Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Root Servers Outside US Surpass Those Inside

Posted by ryuzaki0 on from the world-a-big-place dept.

penciling_in writes "Paul Rendek, head of member services and communica of RIPE Network Coordination Centre (RIPE NCC) has reported on CircleID that: 'For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server.' In the same report, Daniel Karrenberg, Chief Scientist of the RIPE NCC says: 'We monitor the quality of the root name service from more than 50 locations worldwide, and we publish the results for everyone to see.'"

44 of 333 comments (clear)

  1. Er by millisa · · Score: 5, Funny

    So it was a K-raut K-root server that tipped the balance?

    *dodges the thrown fruit*

  2. This just in by Anonymous Coward · · Score: 5, Funny

    The number of countries outside the U.S. outnumber the number of countries inside the U.S.

    1. Re:This just in by cujo_1111 · · Score: 5, Insightful

      Not according to the average American who thinks there is nothing outside the US except terrorists...

      --
      If I point out that you are incorrect, making me a foe does not make you any more correct.
    2. Re:This just in by cujo_1111 · · Score: 5, Funny

      Do the puppet governments that the US put in place count as other countries?

      --
      If I point out that you are incorrect, making me a foe does not make you any more correct.
    3. Re:This just in by Anonymous Coward · · Score: 4, Funny

      Wait... there's an internet outside the U.S.?

    4. Re:This just in by the+eric+conspiracy · · Score: 5, Funny

      Don't forget Canadia

      How could we forget the Maple Leaf state.

    5. Re:This just in by the+eric+conspiracy · · Score: 5, Funny

      Not according to the average American who thinks there is nothing outside the US except terrorists...

      You have just proven that at least one person in Australia is a moron, not a terrorist.

      Congratulations.

    6. Re:This just in by Anonymous Coward · · Score: 5, Funny

      If that's true then why do they call the internet America Online?

    7. Re:This just in by Tokerat · · Score: 4, Funny


      Apparently they call it "MSN" everywhere else...

      --
      CAn'T CompreHend SARcaSm?
  3. Damnit! by Jin+Wicked · · Score: 4, Funny

    I just changed bloody hosts three days ago and my DNS still isn't completely changed over! Now I find out it's because all the new servers are farting around in Frankfurt! Great, just great! =)~

    --
    My Webcomic: Asylum on 5th Street
  4. Does it really matter though? by toddestan · · Score: 5, Insightful

    Sure, there may be more DNS root servers outside the US, but it would seem that Verisign still has exclusive rights to muck around with them. So what's the big deal?

    1. Re:Does it really matter though? by Lehk228 · · Score: 3, Informative

      As i stated in the past the only reason verisign, ICANN or anyone else has DNS power is because everyone agrees to use their standard.. well.. not everybody ;) there is a choice in the matter anyone who wants to run a DNS server can do so and can map domains to whatever IP address they like... it's just that issuing conflicting domain names on different servers benifits nobody and makes things worse for everyone

      --
      Snowden and Manning are heroes.
  5. Minor /. prediction: by Faust7 · · Score: 4, Funny

    "Service quality and security is not always proportional to money spent."

    Time until someone makes a Windows-Linux parallel: 5... 4...

    --
    The coolest voice ever.
  6. The US... by Pathway · · Score: 3, Insightful

    Cool. This is as it should be, too.. As the rest of the world gets on the net, we'll se the US further down the list, I'm sure.

  7. Globalization at its finest by qortra · · Score: 5, Interesting

    I'm an American, and I love the US, but the imbalance of the internet towards the US has always bothered me. To me, it always has seemed that it should be a completely global venture, and be supported fairly evenly throughout the globe.

    DNS servers are probably a good indicator of internet usage/participation and the fact that other countries are catching up is a good thing; however, just shy of half of the DNS servers are still in the US. That's pretty sad considering we represent less than 5% of the global population. Here's to hoping other countries continue to grow in their participation.

    Also, I hope Babelfish improves as globalizations continues.....

    1. Re:Globalization at its finest by Takara · · Score: 3, Insightful

      I've also found it sad that while the internet is a global service, many TLDs (namely .gov .edu) are US centric. Some countries right now use a .gov.TLDcc title for their government uses, I don't see why it couldn't have been .TLDcc.gov.

