What Is a DNS Root Server?
Computers use numbers to locate and communicate with each other on a network. When you enter a domain name like "example.com," your computer must find the correct IP address to reach the site. A DNS root server is the first step in resolving names to numbers that computers understand.
This article explains what a DNS root server is, how it works, and its role in the functioning of the Internet.
What is a DNS root server?
DNS root servers, or root name servers, are the foundational servers at the top of the domain name system (DNS) hierarchy. They’re responsible for translating domain names into the IP addresses that computers use to communicate over the Internet.
Essentially, DNS is hierarchical. It organizes the mapping of domain names to IP addresses in a structured way. At the top are root servers controlling the root zone, a list of all top-level domains. Root servers use this list to direct web traffic to the correct place.
Root servers are the starting point for all DNS lookups on the vast Internet, from typing in the URL to the webpage loading onto your screen. These systems respond to requests for the root zone, which is the top level of the DNS hierarchy.
When a user enters a domain name into their browser, the request is sent to a DNS resolver. The resolver then queries a DNS root server to locate the top-level domain (TLD) server for the domain in question.
The root server doesn't know the actual IP address of the specific website you're looking for. But it does know the addresses of the servers responsible for managing top-level domains like .com, .org, or .net.
Therefore, it directs the query to the appropriate TLD server.
This hierarchical system allows DNS to efficiently handle the vast number of domain names used across the Internet. There are 13 root server addresses managed by different organizations worldwide, distributed globally to ensure redundancy.
How DNS root servers work
The DNS root name server is essential for the functioning of the Internet as it helps maintain the organization of the DNS.
Without domain servers, the Internet would no longer be as reliable as it is today. They impact users' ability to access websites and online services.
Here’s how DNS servers work in the process of name resolution.
Initial request to DNS server
When you enter a website address in your browser, it doesn’t go directly to that website. It first checks with a DNS server from your Internet service provider or from a DNS server you’ve set up. This server checks if it already has the IP address stored in its cache.
If this DNS server already has the IP address saved in its cache, it sends it back to your browser, and you go straight to the website without further steps. If not, the DNS server has to ask for help from other servers.
Query to root server
In cases where the DNS server doesn’t have the IP address, it reaches out to one of the thirteen root name servers of DNS worldwide. These servers don’t know the exact IP address for the domain; instead, they know where to find more information.
The root server points the DNS server to the right group of servers based on the domain type. For example, it will direct it to the servers that handle .com addresses.
Connecting to TLD servers
The DNS server then queries a TLD server for .com domains. The latter doesn’t know the final IP address, but it knows where to look next.
It provides the location of the authoritative name server for the original website.
Finding the authoritative name server
The DNS server now knows where to find the authoritative name server that holds the domain's IP address.
It sends a final query to this server. The authoritative server has the IP address and sends it back to the DNS server.
Final resolution
The DNS server now has the IP address and passes it to your browser, letting the browser load the website. The DNS server will also store (or “cache”) the IP address for a while. If you or someone else requests xyz.com again soon, the DNS server can provide the answer without going through all these steps.
These queries happen in milliseconds, so website loading is almost immediate. Root servers guide the DNS request down the correct path until they find the specific IP address needed.
Root DNS servers handle an enormous number of requests from around the world. Because of this, they’re attractive targets for hackers aiming to disrupt Internet service.
Who manages the DNS root servers?
DNS root server operators help keep the Internet running. They come from private companies, non-profit organizations, schools, and even the military. Each operator is solely responsible for the root server IP address on which it operates.
Most of these operating organizations started this role when the domain name system was first created. They've been handling these tasks ever since. However, one exception is the operator of the C-root server; another company took over its network from the original operator.
Root servers are managed by the 12 independent root server operators. They include:
- VeriSign Global Registry Services
- Information Sciences Institute at the University of Southern California
- University of Maryland
- U.S. Department of Defense Network Information Center
- Cogent Communications
- NASA Ames Research Center
- U.S. Army Research Lab
- Internet Systems Consortium, Inc.
- Internet Corporation for Assigned Names and Numbers (ICANN)
- Netnod
- RIPE Network Coordination Centre (RIPE NCC)
- WIDE Project
How many DNS root servers are there?
There are thirteen name server records; therefore, people believe there are thirteen default root servers. But these aren't just thirteen individual computers. Using a method called Anycast, each server is copied across thousands of physical machines globally.
The technology is also used to guarantee that the DNS system continues to work smoothly even during high traffic or in the event of an attack on a specific server.
Even though there are limited server addresses, they’re strategically spread across multiple locations. This setup helps handle Internet traffic more efficiently. When you try to visit a website, your request goes to the nearest server.
