Slashdot Mirror


DNS Root Servers Outside US Surpass Those Inside

penciling_in writes "Paul Rendek, head of member services and communica of RIPE Network Coordination Centre (RIPE NCC) has reported on CircleID that: 'For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server.' In the same report, Daniel Karrenberg, Chief Scientist of the RIPE NCC says: 'We monitor the quality of the root name service from more than 50 locations worldwide, and we publish the results for everyone to see.'"

6 of 333 comments (clear)

  1. Globalization at its finest by qortra · · Score: 5, Interesting

    I'm an American, and I love the US, but the imbalance of the internet towards the US has always bothered me. To me, it always has seemed that it should be a completely global venture, and be supported fairly evenly throughout the globe.

    DNS servers are probably a good indicator of internet usage/participation and the fact that other countries are catching up is a good thing; however, just shy of half of the DNS servers are still in the US. That's pretty sad considering we represent less than 5% of the global population. Here's to hoping other countries continue to grow in their participation.

    Also, I hope Babelfish improves as globalizations continues.....

    1. Re:Globalization at its finest by aled · · Score: 3, Interesting

      perhaps, just perhaps, other countries don't speak english and gov means absolute nothing.
      I think that USA has a .us domain, it's just also the default domain. So x.gov is really x.gov.us.
      Of course you didn't want to mean that USA rules the world. Eh... you don't, no?

      --

      "I think this line is mostly filler"
    2. Re:Globalization at its finest by Blimbo · · Score: 3, Interesting

      "That's pretty sad considering we represent less than 5% of the global population"

      Sure, but what percentage of the INTERNET population does the US represent ?

  2. Can someone please explain by Bingo+Foo · · Score: 3, Interesting
    Can someone please explain how it is that "Name Service" has become synonymous with "The Internet?" Am I mistaken that all these root servers do is propagate name service information down to other machines until my office DNS can tell met that yahoo.com has address 66.218.71.198?

    The routers themselves deal in numerical IP space, right? Why is name service so dang important?

    --
    taken! (by Davidleeroth) Thanks Bingo Foo!
  3. No. You don't care. Here's why. by rs79 · · Score: 5, Interesting

    In the bad old days you and you alone were in control of name resolution. For those of you without receding and/or grey hairlines who may not know or remember this, you had a file called hosts.txt that contained all the mappings of names to IPs. That, obviously, didn't scale and DNS was developed and was widely deployed by about 86 or so.

    The one big gotcha with DNS is it takes control out of your hands. That is, you may have your own DNS server locally, but you traditionally refer to other servers that serve up the root zone that tells your DNS server where all the TLD servers are. Somewhere along the line the decision was made to use other machines, not your own, for this.

    This is wrong for many reasons:

    1. It's slower than if you have your own local copy of the root zone
    2. it's a point of failure you can live without - a DDOS on the legacy roots shouldn't take you down
    3. it provides a political point of capture - he who controls the root controls all the DNS namespace, and it's currently under the aegis of the trademark lobby under the guise of an incompetant and gutless wonder we jokingly refer to as "ICANN".

    But there are ways around this. The easiest if is you static route the 13 root server IPs to your own nameserver. Then you can run an unmodified copt of the legacy root zone on your own nameserver and the US government root servers can be backhoed or DDOS'd and you wouldn't even notice. ISP's are starting to figure this out, especiallly ones with expensive longhaul connections.

    Or, you can modify your nameserver to declare youtself primary for the root zone (which you've dutifully downloaded) and edit out the declarations for "." in the legacy root zone.

    Or you can use the ORSC root zone. If it's good enough for two ICANN board members, it's good enough for you.

    Whatever you do, for God's sake dump bind and use DJBDNS. It really is so much better it's just not funny.

    --
    Need Mercedes parts ?
  4. Re:Dilemma by qtp · · Score: 3, Interesting

    I'm torn between the cushy redundancy offered by decentralization, and the cushy security of having most of the servers in a stable, well-protected country.

    Fuirst of all, Germany is what most knowlegable people would call a "stable, well protected country".

    Second, that in and of itself does not affect the security or reliability of DNS as it is designed very much, and has even less signifigance now that anycast is proven to be a reliable technique for increasing redundancy.

    D. J. Bernstein has provided some good introductory about the workings of DNS, including security.

    There's a chapter on DNS security from "DNS and BIND" available at the O'reilly website as well.

    The biggest dispute about DNS security (and internet security in general) is between those who prefer centralized, single point solutions, and those who prefer distributed, autonomous security measures. IMHO, centralized security creates weakness in most (all?) cases by creating a single point of failure, and is an approach that is most often motivated by the desire to exert control over internet usage in hopes of personal gain (re: VeriSign), and to establish an authority because of a misguided belief that there need be one.

    The internet's basic strength is due to it's lack of dependance on centralized authorities in order to work. Any proposals that change that basic assumption are either poorly thought out or suspect.

    --
    Read, L