Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Root Servers Outside US Surpass Those Inside

Posted by ryuzaki0 on from the world-a-big-place dept.

penciling_in writes "Paul Rendek, head of member services and communica of RIPE Network Coordination Centre (RIPE NCC) has reported on CircleID that: 'For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server.' In the same report, Daniel Karrenberg, Chief Scientist of the RIPE NCC says: 'We monitor the quality of the root name service from more than 50 locations worldwide, and we publish the results for everyone to see.'"

18 of 333 comments (clear)

  1. Re:Can someone please explain by morelife · · Score: 2, Informative

    Am I mistaken that all these root servers do is propagate name service information down to other machines until my office DNS can tell met that yahoo.com has address 66.218.71.198?

    Correct. But that only happens when everything is working correctly.


    Why is name service so dang important?

    Try the book "DNS and Bind" (O'Reilly Publishing), pp 1-601.

  2. Re:Globalization at its finest by ncc74656 · · Score: 3, Informative
    For example, why is Japan .jp instead of .nh, when germany got .dk?

    Last time I checked, Germany is .de. .dk is Denmark. As for why some ccTLDs are derived from the local language (.de, .es) and some aren't (.jp, .ru), your guess is as good as mine. (One theory is that countries where the local language uses a non-Roman alphabet (or no alphabet at all) got their ccTLDs derived from the English names for those countries.)

    --
    20 January 2017: the End of an Error.
  3. VirtualHosting by DotNM · · Score: 3, Informative
    The thing is.... surfing by IP only (without DNS) would require EVERY SITE to have a static IP address, instead of every server.

    Many hosting companies, etc. use shared servers. I do as well, in fact, for my websites. For example, my website www.studentprogress.info may have the IP address 65.49.199.172, but the site will only show up if you use the hostname.

    Based on the sheer number of websites these days, I'm sure we'd run out of IPv4 space instantly without DNS, and maybe even run out of IPv6 space!

    --
    There's no place like localhost
  4. Re:Does it really matter though? by leerpm · · Score: 2, Informative

    The .com and .net servers are not the same as the root servers.

  5. Re:Does it really matter though? by Lehk228 · · Score: 3, Informative

    As i stated in the past the only reason verisign, ICANN or anyone else has DNS power is because everyone agrees to use their standard.. well.. not everybody ;) there is a choice in the matter anyone who wants to run a DNS server can do so and can map domains to whatever IP address they like... it's just that issuing conflicting domain names on different servers benifits nobody and makes things worse for everyone

    --
    Snowden and Manning are heroes.
  6. Re:Can someone please explain by changelingyahoo.com · · Score: 4, Informative

    If all the root servers somehow miraculously disappeared then most people would be alright for 1-2 days. After 2 days all the cached NS records for .com will have expired and virtually no one will be able to resolve any .com addresses. Similar results for all other TLDs, but the time until resolution failure for each TLD can differ.
    Of course this is a highly unlikely scenerio as there are 13 root DNS servers and many of these servers are actually multiple machines using anycast (for example). Of course, taking out a handful of the machines places sufficient load on the remaining servers to cause them to start dropping requests, but this too is unlikely.

    --
    My Company
  7. Re:Does it really matter though? by Anonymous Coward · · Score: 1, Informative

    Weird rules...

    "Each domain must maintain and enforce a registration/use policy for domains registered under it and for users who access the net or use services in it. A domain registration, even a Top-Level Domain, may be revoked or transferred if the responsible party fails to enforce this policy."

    so I have to have an acceptable use policy even if i just have a personal site on my domain? Wacky.

  8. Germans? by KalvinB · · Score: 4, Informative

    I think you're confused. The Germans volunteered to change the names of things such as saurekraut (I'm only half German) to "Liberty Cabbage" during WWII because they were getting persecuted so much by (you guessed it) Americans. We Americans know that the French are too stuck up to stick it to themselves so we changed "their" things to names like "Freedom Toast." And I'm not old. I learned that "Liberty Cabbage" thing from Grandpa Simpson. I kid you not. Simpson's is edumacational.

    And besides, even the govenment couldn't change the name to "Freedom Hosts" because even they are slaves to VeriSign. It'd be all wrapped up in too much irony. Even for this administration.

    Source

    Ben

    --
    Work Safe Porn
  9. Re:Globalization at its finest by sould · · Score: 3, Informative

    Just like telephone networks, automobiles and transistors the internet will follow the usual pattern of: 1. US Invents it

    Except the US did not invent the autombile.

