Root-Nameserver

Root name server, just root servers are servers for name resolution at the root (root ) of the domain name system on the Internet. The zone of the root servers includes names and IP addresses of all name servers of all top -level domains (TLD ).

Root servers are operated by different institutions. The Internet Corporation for Assigned Names and Numbers (ICANN ) coordinates the operation.

Root server

There are 13 root name servers, which are named x.root - servers.net according to the scheme. Each root name server is reachable under an IPv4 address, most additionally an IPv6 address. Most root name servers anycast set a load-balancing, so the 13 addresses served by actually hundreds of servers at different locations in the world.

Updating the contents

Amendments to the root zone are first reviewed by ICANN as part of the IANA functions to technical correctness, then forwarded to the U.S. Department of Commerce. This commissioned VeriSign to publish the change of zone. All root servers synchronize their database of redundant distribution servers from VeriSign. In the past, the root servers synchronized twice daily directly from the A - root, but this was abandoned in order to eliminate this single point of failure.

Resiliency and attacks

The root servers are handling a very large number of requests, a significant part of it caused by faulty software or network configuration. Filtering at the DNA level does not take place, as this would expend more resources because of the simplicity of a DNS request, as to answer all inquiries.

According to RFC 2870, each root server must be able to handle three times the peak of the most heavily loaded root server. This means that a root server in normal operation may utilize only a maximum of one third of its capacity. If two -thirds of the root server that is still serviceable third can answer the questions.

The attack with the greatest effect on the root servers took place on 21 October 2002. A DDoS carried out for 75 minutes with a total of 900 Mbit / s ( 1.8 Mpkts / s) on all 13 root servers. Although all root servers were run, as the upstream firewalls rejected the attack traffic, but about nine root servers were bad through the flooded lines to impossible to reach. Root server lookups were thus significantly delayed by caching but there was hardly interference among users. Triggered by the DDoS attack the implementation of Anycast was accelerated.

Another attack took place on 15 February 2006, a few days after the nameservers an undisclosed ICANN top-level domain had been attacked. This DDoS attack was carried out as DNS Amplification Attack, thereby multiplied the arisen data volume. Two of the only three contested root servers were unavailable for 15 minutes.

On February 6, 2007, another DDoS attack on the root servers and the same time on some TLD name server took place. Two root servers were unreachable.

Criticism

Critics consider the voice of the U.S. government as problematic. This concerns the legal status of ICANN, which is, as a Californian institution to U.S. laws. On the other hand, ICANN is bound since its foundation by means of a Memorandum of Understanding ( MoU) at the U.S. Department of Commerce. The MoU was last extended in 2006 for three years.

Also VeriSign, the distributed instance of the root zone changes, subject to a California company of the U.S. legislation.

To reduce the influence of the USA on the Domain Name System was created with the collaboration of Internet pioneers like Paul Vixie, 2002, the Open Root Server Network ( ORSN ) as an alternative root. The operation of the ORSN was set at December 31, 2008, but recorded in 2013 in response to PRISM and tenses again.

Alternative DNS Roots

In addition to the ICANN root servers, there are a number of alternative root server networks, which have arisen from political or commercial reasons. The aforementioned Open Root Server Network sees itself as a political non-profit alternative to reduce the impact of ICANN on the Domain Name System. Commercial DNS Roots aim domains for sale below its own top- level domains. These TLDs are only users of the relevant provider to access as they are not present in the ICANN root zone.

Public - Root sees itself as an independent non -profit alternative. In addition to the top- level domains ICANN - zone Public - Root dissolves and top- level domains of commercial providers UN1D and TLD.NAME. Another alternative DNS root operators is OpenNIC, operated his own words by volunteers with no commercial interests. In addition to the top- level domains ICANN OpenNIC also resolves some of their own TLDs.

From the history

Originally the number was limited to 13:

• Since not more servers including the additional information in a 512 byte packet fit, determined by a conservative assumption MTU configuration.
• Because of performance reasons, UDP is the preferred protocol: a package request, one response in most cases.
• Larger packages can be divided, but earlier versions of the operating system and router have to merge these fragmented packets are not well supported, so the default DNS has prescribed to make the request again using TCP.

Before Anycast was set up 10 of the 13 root servers were in the U.S.. This has been criticized in terms of reliability as a geographical centering runs counter to the idea of decentralization of the Internet.