This article will give an introduction on the Internet Domain Name System, DNS in short. Furthermore, it will explain its function and the role DNS root servers play.
Additionally, for the technically inclined, we will have a quick glance at the technical details of the K-root system, operated by RIPE.
Putting it short, DNS is one of the pillars of the modern Internet and you are using the DNS at this very moment, possibly without even noticing.
A good, one sentence summary of what the DNS can be found on the English Wikipedia:
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network.
Source: DNS Article, English Wikipedia
This may sound very technical, so let’s dive into an example on how you have just used the DNS:
Right now you are reading this blog post at https://anexia.com/blog/. But how did your browser manage to obtain this article?
Stripping the HTTP-related parts off of our example URL above leaves us with anexia.com. This part is what is commonly referred to as host name.
Contacting a server can be compared to a phone call directed to a company. At this moment you know the company’s name – which can be compared to the host name in our example – but you are missing the phone number.
The phone number, when applied to the Internet, is an IP address. This unique number identifies a computer on the Internet, just like a phone number would in a telephone network.
Getting back to calling a company by phone, you would most likely grab a copy of the yellow pages and look up the company’s phone number. This is exactly the problem the DNS solves and what it can be thought of: the Internet’s yellow pages.
The DNS itself serves a great many more purposes, but for the sake of this article, we will be shedding light only on doing name-to-number lookups.
Looking at our example again, it becomes obvious as to what your computer needs to do. It needs to contact the DNS in order to get the correct IP address for the host name anexia.com.
This is done by contacting a local DNS resolver. This is a system operated either by an organization, like the company you work for, or your ISP. The DNS resolver is somewhat of a local copy of the most recently looked up host names, along with their IP addresses(DNS cache).
If anybody using the same resolver has just navigated to anexia.com, the resolver already knows the answer and will return the IP address back to your computer. But what happens if the resolver does not have an answer on file yet?
How the DNS works
If a DNS resolver is unable to respond from its cache, it will contact the name server responsible for the domain.
The DNS is organized as a tree, as shown in the following illustration.
As you can see, there are multiple levels in the DNS hierarchy. From top to bottom, each level contains delegations to the next level, meaning that each level contains information on how to interact with the level below it – we will get back to this shortly.
The top level is called “root”. To go into detail, we will need to make a minor adjustment to our example host name. That is, every host name has to end with a dot, which is usually omitted. Thus, the name we are trying to resolve is actually anexia.com. – including the trailing dot.
Host names are evaluated from right to left, meaning they are read in the following way: dot – com – dot – anexia-it – dot – www
The first part the resolver stumbles across, when it reads the host name this way, is a single dot. This correlates with the “root” level in the figure above.
The second part is “.com”, which correlates with the second level in the graphic, the “top level domain”.
And so on and so forth, down to the last part, the “.www”.
As mentioned above, every level contains information on how to contact the level underneath it. What is missing right now is a starting point at the “root” level. This is where the DNS root servers come into play.
In short, every DNS resolver has the IP addresses of these DNS root servers built-in.
These are the starting point of every lookup. In our telephone analogy these would most likely be described as being “global” yellow pages. However, these would not contain all the phone numbers of all the companies around the world, but would rather show how to get the yellow pages for a given country(Top-Level-Domain).
So, a complete lookup for our example would look like this:
This is a little bit simplified though, as every level may contain multiple DNS servers, for failure-resilience and load-balancing reasons.
However, with this information in hand, the DNS resolver you are using updates its cache – so it may answer subsequent questions without having to wander around the Internet asking for help and hands over the final response – anexia.com is at 22.214.171.124 – to your browser.
This finally enables your browser to contact the web server and obtain the web-page you requested.
This may look over-engineered at first, but that is not the case as this approach allows for updates to these huge, distributed yellow pages, without actually having to update one giant DNS server that handles everything, if there is a change at a level that’s not directly beneath it. Besides that, this distributes the load over a vast amount of servers, ensuring that you do not have to take a coffee break every time you open up a web-page in your browser.
Let’s carry on and have a closer look at the exact role of the DNS root servers and how they are organized.
DNS root servers
As seen in the example above, the DNS root servers are the first point DNS resolvers need to contact when looking up host names. It probably need not be said, but without these servers, the DNS would not be able to operate at all.
IANA – the Internet Assigned Names Authority – is responsible for the DNS as a whole, and thus also for the “root zone”, which contains the IP addresses of the DNS root servers.
There are a total of 13 root servers, named from “a” to “m”, which are operated by various organizations around the globe. Each of these servers is not only a single computer, but a cluster of multiple systems, providing a fault-tolerant configuration.
The role of the root servers in today’s Internet is becoming more important again. This can be attributed to technologies like DNSSEC, which suggest direct contact from DNS resolvers to the root servers in order to verify the chain of trust.
One of these 13 servers, the K Root Server, is operated by the RIPE NCC. This, like all the others, is a cluster of multiple machines, and ANEXIA is now taking part in this and is now hosting one of these systems in Vienna, Austria.
As promised, we are now diving deeper into the technical spheres of the K-root servers.
The K-root servers are hosted in various locations around the globe. From a technical point-of-view, IPv4 and IPv6 Anycast is used to direct traffic to the – from a networking point-of-view – nearest K-root node.
This is achieved by the respective K-root servers peering directly with their hosts, like ANEXIA, and announcing the Anycast prefixes from AS25152.
By hosting a K-root server in Austria, ANEXIA tries to take part in ensuring both the stability and high-performance of the K-root servers. The server itself is operated by RIPE NCC, whereas all hosting services, including rack space and network uplinks, as well as the hardware, are provided by ANEXIA.
For more details on the K-Root servers, head over to http://k.root-servers.org/