Slashdot Mirror
DNS Root Servers Outside US Surpass Those Inside
penciling_in writes "Paul Rendek, head of member services and communica of RIPE Network
Coordination Centre (RIPE NCC) has
reported on CircleID that: 'For the first time in Internet history the
number of instances of DNS root servers outside the United States has overtaken
the number within. The balance was tipped by the recent launch in Frankfurt of
an anycast instance of the RIPE
NCC operated K-root server.' In
the same report, Daniel Karrenberg, Chief Scientist of the RIPE NCC says:
'We monitor the quality of the root name service from more than 50
locations worldwide, and we publish the results for everyone to see.'"
So it was a K-raut K-root server that tipped the balance?
*dodges the thrown fruit*
The number of countries outside the U.S. outnumber the number of countries inside the U.S.
I just changed bloody hosts three days ago and my DNS still isn't completely changed over! Now I find out it's because all the new servers are farting around in Frankfurt! Great, just great! =)~
My Webcomic: Asylum on 5th Street
If you are in an insulated internet enviroment, such as china or certain american networks, is it possible to hook up to one of these external DNS servers and use it to handle your NS requests, or would you need to have an existing account with a foriegn ISP?
Sure, there may be more DNS root servers outside the US, but it would seem that Verisign still has exclusive rights to muck around with them. So what's the big deal?
Can they DO that?
"Service quality and security is not always proportional to money spent."
Time until someone makes a Windows-Linux parallel: 5... 4...
The coolest voice ever.
Cool. This is as it should be, too.. As the rest of the world gets on the net, we'll se the US further down the list, I'm sure.
I'm an American, and I love the US, but the imbalance of the internet towards the US has always bothered me. To me, it always has seemed that it should be a completely global venture, and be supported fairly evenly throughout the globe.
DNS servers are probably a good indicator of internet usage/participation and the fact that other countries are catching up is a good thing; however, just shy of half of the DNS servers are still in the US. That's pretty sad considering we represent less than 5% of the global population. Here's to hoping other countries continue to grow in their participation.
Also, I hope Babelfish improves as globalizations continues.....
The routers themselves deal in numerical IP space, right? Why is name service so dang important?
taken! (by Davidleeroth) Thanks Bingo Foo!
I am part K-raut you insensitive K-lod!
It is easier to build strong children than to repair broken men. -Frederick Douglass
I wanted to read the article, but my browser can't resolve the host.
OK, the FIRST thing they need to do is dump the large picture on the main page. 140K seems just a bit on the large size for a main page, especially on "old, slow" hardware.
Comment removed based on user account deletion
Personally, I'm torn between the cushy redundancy offered by decentralization, and the cushy security of having most of the servers in a stable, well-protected country. You mean a country like Canada, that doesn't go around pissing off the rest of the world? Diversity is a survival factor, especially in adverse conditions. If we put all the servers in one place, we might as well run the same exact Windows OS on all of them too...
"Freedom means freedom for everybody" -- Dick Cheney
"Personally, I'm torn between the cushy redundancy offered by decentralization, and the cushy security of having most of the servers in a stable, well-protected country."
oh i forgot, germany is such an unstable rogue state. better hurry up and invade!^H^H^H^H^H^H liberate
I'll just use my special getting high powers one more time...
It kind of reminds me of how the Annual Hockey game is always North America vs. the World (even though the world has some good hockey players).
That's wonderful also and I think that the Internet and everything should also be more globalized, but the DNS servers are providing a resource that has a certain demand associated. Simply, the internet should be skewed to America because, for whatever reason (they are obvious), America likely generates the most requests and receives the most requests (though I don't know the numbers, maybe China is coming close?). Obviously, if nearly all of the surfing consists of Americans accessing American sites, then an extra server in Germany serves little utility (aside from alleviating, perhaps, accesses outside of the country).
So (obviously) establishing more servers in other countries won't globalize the internet any more, it's an indication (and a positive one) of some increasing global demand.
That is, unless Germany just wasting a bunch of money simply so that the world may pass the U.S. in Root servers.
his father? the guy must be quite old then.
I am an American, and I like the USA, but the imbalance of the InterNet into the USA always worried itself me. At me it has to always seem that it would have to be a completely global enterprise, and, i.e. continuously rather even with the whole sphere. Dns host are probable a good indicator of the InterNet customs/participation, and the fact that other countries are highly sticking on, is a good thing; however, just shy of half the dns host always are in the USA. Rather more sadly us represent less than 5% of the global population consider. Here different countries to hope develop further in their participation. In addition I hope that Babelfish improves, while the globalizations continue.....
An infinite number of monkeys will eventually come up with the complete works of
Personally, I'm waiting to see how the contenders in the Presidential election plan to restore American supremacy in this critical area of the New Economy. Forget mere investment in additional servers, let's jump right to forced annexation of the some of these upstart two-bit "nations"...