    2. Re:Globalization at its finest by Judg3 · · Score: 4, Insightful

      " imbalance of the internet towards the US has always bothered me"

      Don't worry the rest of the world will catch up. Just like telephone networks, automobiles and transistors the internet will follow the usual pattern of:

      1. US Invents it
      2. US then screws it up
      3. Other countries improve on methods and make superior products
      4. US consumers flock to the improved, cheaper products
      5. US companies create something new to get people to 'Buy American'
      6. Follow 2 - 6

      I'm guessing that the reason we Americans go from a technological breakthrough to wondering why the hell everyone buys the product from overseas is we're either to arrogant and set in our ways, we spent a lot of $$$$ being early adopters and now the technology we use is antiquated just as the rest of the world adopts it, or a combo of the two.

      --
      Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
    3. Re:Globalization at its finest by aled · · Score: 3, Interesting

      perhaps, just perhaps, other countries don't speak english and gov means absolute nothing.
      I think that USA has a .us domain, it's just also the default domain. So x.gov is really x.gov.us.
      Of course you didn't want to mean that USA rules the world. Eh... you don't, no?

      --

      "I think this line is mostly filler"
    4. Re:Globalization at its finest by Takara · · Score: 3, Insightful

      Other countries might not speak english, but they still get assigned english TLDs, so x.gov wouldn't be a stretch. For example, why is Japan .jp instead of .nh, when germany got .dk?

    5. Re:Globalization at its finest by ncc74656 · · Score: 3, Informative
      For example, why is Japan .jp instead of .nh, when germany got .dk?

      Last time I checked, Germany is .de. .dk is Denmark. As for why some ccTLDs are derived from the local language (.de, .es) and some aren't (.jp, .ru), your guess is as good as mine. (One theory is that countries where the local language uses a non-Roman alphabet (or no alphabet at all) got their ccTLDs derived from the English names for those countries.)

      --
      20 January 2017: the End of an Error.
    6. Re:Globalization at its finest by sould · · Score: 3, Informative

      Just like telephone networks, automobiles and transistors the internet will follow the usual pattern of: 1. US Invents it

      Except the US did not invent the autombile.

      The most significant contribution the US has made to automobile engineering is the cup holder.

    7. Re:Globalization at its finest by Blimbo · · Score: 3, Interesting

      "That's pretty sad considering we represent less than 5% of the global population"

      Sure, but what percentage of the INTERNET population does the US represent ?

    8. Re:Globalization at its finest by sould · · Score: 3, Insightful

      But where would the automobile be if it were not for mass production?

      So what?

      He said invent, not popularise.

      I am well aware that the U.S. is good at industrialising other counties inventions.

  8. Can someone please explain by Bingo+Foo · · Score: 3, Interesting
    Can someone please explain how it is that "Name Service" has become synonymous with "The Internet?" Am I mistaken that all these root servers do is propagate name service information down to other machines until my office DNS can tell met that yahoo.com has address 66.218.71.198?

    The routers themselves deal in numerical IP space, right? Why is name service so dang important?

    --
    taken! (by Davidleeroth) Thanks Bingo Foo!
    1. Re:Can someone please explain by dmp123 · · Score: 3, Insightful

      Well, because most things users have dealings with operate by hostnames, rather than IP addresses?

      Even more so when IPv6 comes in. Besides, unless you're a masochist, I bet your mail client has SMTP: mail..com, rather than it's IP?

      Did you come to slashdot.org, or 66.35.250.150?

      Thought so.

      David

    2. Re:Can someone please explain by DotNM · · Score: 3, Insightful

      DNS converts the name (e.g. www.studentprogress.info) into an IP addy (65.49.199.172). Without DNS, the internet would be like the phone with no phone book.... no way to find the number of the person/company you want to call... and in internet terms, no way to find the IP address of the website you want. Think about it.... would you (and many users who are new to computers/the internet) find it easier to remember www.studentprogress.info or 65.49.199.172? My guess would be the hostnames.

      --
      There's no place like localhost
    3. Re:Can someone please explain by changelingyahoo.com · · Score: 4, Informative

      If all the root servers somehow miraculously disappeared then most people would be alright for 1-2 days. After 2 days all the cached NS records for .com will have expired and virtually no one will be able to resolve any .com addresses. Similar results for all other TLDs, but the time until resolution failure for each TLD can differ.
      Of course this is a highly unlikely scenerio as there are 13 root DNS servers and many of these servers are actually multiple machines using anycast (for example). Of course, taking out a handful of the machines places sufficient load on the remaining servers to cause them to start dropping requests, but this too is unlikely.

