Additional Services »

Home / Blogs

New Instance of DNS Root Server Makes Internet History

  • Jan 28, 2004 10:44 AM PDT
  • Comments: 0
  • Views: 21,470
Print Comment
By Paul Rendek

For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server.

The K-root server is one of the 13 DNS root servers that resolve lookups for domain names all over the world and form a critical part of the global Internet infrastructure. The K-root server has been operated by the RIPE NCC since 1997 when the first server was installed at the London Internet Exchange (LINX) in London, UK.

Deployment of anycast instances of the K-root server further improves the distribution of this crucial service in various Internet regions and its resilience against Distributed Denial of Service (DDoS) attacks. As K-root is one of the 13 root servers, this also means improvement for the whole Root Server System.

RIPE NCC technicians were among the pioneers of the anycast concept for root servers and have deployed instances of the K-root server, hosted at the LINX, at the AMS-IX in Amsterdam and at the DE-CIX, Frankfurt. They are planning to have up to 10 instances of the K-root server deployed by the end of 2004.

"We operate K-root as a service to the Internet at large on behalf of our 3,500 members, across more than 100 countries, to whom we provide Internet resources and co-ordination services," stated Axel Pawlik, Managing Director of the RIPE NCC. "As a membership association we are directly responsible for fulfilling the needs of our members. Our members are committed to providing reliable DNS service because their businesses depend on it."

Anycast allows exact copies of the server, including the name and IP address, to be deployed in different locations. These copies are deployed in collaboration with local partners but are under sole management and administrative control of the RIPE NCC. Using anycast makes the root server system more difficult to attack and improves the DNS response for local communities by providing shorter paths between clients and servers.

"Our strategy is to deploy servers at multiple locations where there is a lot of Internet connectivity. We do that in close co-operation with ISPs who are also our members," said Andrei Robachevsky, Chief Technology Officer at the RIPE NCC. "However, by taking full operational responsibility for the servers themselves, the RIPE NCC can build a very strong service that is resilient to disasters and attack."

By locating the servers at Internet exchange points, they have the advantage of being as hardened as the infrastructure at these points themselves. "This is very economical because we do not need to spend extra money to harden these sites or to develop their connectivity," noted Robachevsky. "Service quality and security is not always proportional to money spent."

"We do not need fancy, hardened Network Operations Centres," added Daniel Karrenberg, Chief Scientist of the RIPE NCC, who installed the first instance of k.root-servers.net at the London Internet Exchange (LINX) back in 1997. "Our engineering builds on diversity and distribution of functions. The servers will continue to run reliably for a very long time even if our Network Operations Centres should be down. We monitor the quality of the root name service from more than 50 locations worldwide, and we publish the results for everyone to see."

These results are available through the RIPE NCC DNS Monitoring site. The site uses Test Traffic Measurements (TTM) network to provide an up-to-date service overview of certain DNS root and Top-Level Domain (TLD) name servers. The DNS Monitoring service is available at: http://dnsmon.ripe.net

"The strength of the Internet does not come from centralistic or hierarchical designs but from de-centralised and distributed design and engineering," noted Karrenberg. "Operationally, the root servers are equal peers and client software can choose any one of them based on an estimate of which provides the best service to the client's location at the time."

The strength of the root name server system lies in its diversity on all levels, a legacy of the late Jon Postel who oversaw its construction in the 1990s. "It is not a weakness but a strength of the system that servers are operated by a widely diverse group of organisations," said Pawlik. "Measurements show that the current system is performing well," he added. "It will be hard to introduce more central or hierarchical structures without substantially weakening the system as a whole."

By Paul Rendek, Head of Member Services and Communications

Related topics: DNS, Domain Names, Regional Registries, Security, Top-Level Domains

Get a weekly summary of postings to CircleID:

 Master Feed (more feeds)      Twitter      Mobile
Bookmark / Email This Post
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

What Does the .CO Launch Mean for New gTLDs?

  • Sep 08, 2010
  • Comments: 4

DNS Clients Do Request DNSSEC Today

  • Sep 06, 2010
  • Comments: 7

Stopping the Flow of Online Illegal Pharmaceuticals

  • Aug 31, 2010
  • Comments: 0

House of Cards

  • Aug 27, 2010
  • Comments: 3

ICANN's Tokyo Meeting Provides a Little More Clarity on the New gTLD Program

  • Aug 27, 2010
  • Comments: 6
View More

Related News

NIST Issues Smart Grid Cybersecurity Guidelines

  • Sep 07, 2010
  • Comments: 0

IPv6 Posing New Security Issues

  • Sep 03, 2010
  • Comments: 0

White House Calls for a Meeting with Domain Registrars, Registries, and ICANN

  • Aug 27, 2010
  • Comments: 0

ICANN Looking Into Demand Media's eNom After Serious Allegations by Security Group

  • Aug 21, 2010
  • Comments: 2

Intel to buy McAfee for $7.68 Billion, Biggest Acquisition in 42-Year History

  • Aug 19, 2010
  • Comments: 0
View More

Other Topics

Access Providers Broadband Censorship Cloud Computing Cyberattack Cybercrime Cybersquatting Data Center DNS DNSSEC Domain Names Domain Registries Email Enum ICANN Internet Governance Internet Protocol IP Addressing IPTV IPv6 Law Malware Mobile Multilinguism Net Neutrality P2P Policy & Regulation Privacy Regional Registries Security Spam Telecom Top-Level Domains VoIP Web White Space Whois Wireless
View More

Industry Updates – Sponsored Posts

Neustar Deploys DNSSEC and Registry Lock for .BIZ Domain Name

Dyn Inc. Acquires EditDNS and Launches Dynect SMB

.ORG the Public Interest Registry Announced Today That Alexa Raad Has Resigned as President and CEO

  • By PIR
  • Views: 478

Afilias' Project Safeguard to Boost Global DNSSEC Deployment by 50 Percent

.ORG, The Public Interest Registry Releases Results of Bi-Annual Domain Name Report, "The Dashboard"

  • By PIR
  • Views: 850

Afilias Announces Judging Panel for 2010 .INFO Awards

Afilias Opens .INFO Awards to Select the Best Websites of 2010

.CO Internet Announces Landrush Auctions for .CO Domain Names

Registrar DNSSEC Implementation Cheat Sheet

  • By PIR
  • Views: 1,035

Internationalised Domain Names Set to Take Off with Approval of IDNA 2008 Protocol

400,000 .CO's and Counting!

BlueCat Networks Selects Afilias to Power New DNS Offering

Hosting Companies Need Advanced DNS, Here's Why…

Brussels and the Month Afterwards: Celebrations, New gTLD and Security and Stability Issues Ahead

  • By PIR
  • Views: 1,285

.ORG Inserts DNSSEC Key Into The Root Zone

  • By PIR
  • Views: 1,439

.CO is "Google-National"

Dyn Inc. Announces Two Strong Network Additions to Support Evolving Client Roster

Leading Registrars Supporting DNSSEC

  • By PIR
  • Views: 1,478

.CO Domain Names Now Available to the Public

Black Lotus Selects Afilias to Improve DNS Reliability

View More