Stop by my site where I write about ERP systems & more
Well protected is very difficult, I assume U mean US, but the rest of the world grows weary of US, so->following the philosophy of democracy-> Most votes count, and that is certainly not US
Please don't flame, me personally am (very)weary of Bush, and not USpeople, but...
Needless to say as long as he's in power I will grow more weary of USpeople.
U would be surprised how little US has to say if "democracy" were global(Democracy doesnt seem to be in the interest of "american" survival.).
5.85 billion? You sure? 300 Million...
This sig is in Spanish when you're not looking....
Dude you just made me spit cum all over my keyboard!!!1
Quick...
/. THAT
Everyone ping k.root-servers.net and try and
... and then there were none
"oh i forgot, germany is such an unstable rogue state. better hurry up and invade!^H^H^H^H^H^H liberate"
Been there, Done that.
What?
I'd hate to think any of my packets being exported to those guys who wouldn't even help us rid Iraq of weapons of mass destruction! I think in protest, we should hereby refer to all the USA DNS root servers as "Freedom Hosts" (cue Lee Greenwood music...now).
Many hosting companies, etc. use shared servers. I do as well, in fact, for my websites. For example, my website www.studentprogress.info may have the IP address 65.49.199.172, but the site will only show up if you use the hostname.
Based on the sheer number of websites these days, I'm sure we'd run out of IPv4 space instantly without DNS, and maybe even run out of IPv6 space!
There's no place like localhost
You have what? 70 years?
In SOVIET GERMANY, joke does not get YOU!
I think you're confused. The Germans volunteered to change the names of things such as saurekraut (I'm only half German) to "Liberty Cabbage" during WWII because they were getting persecuted so much by (you guessed it) Americans. We Americans know that the French are too stuck up to stick it to themselves so we changed "their" things to names like "Freedom Toast." And I'm not old. I learned that "Liberty Cabbage" thing from Grandpa Simpson. I kid you not. Simpson's is edumacational.
And besides, even the govenment couldn't change the name to "Freedom Hosts" because even they are slaves to VeriSign. It'd be all wrapped up in too much irony. Even for this administration.
Source
Ben
Work Safe Porn
In the bad old days you and you alone were in control of name resolution. For those of you without receding and/or grey hairlines who may not know or remember this, you had a file called hosts.txt that contained all the mappings of names to IPs. That, obviously, didn't scale and DNS was developed and was widely deployed by about 86 or so.
The one big gotcha with DNS is it takes control out of your hands. That is, you may have your own DNS server locally, but you traditionally refer to other servers that serve up the root zone that tells your DNS server where all the TLD servers are. Somewhere along the line the decision was made to use other machines, not your own, for this.
This is wrong for many reasons:
But there are ways around this. The easiest if is you static route the 13 root server IPs to your own nameserver. Then you can run an unmodified copt of the legacy root zone on your own nameserver and the US government root servers can be backhoed or DDOS'd and you wouldn't even notice. ISP's are starting to figure this out, especiallly ones with expensive longhaul connections.
Or, you can modify your nameserver to declare youtself primary for the root zone (which you've dutifully downloaded) and edit out the declarations for "." in the legacy root zone.
Or you can use the ORSC root zone. If it's good enough for two ICANN board members, it's good enough for you.
Whatever you do, for God's sake dump bind and use DJBDNS. It really is so much better it's just not funny.
Need Mercedes parts ?
Yes but Export laws will keep any dns number above 2^2 from crossing the border.
Its amazing how those forigners keep sneaking back into the US to develop their software then releasing it like it came from other countries!
ls
Or, to put it another, more fuzzy way:
World = 6 billion(ish)
World - America = 6 billion(ish)
How does anyone make money running a root server?
Most people don't even know what the root nameservers are, or how they work. Hell, most people don't even understand DNS.
Posting a technical story like this has confused most slashdoters, as can been seen by the lack of comments that have anything to do with the story.
Andrew
Quick everyone in the US go setup 5 DNS servers!
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
This whole root server thing is good for the Internet. For way too long, big corporations and the USA government have believed that the US "owns" the Internet. It seems like rules are made based on what USA corporations "want" or "need". Americans *do not* own the internet.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Forgive him/her, must have been brainwashed in the New American Century Empire.
Thell say anything to fit their needs.
JK,
Instead, the authors of openbsd and the vapor NAT-T patch have decided to remove ipsec completely because they are afraid of the SSH corp suing them over trivial ideas.
... are resolved to us.
First I wanted to be a chef. Then I wanted to be Napoleon. My ambitions have continued to grow ever since.
I'm glad there's sick fuckers like you that find her attractive. Leaves the truly hot chicks for us that have taste. Of course, it would be best if you both slit your wrists.
http://www.cbc.ca/mondayreport/videos/ontario.html
Need Mercedes parts ?