      --
      My Company
    4. Re:Can someone please explain by morelife · · Score: 4, Informative


      Those numbers don't change, ...
      They can, and often do.

      How often do calls to the "root server" get made

      Many millions of times an hour. Each zone (or domain, in practical terms) has expiration and refresh times. In addition to caching host and other data, these expiration (ttl) and refresh times get cached as well. The clock is ticking on the ttl when first cached, and when it expires a new lookup will have to be made (even if the resulting information is, as you said, identical, e.g. it "doesn't change") Just about every time a lookup is made by a tier 3 name server the query will recursively end up at a root server which will point it back down to a gTLD server and down to the tld auth server which finally sends the data to the requestor.

      Or something like that :) The root servers have to operate in a highly reliable way, as almost all name servers use them.. There is hardly a service on the 'net that does NOT rely on names (mail, nntp, shoutcast streaming, rss, http, etc), but you are right in that strictly speaking, routing operations are IP address based and have little to do with DNS.

  9. Insensitive parent comment! by weeboo0104 · · Score: 5, Funny

    I am part K-raut you insensitive K-lod!

    --
    It is easier to build strong children than to repair broken men. -Frederick Douglass
    1. Re:Insensitive parent comment! by kfg · · Score: 4, Funny

      I am part K-raut you insensitive K-lod!

      Well Jeez. Don't go getting all sauer over it.

      KFG

  10. Sucks by Gyan · · Score: 3, Funny

    I wanted to read the article, but my browser can't resolve the host.

  11. Re:Dilemma by crabpeople · · Score: 4, Funny

    "Personally, I'm torn between the cushy redundancy offered by decentralization, and the cushy security of having most of the servers in a stable, well-protected country."

    oh i forgot, germany is such an unstable rogue state. better hurry up and invade!^H^H^H^H^H^H liberate

    --
    I'll just use my special getting high powers one more time...
  12. Slashdotted! by thedji · · Score: 4, Funny

    Quick...

    Everyone ping k.root-servers.net and try and /. THAT

    --
    ... and then there were none
  13. Those damn Germans! by FearUncertaintyDoubt · · Score: 4, Funny

    I'd hate to think any of my packets being exported to those guys who wouldn't even help us rid Iraq of weapons of mass destruction! I think in protest, we should hereby refer to all the USA DNS root servers as "Freedom Hosts" (cue Lee Greenwood music...now).

  14. VirtualHosting by DotNM · · Score: 3, Informative
    The thing is.... surfing by IP only (without DNS) would require EVERY SITE to have a static IP address, instead of every server.

    Many hosting companies, etc. use shared servers. I do as well, in fact, for my websites. For example, my website www.studentprogress.info may have the IP address 65.49.199.172, but the site will only show up if you use the hostname.

    Based on the sheer number of websites these days, I'm sure we'd run out of IPv4 space instantly without DNS, and maybe even run out of IPv6 space!

    --
    There's no place like localhost
  15. Germans? by KalvinB · · Score: 4, Informative

    I think you're confused. The Germans volunteered to change the names of things such as saurekraut (I'm only half German) to "Liberty Cabbage" during WWII because they were getting persecuted so much by (you guessed it) Americans. We Americans know that the French are too stuck up to stick it to themselves so we changed "their" things to names like "Freedom Toast." And I'm not old. I learned that "Liberty Cabbage" thing from Grandpa Simpson. I kid you not. Simpson's is edumacational.

    And besides, even the govenment couldn't change the name to "Freedom Hosts" because even they are slaves to VeriSign. It'd be all wrapped up in too much irony. Even for this administration.

    Source

    Ben

    --
    Work Safe Porn
  16. No. You don't care. Here's why. by rs79 · · Score: 5, Interesting

    In the bad old days you and you alone were in control of name resolution. For those of you without receding and/or grey hairlines who may not know or remember this, you had a file called hosts.txt that contained all the mappings of names to IPs. That, obviously, didn't scale and DNS was developed and was widely deployed by about 86 or so.

    The one big gotcha with DNS is it takes control out of your hands. That is, you may have your own DNS server locally, but you traditionally refer to other servers that serve up the root zone that tells your DNS server where all the TLD servers are. Somewhere along the line the decision was made to use other machines, not your own, for this.

    This is wrong for many reasons:

    1. It's slower than if you have your own local copy of the root zone
    2. it's a point of failure you can live without - a DDOS on the legacy roots shouldn't take you down
    3. it provides a political point of capture - he who controls the root controls all the DNS namespace, and it's currently under the aegis of the trademark lobby under the guise of an incompetant and gutless wonder we jokingly refer to as "ICANN".

