The root name servers are a critical part of the Internet’s infrastructure. Identified by letters A through M, they provide the entry points to the Domain Name System (DNS). Since 2000, Netnod has operated i.root-servers.net, the first root server to be located outside of the United States.
The root name servers sit at the top of the DNS hierarchy. Today, there are 13 root name server identifiers in the world. As the first step in a DNS lookup, they are responsible for referring DNS resolvers to the appropriate Top-Level Domain (TLD) name servers. The I-root service operated by Netnod handles several hundred million DNS queries a day using anycast nodes deployed in more than 70 locations across the world. But how did we get here, and what challenges did we face in regards to the root servers in the early days of the Internet?
As the Internet developed in the late 1980s, there was an increasing need to have a root name server in Europe. There were then only a few, unstable links between Europe and the United States and these were expensive. To have every DNS query for the root zone traverse the ocean twice was becoming increasingly untenable.
In 1991, the Nordic University Network (NORDUnet) was selected to operate the first root name server in Europe. There were a variety of reasons for choosing NORDUnet including: early adoption of TCP/IP, good connectivity to the rest of Europe, and the fact it was one of a few European networks to have a connection to the Internet in the United States via a 56 kbit/s satellite link. In addition, the staff operating NORDUnet, who were based at Sweden’s Royal Institute of Technology (KTH), also had experience operating high-level DNS services such as the national TLD for Sweden (.se).
So on 28 July 1991, the following DNS records were introduced in the root zone, the file that contains the names and IP addresses of the authoritative name servers for the root zone:
. IN NS nic.nordu.net. nic.nordu.net. IN A 126.96.36.199
With the addition of these records, the server was enabled for public use. These records pointed to an IPv4 address (188.8.131.52 – it's still the same) where the name server for nic.nordu.net could be found. Located in Sweden, nic.nordu.net was, in 1991, the first root name server outside of the United States. The root name server was the 9th to be added to the root zone (and is today referred to by the 9th letter of the alphabet as i.root-servers.net).
The root name service was provided from a workstation on a desk in an empty office at the KTH. Beginning in 1991 a single Sun 4/65 with 40 MB of RAM was used. It evolved through the 1990s with single server Sun SPARCsystems (see figure 1), until, in 1998, PC clones were employed for a few years, shifting over to Digital Equipment Alpha servers, with one operating machine and one hot spare. Since 2003, Intel-based machines have been used exclusively.
In the early 1990s our biggest challenge was actually transferring the zone files containing all the information about the authoritative TLD name servers. This data had to be transferred from the United States but we would often experience major packet loss (30–50%) making this process difficult.
Another problem was that zone boundaries and content were yet to be strictly enforced. This meant that DNS servers (and people configuring them) were mixing cache and authoritative data and were serving various levels of the DNS hierarchy (e.g. root, .com, .org., .SE etc) from the same server. In these early days, there was a lot of human error as the processes had yet to be sufficiently documented.
As the Internet became increasingly important in the 1990s, and commercial and political issues entered the picture, we faced a more specific technical challenge: the DNS traffic load and the increasing geographic spread of the Internet created a need for more servers. However, the DNS protocol was limited to 512-byte packets, which left room for only nine service identifiers in the responses to the essential "priming query" that DNS resolvers issue to a root name server when they start. Deploying more root name servers was useless, as the resolvers couldn't be told about their existence. The packet was "full".
The solution came when a couple of DNS experts realised that if only the servers had similar names, the "label compression algorithm", which is used when storing the DNS data records in the packets, could be utilised to its full advantage. A complete renaming of the root name servers would make room for four more servers in the packets! Said and done! In 1995, nic.nordu.net was officially renamed to i.root-servers.net along with the other 8 root name servers. The four new servers (J, K, L, and M) were subsequently created and added to the system.
This was the situation after the renaming in 1995:
|Original Name||New Name|
It is worth noting that in 1995, each letter identified a particular server machine. Today, each letter identifies an IPv4 and an IPv6 address at which the service is provided under the responsibility of a single root server operator. These addresses are reachable at multiple service points spread all over the world using anycast technology. This means that today there are over 1,300 instances of the root name servers combined globally. These are often located at key connectivity points such as Internet Exchanges (IXes) and at large network operators.
In 1992, one such IX was created at the KTH, and in the mid-1990s I-root was moved from previously having sat inside NORDUnet to instead be connected using a separate connection to the IX. The idea was to make it more accessible to all the connected network operators. In 1996, Netnod was created to operate the IX as a free-standing service.
In 2000, Autonomica was formed as a subsidiary of Netnod. As the root service was seen as public infrastructure, and since Autonomica had inherited some key staff from the KTH, it made sense to continue to provide the service from the "public" IX and for Autonomica to handle the day-to-day operations of I-root. Gradually more and more responsibilities shifted over to Autonomica, until NORDUnet and Autonomica signed an agreement that Autonomica would assume full responsibility for all aspects of the I-root service.
Some major steps were also taken on the technical side. We were one of the first adopters of the DNS anycast technology, which allows multiple servers around the world to use a single IP address. This meant that instead of using just one server, we could use multiple servers spread geographically to provide the I-root service. By the end of 2003, we had installed our first anycast instances of i.root-servers.net in Helsinki and London. This initiated the still on-going roll-out of I-root servers across the world. Using a global anycast platform has significantly improved the response times, resilience and redundancy for our part of the root server system and thereby also for the system as a whole.
Today we run an anycast network with 70+ locations, hundreds of servers, and thousands of peering relationships with ISPs. We have developed a leading commercial DNS service for TLDs and enterprise customers. This enables us to use our DNS expertise to serve these segments and generate a stable source of income to fund the I-root service we provide without charge for the good of the Internet as a whole. Over the last 20+ years, Netnod has operated the I-root service with a focus on 3 main goals: service stability, policy stability and financial stability. For an in depth look at how we have done this, see my earlier blog post here.
When I look back, I don’t know which number is more scary: the fact that the I-root service turns 30 years old this year, or that I’ve been involved for 29.5 of those years. Regardless of which, I'm enjoying the ride and the fact that Netnod is a key player in the DNS world. I take pride in the services we provide – both I-root and the commercial ones – and look forward to the coming years with confidence that Netnod will continue as one of the leading providers of DNS services.
You can read Lars-Johan’s blogpost on the operational challenges of operating a root name server here and watch his webinar about Netnod’s I-root service here.
For operators who want more information on how to ensure good DNS service, you can see our checklist here.
For more on Netnod’s 25 year anniversary working at the core of the Internet, see here.
This article was originally published on the Netnod blog.
Comments are disabled on articles published more than a year ago. If you'd like to inform us of any issues, please reach out to us via the contact form here.