Please give an example of a hot chick by your definition.
I don't undestand the question. What exactly are you trying to do?
Need Mercedes parts ?
You can primary the root on your own box. Hell if you ask NSI nicely they'll let you download daily copies of .com and .net as well.
If you have the disk space, ram and cpu you can do all of these.
You can primary the root zone (it's a piddly 100K file) on a 386 and get better performance than using the legacy root servers.
Need Mercedes parts ?
NSI used to pay for them by picking up the tab for machines and bandwidth. I don't know if they still do that or if the USG pays for it.
Need Mercedes parts ?
This may be a goofy question that I should know, but is there an authoritative source for the root server list? How do you determine which is the most efficient root server for your area, aside from going through the list and doing traceroutes?
The world is pissed off by illegal militairy invasions, and it has nothing to do with economy, ...stupid idiot.
5'5", 110 lbs, C-cups, pretty face, in shape
but don't worry, it's ok if you like sheep
Sort of. The root servers don't support recursive DNS queries, but any DNS client/library worth its salt will be able to cope with iterative DNS lookups. You may notice performance problems though: without an intermediate DNS server handling recursive queries there's no DNS caching.
yeah, so you don't want them in the US do you? especially not near any airports.
DNS isnt that simple. All the root NS handle is (most importantly) the authority records, such as the authoritative nameserver for slashdot.org, in order to get the needed info you will need to ask the authorotative server. Typically this is handled by your upstream provider. (ISP)
/etc/resolv.conf file. then test it using the nslookup (screw dig) utility.
But to answer your question you could probably use a different namesever in china et all unless they are capturing outbound traffic (port 53 in specific).
I dont know how to do this in windows (since i dont use windows) but in *nix you would edit your
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
You can probably find about a half a million DNS servers that you can query from, or more. That still won't let you connect to web sites that are in blocked IP ranges.
- It's not the Macs I hate. It's Digg users. -
I tell you what. If you don't like that redhead mentioned above, you're 100% gay. I swear.
Might be.... the way everything is going, India will probably surpass the USA and my home country, Canada, pretty soon.
There's no place like localhost
Mod's must be smoking what was up in an slightly higher comment.
Slightly less than half of all your base are resolve to us?
If your theory is different from practice, then your theory is wrong.
what they are talking about for a change.
The recent flurry of articles giving the impression that VeriSign is somehow "in charge" of DNS has been rather irritating, when in fact, it is not difficult to configure your DNS server to ignore VeriSign operated root servers. (If you're using bind, dont include thier roots in your roots.cache zone file. I'm sure there's an equivalent trick for djbdns.)
I wish all of those who are about to continue the current flood of "what difference does it make?" and "VeriSign controls DNS anyway." posts would kindly read this article and this one as well for a breif tutorial on DNS from that programmer who writes good shit but everyone says they hate him anyway, D. J. Bernstein.
If you like the subject, maybe you should go out and buy a copy of DNS and BIND so you'll have something interesting to talk about at the coffee house this weekend.
The truth is that DNS is a distributed system that is rather well designed to be redundant. The anycast implementation mentioned in the article is a good and needed way (it's the right way[tm]) to increase the redundancy that is already inherent in the system, making DNS much more secure and resistant to DDOS attacks and other attempts to disrupt DNS service. VeriSign showing off thier "secure" sites, and blowing thier own horn about how "important" they in particular are to the internet is a load of sh*t that should not be given a second thought unless you are in the habit of educating our lawmakers about related issues. Not an especially good habit, it will make you enemies (but only if you're right).
Read, L
I've flushed things down the toilet better looking than her.
No fuckin way that you'd refuse if this chick asked you to sleep with her.
Further confirms the fact that geeks are seriously lacking the opposite sex ;)
On a side note, it is interesting how the artist draws characters that look like herself. I haven't seen this before. Interesting...
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
Depends on if she likes ass-to-mouth play.
Seeing as how the Americunts couldn't beat the stone-age villagers of Vietnam and can't beat the rag-tag resistance to the US theft of Iraq, I don't think anyone's particularly worried, son. To paraphrase Jack 'The Hat' McVitie - "you're just fat, loudmouthed poofs, and nobody's scared of you".
I spent the summer in India; you aren't too far off the mark.
While I was in Pune, there were workers on every major road, installing fiber optic cable.
As far as DNS goes, they haven't got a clue what they're doing. If I traceroute an ip, my packets fly to Australia, California, New York, California, Norway, and finally the uk site i'm looking for.
I dunno what typical is or means. Even on a lowly W98 box I put Simple DNS+ ($35) or, better, BIND PE (free) on it. And they will query the root servers to find where the pointers to say, .TH or .SK are.
Probably you mean most people just use their ISP's DNS servers. This is usualy not a terrific idea as most of these blow dead goats.