    The most significant contribution the US has made to automobile engineering is the cup holder.

  10. Re:Can someone please explain by senatorpjt · · Score: 2, Informative

    Besides, a lot of smaller sites won't even work with the IP address, since they're being vhosted, they depend on you using the actual hostname, which is passed by the browser.

  11. Re:Globalization at its finest by bob_dinosaur · · Score: 2, Informative

    Actually, they're the two-letter ISO country codes. And Germany is .de - Denmark is .dk

  12. Re:Can someone please explain by morelife · · Score: 4, Informative


    Those numbers don't change, ...
    They can, and often do.

    How often do calls to the "root server" get made

    Many millions of times an hour. Each zone (or domain, in practical terms) has expiration and refresh times. In addition to caching host and other data, these expiration (ttl) and refresh times get cached as well. The clock is ticking on the ttl when first cached, and when it expires a new lookup will have to be made (even if the resulting information is, as you said, identical, e.g. it "doesn't change") Just about every time a lookup is made by a tier 3 name server the query will recursively end up at a root server which will point it back down to a gTLD server and down to the tld auth server which finally sends the data to the requestor.

    Or something like that :) The root servers have to operate in a highly reliable way, as almost all name servers use them.. There is hardly a service on the 'net that does NOT rely on names (mail, nntp, shoutcast streaming, rss, http, etc), but you are right in that strictly speaking, routing operations are IP address based and have little to do with DNS.

  13. Re:Not really a subject I understand, so let me as by 1lus10n · · Score: 2, Informative

    DNS isnt that simple. All the root NS handle is (most importantly) the authority records, such as the authoritative nameserver for slashdot.org, in order to get the needed info you will need to ask the authorotative server. Typically this is handled by your upstream provider. (ISP)

    But to answer your question you could probably use a different namesever in china et all unless they are capturing outbound traffic (port 53 in specific).

    I dont know how to do this in windows (since i dont use windows) but in *nix you would edit your /etc/resolv.conf file. then test it using the nslookup (screw dig) utility.

    --
    "Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
  14. Re:Does it really matter though? by cpmte · · Score: 2, Informative

    No, but Verisign does operate the A root server, which gets replicated to all the other root servers.

  15. It's nice to see an article by someone who knows by qtp · · Score: 4, Informative

    what they are talking about for a change.

    The recent flurry of articles giving the impression that VeriSign is somehow "in charge" of DNS has been rather irritating, when in fact, it is not difficult to configure your DNS server to ignore VeriSign operated root servers. (If you're using bind, dont include thier roots in your roots.cache zone file. I'm sure there's an equivalent trick for djbdns.)

    I wish all of those who are about to continue the current flood of "what difference does it make?" and "VeriSign controls DNS anyway." posts would kindly read this article and this one as well for a breif tutorial on DNS from that programmer who writes good shit but everyone says they hate him anyway, D. J. Bernstein.

    If you like the subject, maybe you should go out and buy a copy of DNS and BIND so you'll have something interesting to talk about at the coffee house this weekend.

    The truth is that DNS is a distributed system that is rather well designed to be redundant. The anycast implementation mentioned in the article is a good and needed way (it's the right way[tm]) to increase the redundancy that is already inherent in the system, making DNS much more secure and resistant to DDOS attacks and other attempts to disrupt DNS service. VeriSign showing off thier "secure" sites, and blowing thier own horn about how "important" they in particular are to the internet is a load of sh*t that should not be given a second thought unless you are in the habit of educating our lawmakers about related issues. Not an especially good habit, it will make you enemies (but only if you're right).

    --
    Read, L
  16. Re:Globalization at its finest by Eminor · · Score: 2, Informative


    1. US Invents it
    2. US then screws it up
    3. Other countries improve on methods and make superior products
    4. US consumers flock to the improved, cheaper products
    5. US companies create something new to get people to 'Buy American'
    6. Follow 2 - 6

    In alot of cases it more like:

    1. Someone invents it.
    2. The US makes an implementation of it.
    3. The US takes claim to the invention.
    4. Other countries continue to improve it.
    5. The product goes into it's next cycle in the US because the rest of the world forced them via competition.

  17. A testimonial by karl.auerbach · · Score: 3, Informative

    I've been using the ORSC root zone and its servers for several years. I have not noticed any outages or problems - oops, yes there was a problem once - it was when ICANN decided to create a .biz of its own even though there was one already running.

  18. Re:Globalization at its finest by 216pi · · Score: 2, Informative

    according to the the university of huston, the telephone was invented by a German 26-year-old science teacher.