query the root zone. The root zone file is not created by the root name server operators, they simple host it, the file is given to them by the Internet Assigned Numbers Authority (IANA); who in turn are overseen by ICANN, who were previously overseen by the United States Department of Commerce (DOC).

Internet traffic does not pass through the DNS root name servers - they are not routing servers - they are the ultimate authority of the DNS and respond to DNS queries regarding naming issues and resolution. The DNS root name servers do not store every DNS record, the Domain Name System (DNS) uses a distributed database structure, where the burden of processing DNS queries is spread amongst a hierarchy of DNS name servers; however, the root servers are the ultimate authorities for solving a naming issue. Typically, the root name servers hold DNS data for the top level domains - com, org, net, info, edu, gov - and queries for second level domains in the top level domains which be directed to name servers hosted by the registries (operators) of these top level domains. Root name servers are not queried continuously by DNS servers, they are usually only queried once or twice every 24-48 hours, this is because DNS servers cache queries from their end users so that the burden placed on the root name servers is decreased and performance is improved 'across the board'.

There are currently 13 root name servers that are operated by 12 independent organisations; two are operated by Verisign. The servers are named alphabetically: a.root-servers.net to m.root-servers.net. The current root name servers are published by IANA on their website, and are reproduced below:

As you may have noticed, apart from RIPE NCC (European) all of the root name server managers are U.S. organisations: this is because the development of the Internet was originally funded by the U.S. government and the Domain Name System (DNS) operation was overseen by the U.S. government until 2016. While the organisations who manage the root name servers are mostly U.S. organisations, the equipment used to operate the servers are located across the globe: in over 50 countries and 125 geographical locations. There is no single location / server for each root server letter; this would create the possibility of a catastrophic failure point, the burden for each root server letter is spread across location sites; such as LINX (London Internet Exchange) for the l.root-servers.net. The root name server managers are selected by Internet Assigned Numbers Authority (IANA), and in the future they be may changed to better represent an international multi-stake holder structure. By spreading root zone services across 13 servers, the possibility of information provided by a server being manipulated is decreased, due to the improbability of it occuring at 12 organisations.

The operation of the root name servers is funded by the managers of them; how the managers fund the operation differs for each one, some are U.S. government bodies and are funded by the U.S. tax payer, RIPE is funded by over 4000 independent European Internet Service Providers. While IANA selects the root name server managers, it does not dictate how the managers operate the servers, this responsibility is given entirely to the managers with no authority overseeing it; IETF have outlined some minimum requirements. The software the root name servers use differs, but it is usually a version of BIND (bind8, bind9) or NSD. The robustness of this software is extreme, vulnerabilities are rarely found; due to the serious role the root name servers and name servers play in the operation of the Internet, DNS software is extensively tested for bugs. DDoS attacks have been directed at the root name servers but have never successfully disabled all the servers. Root name server managers upgrade the equipment of their servers regularly, and due to the core function the DNS plays for the Internet, the managers take their responsibility seriously. Few things on the Internet are organised with a clear hierarchical structure: the root name servers are an exception, placed at the pinnacle of the Internet's naming system.