    But there are ways around this. The easiest if is you static route the 13 root server IPs to your own nameserver. Then you can run an unmodified copt of the legacy root zone on your own nameserver and the US government root servers can be backhoed or DDOS'd and you wouldn't even notice. ISP's are starting to figure this out, especiallly ones with expensive longhaul connections.

    Or, you can modify your nameserver to declare youtself primary for the root zone (which you've dutifully downloaded) and edit out the declarations for "." in the legacy root zone.

    Or you can use the ORSC root zone. If it's good enough for two ICANN board members, it's good enough for you.

    Whatever you do, for God's sake dump bind and use DJBDNS. It really is so much better it's just not funny.

    --
    Need Mercedes parts ?
  17. But Export Laws will make it alright. by Linus+Sixpack · · Score: 3, Funny

    Yes but Export laws will keep any dns number above 2^2 from crossing the border.

    Its amazing how those forigners keep sneaking back into the US to develop their software then releasing it like it came from other countries!

    ls

  18. We're losing the DNS arms race!! by Mustang+Matt · · Score: 3, Funny

    Quick everyone in the US go setup 5 DNS servers!

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
  19. All your base ... by ongeboren · · Score: 3, Funny

    ... are resolved to us.

    --
    First I wanted to be a chef. Then I wanted to be Napoleon. My ambitions have continued to grow ever since.
  20. How could you forget? I think I know how... by rs79 · · Score: 5, Funny

    http://www.cbc.ca/mondayreport/videos/ontario.html

    --
    Need Mercedes parts ?
  21. It's nice to see an article by someone who knows by qtp · · Score: 4, Informative

    what they are talking about for a change.

    The recent flurry of articles giving the impression that VeriSign is somehow "in charge" of DNS has been rather irritating, when in fact, it is not difficult to configure your DNS server to ignore VeriSign operated root servers. (If you're using bind, dont include thier roots in your roots.cache zone file. I'm sure there's an equivalent trick for djbdns.)

    I wish all of those who are about to continue the current flood of "what difference does it make?" and "VeriSign controls DNS anyway." posts would kindly read this article and this one as well for a breif tutorial on DNS from that programmer who writes good shit but everyone says they hate him anyway, D. J. Bernstein.

    If you like the subject, maybe you should go out and buy a copy of DNS and BIND so you'll have something interesting to talk about at the coffee house this weekend.

    The truth is that DNS is a distributed system that is rather well designed to be redundant. The anycast implementation mentioned in the article is a good and needed way (it's the right way[tm]) to increase the redundancy that is already inherent in the system, making DNS much more secure and resistant to DDOS attacks and other attempts to disrupt DNS service. VeriSign showing off thier "secure" sites, and blowing thier own horn about how "important" they in particular are to the internet is a load of sh*t that should not be given a second thought unless you are in the habit of educating our lawmakers about related issues. Not an especially good habit, it will make you enemies (but only if you're right).

    --
    Read, L
  22. A testimonial by karl.auerbach · · Score: 3, Informative

    I've been using the ORSC root zone and its servers for several years. I have not noticed any outages or problems - oops, yes there was a problem once - it was when ICANN decided to create a .biz of its own even though there was one already running.

  23. Re:Dilemma by qtp · · Score: 3, Interesting

    I'm torn between the cushy redundancy offered by decentralization, and the cushy security of having most of the servers in a stable, well-protected country.

    Fuirst of all, Germany is what most knowlegable people would call a "stable, well protected country".

    Second, that in and of itself does not affect the security or reliability of DNS as it is designed very much, and has even less signifigance now that anycast is proven to be a reliable technique for increasing redundancy.

    D. J. Bernstein has provided some good introductory about the workings of DNS, including security.

    There's a chapter on DNS security from "DNS and BIND" available at the O'reilly website as well.

    The biggest dispute about DNS security (and internet security in general) is between those who prefer centralized, single point solutions, and those who prefer distributed, autonomous security measures. IMHO, centralized security creates weakness in most (all?) cases by creating a single point of failure, and is an approach that is most often motivated by the desire to exert control over internet usage in hopes of personal gain (re: VeriSign), and to establish an authority because of a misguided belief that there need be one.

    The internet's basic strength is due to it's lack of dependance on centralized authorities in order to work. Any proposals that change that basic assumption are either poorly thought out or suspect.

    --
    Read, L