World Library  
Flag as Inappropriate
Email this Article

DNS root zone

Article Id: WHEBN0000286054
Reproduction Date:

Title: DNS root zone  
Author: World Heritage Encyclopedia
Language: English
Subject: In the news/Candidates/March 2014, .ninja, AlterNIC, Domain Name System, .root
Collection: Domain Name System
Publisher: World Heritage Encyclopedia

DNS root zone

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.


  •, on DNS Root Servers
  •, paper on root server location problem
  •, More root server instances outside the U.S. than inside

External links

  • "NTIA announces intent to transition key internet domain name functions". Office of Public Affairs.  

Further reading

  • RFC 2870 – Root Name Server Operational Requirements
  • RFC 2826 – IAB Technical Comment on the Unique DNS Root
  1. ^ Jerry Brito (2011-03-05). "ICANN vs. the World". TIME. Retrieved 2011-12-17. 
  2. ^ a b c d e f Farivar, Cyrus (14 March 2014). "In sudden announcement, US to give up control of DNS root zone".  
  3. ^ a b "Root Servers". IANA. Retrieved March 16, 2014. 
  4. ^, Official named.cache distribution
  5. ^ "SANS Institute InfoSec Reading Room". SANS. Retrieved March 17, 2014. 
  6. ^ a b Bradley Mitchell (November 19, 2008). "Why There Are Only 13 DNS Root Name Servers". Retrieved March 17, 2014. 
  7. ^ "DNS Root Servers: The most critical infrastructure on the internet". Slash Root. November 15, 2013. 
  8. ^ "Root Server Technical Operations Assn". Retrieved 8 March 2013. 
  9. ^ "Root DNSSEC: Information about DNSSEC for the Root Zone". Internet Corporation For Assigned Names and Numbers. Retrieved 2014-03-19. 
  10. ^ "First KSK Ceremony". Internet Corporation For Assigned Names and Numbers. 2010-04-18. Retrieved 2014-10-19. 


See also

Since July 2010, the root zone has been signed with a DNSSEC signature,[9] providing a single trust anchor for the Domain Name System that can in turn be used to provide a trust anchor for other public key infrastructure (PKI). The root zone is re-signed periodically with the root zone key signing key performed in a verifiable manner in front of witnesses in a key signing ceremony.[10]

Signing of the root zone

ICANN's contract to perform the IANA function expires on September 30, 2015. Its role will not be affected immediately by the NTIA announcement.[2]

According to Assistant Secretary of Commerce for Communications and Information, Lawrence E. Strickling, March 2014 was the right time to start a transition of the role to the global Internet community. The move came after pressure in the fallout of revelations that the United States and its allies had engaged in surveillance. The chairman of the board of ICANN denied the two were connected, however, and said the transition process had been ongoing for a long time. ICANN president Fadi Chehadé called the move historic and said that ICANN will move toward multi-stakesholder control. Various prominent figures in Internet history, not affiliated with ICANN, also applauded the move.[2]

Since 1997, when the Internet was transferred from U.S. government control to private hands, NTIA has exercised stewardship over the root zone. A 1998 Commerce Department document stated the agency was "committed to a transition that will allow the private sector to take leadership for DNS management" by the year 2000, however, no steps to make the transition happen were taken. In March 2014, NTIA announced it will transition its stewardship to a "global stakeholder community".[2]

The content of the Internet root zone file is coordinated by the Internet Corporation for Assigned Names and Numbers (ICANN), which operates as the Internet Assigned Numbers Authority (IANA). Changes also must be authorized by the National Telecommunications and Information Administration (NTIA) of the U.S. Department of Commerce.[2] VeriSign generates and distributes the zone file to the various root server operators.


The modern trend is to use anycast addressing and routing to provide resilience and load balancing across a wide geographic area. For example, the server, maintained by VeriSign, is represented by 74 (as of October 2014) individual server systems located around the world, which can be queried using anycast addressing.[8]

The root name servers are hosted in multiple secure sites with high-bandwidth access to accommodate the traffic load. At first, all of these installations were located in the United States; however, the distribution has shifted and this is no longer the case.[7] Usually each DNS server installation at a given site is a cluster of computers with load-balancing routers.[6] A comprehensive list of servers, their locations, and properties is available at As of October 2014, there were 504 root servers worldwide.

The root DNS servers are essential to the function of the Internet, as most Internet services, such as the World Wide Web and electronic-mail, are based on domain names. The DNS servers are potential points of failure for the entire Internet. For this reason, multiple root servers are distributed worldwide across the Internet.[5] The number has been limited to thirteen addresses in DNS responses because DNS was limited to 512-byte packets until protocol extensions (EDNS) lifted this restriction.[6] While it is possible to fit more entries into a packet of this size when using label compression, thirteen was chosen as a reliable limit. Since the introduction of IPv6, the successor Internet Protocol to IPv4, previous practices are being modified and extra space is filled with IPv6 name servers.

Redundancy and diversity

With the address of a single functioning root server, all other DNS information may be discovered recursively, and information about any domain name may be found.

The root servers have the official names to[3] To resolve these names into addresses, a DNS resolver must first find an authoritative server for the net zone. To avoid this circular dependency, the address of at least one root server must be known for bootstrapping access to the DNS. For this purpose operating systems or DNS server or resolver software packages typically include a file with all addresses of the DNS root servers. Even if the IP addresses of some root servers change over the years, at least one is needed to retrieve the current list of all name servers. This address file is called named.cache in the BIND name server reference implementation. The current official version is distributed by ICANN's InterNIC.[4]

The DNS root zone is served by thirteen root server clusters which are authoritative for queries to the top-level domains of the Internet.[3][2] Thus, every name resolution either starts with a query to a root server, or, uses information that was once obtained from a root server.

Initialization of DNS service


  • Initialization of DNS service 1
  • Redundancy and diversity 2
  • Management 3
  • Signing of the root zone 4
  • See also 5
  • References 6
  • Further reading 7
  • External links 8

A combination of limits in the DNS definition and in certain protocols, namely the practical size of unfragmented User Datagram Protocol (UDP) packets, resulted in a limited number of root name server addresses that can be accommodated in DNS name query responses. This limit has determined the number of name server installations as thirteen clusters, serving the needs of the entire Internet.

. It is not known whether Verisign will continue in this role following the end of NTIA involvement. Verisign (IANA), while the root zone maintainer is Internet Assigned Numbers Authority), acting as the ICANN Through the NTIA, the root zone is managed by the Internet Corporation for Assigned Names and Numbers ([2]

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.