The Domain Name System (DNS) relies on a hierarchical database system. At the top of this system sit thirteen root servers with names following the format letter.root-servers.net, where the letter ranges from A to M.

Many people mistakenly assume that there are only 13 root servers in the world. In fact, each root server notation represents a cluster of servers dispersed all over the world. Each of these is administrated by different organizations.

The cluster of servers working for a particular letter of root servers uses the routing technique of “anycasting,” according to RFC 15461:

“There are a number of situations in networking where a host, application, or user wishes to locate a host which supports a particular service but, if several servers support the service, does not particularly care which server is used.  Anycasting is an internetwork service which meets this need.  A host transmits a datagram to an anycast address and the internetwork is responsible for providing best effort delivery of the datagram to at least one, and preferably only one, of the servers that accept datagrams for the anycast address.

Check out these links for a geographical mapping of the root servers’ locations:
http://www.icann.org/maps/root-servers.htm
http://www.circleid.com/posts/dns_root_servers_google_maps/ (on Google Maps)

Root servers serve as the final point of resort to resolve the Top Level Domain (TLD). For example, if your DNS servers do not know where to locate the DNS record of the “.jp” of the domain name www.jetro.go.jp, it will query the root servers to locate the DNS server taking part in the resolution of TLD “jp” and then continue the resolution of the domain “go.jp” by the DNS server referred by the root server. This domain name resolution process works recursively until it gets an authoritative answer for the requested host of the domain name www.jetro.go.jp.

In fact, DNS servers rarely query the root servers as they cache any previously resolved domain names, including those of the TLDs. Depending on a DNS server’s configuration, it usually keeps those responses in the cache for two days. Therefore, considering the example given above, the DNS server will store the DNS server information to process TLD “jp” in the cache memory, so that each query related to TLD “jp” will go directly to the DNS server handling “jp” TLD without repeatedly querying the root servers.

Perhaps the most common reason for your DNS servers to query root servers is an error in typing a non-exiting TLD. For instance, if you mistakenly type “jq” instead of “jp” in the above domain name, your DNS servers have not yet resolved any TLD of “jq”. Therefore, it has to go to the root server to check for its related information. Of course, in this case, the root server will return a non-existing error message to your DNS servers, and you are notified of the failure to locate the domain name.

As the root servers are dispersed all over the world, it is quite difficult technically to launch an attack on all of them at the same time. Therefore, it is unlikely that this robust system will stop servicing the Internet community because of common attack such as DOS (Denial of Service), even by the most well planned hacking activity. This is fortunate, since the DNS root server system is a vital part of the Internet, serving thousands or millions of people online everyday.

If you are interested to understand more about root DNS servers’ operation, go to this link for more details:
http://www.isoc.org/briefings/020/

1 Partridge, C., Mendez, T., Milliken, Walter. (1993) Request for Comments: 1546, Network Working Group, Available from: http://rfc.net/rfc1546.html [Accessed 4 April 2008]

Tags: DNS Root Servers Attack, anycasting, TTL