If you have a spare 386 or higher, deploy it as a dedicated DNS server (under Windows or *nix, it does't matter), primary the root on it and watch everything you do get just a little bit faster, or if you have a funky ISP, maybe even considerably faster.
The most it'll cost you is $6/mo for the electricity.
Need Mercedes parts ?
Tell 'em qpt sent you, though, and you'll get the first six months at half off the introductory business-class rate for first-time dedicated leasers, not including set up and take down fees or configuration surcharges and local infrastructure levies.
Think about e-commerce, too.
--
Domine Deus, creator coeli et terrae respice humilitatem nostram.
There is a web site called Long Bets where people can place long term bets that may not be settled until long after they are dead.
For example, the longest bet is Long Bet #7 - The universe will eventually stop expanding. I don't suppose any of us will be around to empirically determine the answer.
One candidate for a bet is/was Long Bet #26 - By the end of 2012, more than 50% of the root servers on the internet will be located outside the United States.
But noone accepted the bet.
"Corporations don't vote our leaders, people do."
Wake up, Neo.
You agree with me leaders are more than some president, yes? This (so-called -- for a chosen leader in a non-transparant nation isn't fair imo) chosen leader decides for the people in a lot of ways. The fact this is called "democratic" doesn't mean it is actually democratic in theory; imo, it isn't.
Even this can be brought futher. Exactly which people assign the leader(s) of a company? Government organisation? NGO? Who decides over ICANN? VeriSign? We all do? Yeah right.
Worse, we as non-US civilian can't vote for some US president, yet this president has tremendous infuence over the lives of people all over the world.
Democracy? In my ass.
Heck, i won't even _start_ about Carlyle...
Before you start with some anti-American conpsiracy the sae is true for the country i'm living in.
In the case such a country has a lot of known influence over the world it'll receive more (valid) criticism, especially on moral issues.
Don't see enough people from Djibouti around here.
You are referring to the DNS order. For most people filled out automatically by DHCP but obviously can be manually reconfigured . The same thing can be done in Windows by modifying the DNS settings in the TCP/IP configuration of the network connection used.
-el
I've been using the ORSC root zone and its servers for several years. I have not noticed any outages or problems - oops, yes there was a problem once - it was when ICANN decided to create a .biz of its own even though there was one already running.
What's up with the mods tonight?
I appreciate the humor of the parent post, but if you want to join in and make a funny, fscking with the moderation a pretty lame way to do it.
I'm torn between the cushy redundancy offered by decentralization, and the cushy security of having most of the servers in a stable, well-protected country.
Fuirst of all, Germany is what most knowlegable people would call a "stable, well protected country".
Second, that in and of itself does not affect the security or reliability of DNS as it is designed very much, and has even less signifigance now that anycast is proven to be a reliable technique for increasing redundancy.
D. J. Bernstein has provided some good introductory about the workings of DNS, including security.
There's a chapter on DNS security from "DNS and BIND" available at the O'reilly website as well.
The biggest dispute about DNS security (and internet security in general) is between those who prefer centralized, single point solutions, and those who prefer distributed, autonomous security measures. IMHO, centralized security creates weakness in most (all?) cases by creating a single point of failure, and is an approach that is most often motivated by the desire to exert control over internet usage in hopes of personal gain (re: VeriSign), and to establish an authority because of a misguided belief that there need be one.
The internet's basic strength is due to it's lack of dependance on centralized authorities in order to work. Any proposals that change that basic assumption are either poorly thought out or suspect.
Read, L
Cool, a russian posting to slashdot.
Corporations don't vote our leaders, people do
And they just love the fact that you belive that line.
The US did also NOT invent
the laser
mp3
television
the steam engine
a lot of other useful stuff
Einstein and Oppenheimer were no Americans, Mme Curie was french, adidas, Mercedes and BMW are also not american corporations.
and YES, a lot of the ROW* citizen are annoyed by American Cultural Ignorance (tm)
Apologies for maybe overreacting a little, but Coke, burger and fries are not the universial food source. Get off your high horse.
-silence
*ROW = Rest Of World
Dyslectics of the world, untie!
6 thousand million god damnit!
DNS has nothing to do with IP routing. Routing tables are maintained by ISPs. IP routing decisions are not made just based on distance, but also cost/bandwidth per route.
Hahaha. Jealous foreigner.
I am an American
Wow. Not from the US though? I hope the babelfish translation improves to.
"dra.hmg.gb" is still around:
dra.hmg.gb. 10786 IN SOA ns1.cs.ucl.ac.uk. liaison.ess.cs.ucl.ac.uk. 200305161 14400 1800 3600000 360000
I don't know of any hosts in it, though.
GROGGS: alive and well and living in
She has a beautiful personality as well, stupid cunt. That's half of the attraction. You can keep your 'truly hot' airheads, you shallow fuck.