Spreading DNS servers out strengthens the Internet. If one server fails or gets attacked, others can take over, so you can keep browsing without noticing any problems.
List of root servers
| Hostname | IP address (IPv4 / IPv6) | Manager |
| a.root-servers.net | 198.41.0.4, 2002:503:ba3e::2:30 | VeriSign, Inc. |
| b.root-servers.net | 199.9.14.201, 2001:500:200::b | University of Southern California (ISI) |
| c.root-servers.net | 192.33.4.12, 2001:500:2::c | Cogent communications |
| d.root-servers.net | 199.7.91.13, 2001:500:2d::d | University of Maryland |
| e.root-servers.net | 192.203.230.10, 2001:500:a8::e | NASA Ames Research Center |
| f.root.servers.net | 192.5.5.241, 2001:500:2f::f | Internet Systems Consortium, Inc. |
| g.root-servers.net | I92.112.36, 2001:500:12::d0d | US Department of Defense (NIC) |
| h.root-servers.net | 198.97.190.53, 2001:500:1::53 | US Army (Research Lab) |
| i.root-servers.net | 192.36.148.17, 2001:7fe::53 | Netnod |
| j.root-servers.net | 192.58.128.30, 2001:503:c27::2.30 | VeriSign, Inc. |
| k.root-servers.net | 193.0.14.129, 2001:7fd::1 | RIPE NCC |
| l.root-servers.net | 199.7.83.42, 2001:500:9f::42 | ICANN |
| m.root-servers.net | 202.12.27.33, 2001:dc3::35 | WIDE Project |
Who maintains the root zone?
Root servers serve the DNS root zone, managed by the Internet Assigned Numbers Authority (IANA), part of the Internet Corporation for Assigned Names and Numbers (ICANN).
IANA creates the root zone file and secures it using the DNSSEC system to protect DNS data. They send this file to the root server operators, who publish it on their servers. The root zone file contains records for all TLDs.
National Telecommunications and Information Administration (NTIA) is another agency of the US Department of Commerce that works with ICANN to validate changes to the root zone file before they are officially implemented.
Importance of root name servers
Root name servers are beneficial to how the Internet functions. Their roles cannot be overstated and are vital for several reasons. They keep the Internet responsive by providing the initial direction for all web traffic. Furthermore, how these servers handle primary DNS queries helps identify and reduce cyber threats early on, improving security.
Additionally, they provide redundancy, as many root servers worldwide offer backup options. If one server fails, others can take over to maintain seamless Internet access.
What happens if all root servers for DNS become unavailable?
If all root servers for DNS become unavailable, these would be the results:
- Internet services disruption. Many Internet services rely on DNS to function. Email, web browsing, and other online services would be disrupted because no DNS root server would initiate the resolution process.
- Loss of cached data. Local DNS resolvers and ISPs cache some DNS information. Frequently accessed hostnames might still be resolvable for a short period, but once the cache expires, those domains also become inaccessible.
- Cyber attacks. The likelihood of cybercriminals exploiting the vulnerabilities is exceptionally high, as root servers provide a level of security online.
Ultimately, the collective loss of all root servers would be a cause for concern, disrupting the function of the Internet for all users. However, users don't need to worry in the event that one or two servers stop working, as the redundancy mentioned above means that the DNS process would still be able to continue.
What happens when a root server stops operating?
In the event a root server stops working, the Internet will still function for you. The root DNS system is built with redundancy and resilience. The thirteen root server identities are spread across many physical servers all over.
Other root servers can handle the extra load if one DNS root server's status goes offline. Your computer will automatically communicate with another available root server. This design ensures you can continue browsing the Internet without noticing any issues.
The system is robust enough to handle such failures. The loss of one operator doesn't disrupt the entire DNS infrastructure. The remaining operators keep the Internet running smoothly for everyone.
How do resolvers find DNS root servers?
DNS resolvers can't directly query the root zone. Rather, they have a built-in list of the 13 root server IP addresses. When a DNS lookup starts, the resolver queries one of these root servers. This initiates the DNS resolution process, leading to the eventual retrieval of the requested IP address.
Frequently asked questions
What is the advantage of having a root server nearby?
Having a root server close to you can speed up certain DNS activities. Web pages may load more quickly because the response time for initial lookup is faster.
Are most of the root servers based in the United States?
Originally, all root servers were located in the United States, but they have since been spread worldwide.
Can anyone set up their own DNS root server?
No, you cannot set up an official DNS root server; only authorized organizations manage them to maintain Internet stability.
